The National Security Agency tried to drum up support from the security industry for its plans to continue its cybersecurity operations.
The NSA has two key missions: foreign intelligence-gathering and information assurance. One mission helps the other, as intelligence gathered by one side can be used by the other team to improve how government networks and private sector networks are protected. The NSA will pull together its offensive and defensive capabilities as part of the NSA21, or NSA in the 21st century, plan, said Michael Rogers, commander of the United States Cyber Command and director of the NSA, at the RSA Conference on Tuesday.
The NSA needs to figure out how to fulfill its twin missions, but there are some core tenets which can't be ignored, he said. They include accepting that there is no one single answer to solve the problems plaguing information security, and accepting that technology alone can't fix everything. It's important to not forget about the human factor.
"The nation counts on us to protect its security and safety, and we have to do it in a way that protects the privacy and rights of our citizens," Rogers said.
NSA wants to unify security offenses and defenses
The NSA21 reorganization plan goes counter to recommendations made by a presidential panel in December 2013 that the NSA should concentrate on foreign intelligence-gathering operations. Under the plan, publicly disclosed in early February, the NSA's spying and cyberdefense directorates would merge into a unified team responsible for both espionage and defending computer networks.
The presidential panel had recommended creating a separate agency within the Department of Defense to responsible for securing government networks and assisting the private sector with securing corporate networks.
Rogers downplayed industry concerns over the potential conflict of interest between NSA's offensive and defensive arms. Instead, he urged security professionals and technology companies to partner with the government to face the threats. "We are not going to solve this within the government and the Department of Defense specifically," he said. "If you're interested in participating in some of those exercises, we're interested in speaking with you."
NSA sees looming security nightmares
Adversaries are getting more aggressive, and it's only a "matter of when, not if," a foreign nation tries to attack United States critical infrastructure, Rogers said. he cited the December attack on the Ukranian power grid as an example of the kind of attack to expect against the U.S.'s critical infrastructure.
In fact, Rogers suggested the Ukrainian attack was partly a trial run for attacks in the U.S. and elsewhere, not meant to only disrupt Ukraine as part of the proxy war being raised by Russia in that country. He said they were interested in how the provider responded to the outage and were looking at how they could slow down the provier's recovery efforts. "This is not the last time we will see this, ant that concerns me," he said.
Sign up for CIO Asia eNewsletters.