Bruce Schneier attended the Joint Service Academy Cyber Security Summit at West Point and had an opportunity to listen to a keynote speak by NSA Director, ADM Mike Rogers where he discussed the four tenants of security he often thinks about:
What is the role of the US CyberCommand and the NSA in all of this? The CyberCommand has three missions related to the five strategic goals. They defend DoD networks. They create the cyber workforce. And, if directed, they defend national critical infrastructure.
At one point, Rogers said that he constantly reminds his people: “If it was designed by man, it can be defeated by man.” I hope he also tells this to the FBI when they talk about needing third-party access to encrypted communications.
All of this has to be underpinned by a cultural ethos that recognizes the importance of professionalism and compliance. Every person with a keyboard is both a potential asset and a threat. There needs to be well-defined processes and procedures within DoD, and a culture of following them.
What’s the threat dynamic, and what’s the nature of the world? The threat is going to increase; it’s going to get worse, not better; cyber is a great equalizer. Cyber doesn’t recognize physical geography. Four “prisms” to look at threat: criminals, nation states, hacktivists, groups wanting to do harm to the nation. This fourth group is increasing. Groups like ISIL are going to use the Internet to cause harm. Also embarrassment: releasing documents, shutting down services, and so on.
Schneier’s entire post – essentially his brief notes on the keynote – are a good read. It’s comforting to read that ADM Rogers is thinking deeply about cyber security. I did not get the sense the former NSA Director, General Keith Alexander, was as sensitive to NSA capabilities as ADM Rogers is perceived to be.