As part of the Upfront Summit, former National Security Agency director and head of the Cyber Command, Michael Rogers, recently shared his thoughts on the state of cyberwarfare, the nation’s approach to cybersecurity and the relationship between people and technology
When asked about the current state of nation activity in cyberspace, Rogers spoke of the various ways nations use digital attacks as an offensive tool. He said he has never seen any nation besides North Korea use cyberattacks to go after money. Iran uses cyberattacks as a low-risk way to change behavior of their adversaries. Russia, on the other hand, uses cyberattacks as a means to control the dynamic between cyber and information, while China uses this method for technological developments toward an economic advantage.
To explain the variety of cyberattacks, Rogers referred to the human element of cyberwarfare.
While these nations hold a view that cyberattacks are low risk, Rogers said the U.S. does not share this mentality. He said he believes the U.S. needs to focus on offensive cyber development rather than respond to adversaries.
“My military career taught me, good or bad, you try to shape your opponent’s behaviors to drive them to make choices that benefit you, not them,” said Rogers, a retired Navy admiral. “So my attitude was while we do this in so many other areas, why can’t we do that in cyber?”
Rogers and his team came up with the idea of persistent engagement, an offensive strategy to fight the daily actions of adversaries with a goal of establishing a stronger U.S. presence in cyberspace.
“We have got to show these guys that we have the capability and the will to contest them in every domain,” he said.
Rogers also discussed the relationship between the public and the private sectors. He said the spread of cybersecurity responsibilities across such a complex network of organizations and structures in the U.S. makes collaboration difficult.
Government and industry should come together after an attack and find ways to prevent future incidents, he said. Doing so will benefit both sectors and improve cybersecurity for the U.S. overall.
“I want to be in a situation where the pain of the one leads to the benefit of the many,” Rogers said. “So if one company, one entity is dealing with the problem, we use that as a way to improve a broader set of actors.”
Rogers also talked about the relationship between government and citizens and the importance of trust in making important cyber decisions. He stressed the importance of transparency and discussion, and how further connecting human values with cyber technology would prevent a disconnect between citizens’ beliefs and government action.
“You want to do intelligence in a democratic structure in the digital age, then you better start from a premise that says you need to be open kimono to a much greater degree than historically we have been,” he said.