Gen. Paul Nakasone, Director of the NSA and U.S. Cyber Command, said the lessons of protecting the validity of the 2018 midterm elections have prepared the government’s cyber warriors to achieve their goal of “safe, secure and legitimate 2020 elections.”
Interviewed on Monday at the Association of the United States Army’s Thought Leaders webinar, Nakasone said 2018 was “a really remarkable year” because of the “well-trained and well-led” cyber forces combined with “the right authorities and policies” of the Trump Administration, along with the correct organizational framework to protect the ballot box.
Gen. Nakasone has led the NSA and U.S. Cyber Command since May 2018, and previously led Cyber Command for the Army, which on Thursday is inaugurating the new, $300 million Army Cyber Command at Fort Gordon, in Augusta, Ga., home to the Army Signal Corps, Army Cyber Corps and Cyber Center of Excellence, he said.
The interview was conducted by Gen. (Ret.) Carter Ham, the former Commanding General of the United States Army Europe and Seventh Army and second commander of United States Africa Command, and the relevant clips and transcription are recorded here.
In this in-depth and revealing interview, Gen. Nakasone explained the broader role of his forces against cyber threats, the directorate he improved since arriving two years ago and its impact in the past decade, and how it has come together to defend America’s ability to safeguard elections in 2020.
Last month, Gen. Nakasone met with newly appointed Director of National Intelligence and Signals Intelligence John Ratcliffe at the National Security Agency to discuss priorities of the NSA in securing digital space for the country and in the elections, in particular.
However, with the electronic-front secured, Gen. Nakasone did not address the threat of mail-in paper ballots to the voting process, but he went into depth about the role of cyber security and defending the internet in our public and private lives, as well as the responses and strategies against America’s adversaries.
“A former deputy director of the National Security Agency, Chris English, probably put it best, he said, ‘What is it about the internet?'”
“Well, it’s the place that we store our wealth and treasure. Think about the internet, how important it is to our nation, our economy, our military capabilities, our ability to socially communicate… the foundation of what we do.”
“At NSA there are two missions that we have, we have a foreign intelligence mission we pursue through signals intelligence.”
“The second piece is cybersecurity. My concern is, I took over as a director of NSA we had lost a part of that second element of cyber security, and so standing up this directorate was really the idea to be able to ensure that we’re able to get at this critical mission set.”
“What differentiates NSA within this space, because there are a number of different players that operate within our government, and they do it very, very well, whether or not it’s Cyber Security Infrastructure Security Agency that is the front door to our government and to the public sector. Whether or not it’s the FBI, that is so critical in being able to do cyber crime or Cyber Command that has both a responsibility for securing our DoD information network and bringing offensive capabilities.”
“What distinguishes NSA is two things. First of all, technical expertise, there’s no one better with regards to the technical expertise to operate within this domain than those at the National Security Agency.”
“Second is the rich, robust and penetrating intelligence that we get that tells us what our adversaries are doing, so bringing that all together, working within partnership within our government, I saw standing up this directorate as one of the critical things that I needed to do early on in my tenure.”
“Before we talk a little about cyber threats, let’s take a step back and just talk about cyber within the context of our National Defense Strategy, perhaps the most important document over the three decades that I’ve served in, as we take a look at great power competition, and I think the National Defense Strategy really characterizes this well.”
“We are in a period of great power competition, we see that every single day in cyber space, our adversaries are able to do a number of different things, and they are not just episodically involved. They’re involved every single day. What have we seen over the past 10 years? A movement from exploiting our classified systems to disrupting our communications to destructive attacks, now even influence operations that our adversaries have conducted in the 2016 elections.”
“It’s interesting as we look at that. That really is competition. And that’s why I think the National Defense Strategy is so important. So I take a look at all of those threats, everything from competition and where we need to be, but also the capabilities of our adversaries to be able to conduct destructive elements, and this is where we spend a significant part of our time, both at US Cyber Command and at the National Security Agency.”
“Twenty-eighteen was a really remarkable year because at that point, we had well-trained and well-led forces and US Cyber Command and NSA come together with the right authorities and policies, and also matched with this idea of having an organizational construct.”
“Many of you know I set up the Russia Small Group shortly after taking over at NSA and Cyber Command to bring together the best elements of both Cyber Command and NSA to make sure that 2018 was a much different election, and it was.”
“And so what do we learn from 2018? That agility, speed and unity effort matter.”
“The fact that you have to be able to work with your partners. Our partners were a whole of government effort, it wasn’t just Cyber Command and NSA, it was FBI and the Foreign Intelligence Task Force, or DHS and the Cyber Security and Infrastructure Security Agency — bringing those elements together, critical for what we could do.”
“And then the last part? It was about outcomes, it was about outcomes over a period of time.”
“And so how does that inform me for 2020? Our number one goal, our number one objective at the National Security Agency and US Cyber Command, a safe, secure and legitimate 2020 elections.”
“How are we gonna do that? First of all, we’re gonna generate insights about our adversaries. much like 2018, we’re going to know our adversaries better than they know themselves.”
“Second piece, we’re gonna broaden that partnership, we’re gonna make partnership, not only within our inner agency, but also how do we expand it with partners that are doing things that are incredibly important to us.”
“Many of you know that in academia, we have a number of great institutions that are doing work to take a look at the role of social media and influence operations whether or not you go to Clemson University or Stanford University or other universities, you have tremendous work ongoing, you wanna make sure that we partner with them.”
“The last thing that we’re going to do? We’re gonna act, we’re gonna act when we see adversaries attempting to interfere in our elections.”
“If I might take a step backward, let’s talk a little bit about persistent engagement, persistent engagement really is two factors.”
“One, how do you enable partners whether or not it’s sharing of information, sharing of intelligence, working closely with government or private sector.”
“And the second part is acting, how do you act in a way that’s able to impose cost on your adversary, whether or not that’s through hunt forward teams, whether or not it’s through a number of different operations, the whole idea is a fairly simple concept, but it gets at this idea that cyber is competition much in the same way I talk at the beginning:”
“Our adversaries everyday are not waiting to steal our intellectual property, steal our personal and information or try to interfere in our democratic processes, that’s what our adversaries are doing.”
“My belief is we have to have a persistent engagement approach, the ability to both enable and to act, and so this is what we showed in 2018, this is what we’re doing today, this is what we work very, very closely throughout the department, because at the end of the day this is in support of the National Defense Strategy and support of our DoD cybersecurity strategy, this idea being able to defend forward.”
“So I would say for all of our adversaries in the two plus three, whether or not it’s Russia or China or North Korea, Iran, what we’re seeing are really a couple of things that are foundational to the development over the past couple of years.”
“First of all, horizon capacity: our adversaries know that this is a means upon which that they can attempt to have an impact on us, and so we’ve seen the growth in terms of programs across all those major adversaries. Secondly, we’ve also seen a rise in capability, and so much in the same way, we become a much more capable force, so are our adversaries.”
“And so I would tell you where they’re not, it’s China or it’s Iran, or it’s North Korea, this is why it’s so important that we are in a daily competition with what we need to do, and I would say that the advantages that we have are often not talked about, but think of the advantages.”
“First of all, a series of partnerships with a number of different allies that our adversaries can never match.”
“Secondly, we have a force within the Department of Defense for over two decades is really battle tested, and that leadership aspect has been very, very influential and being able for us to build a very, very capable cyber force.”
“And the third piece really comes back down to our people, we have world class people, there is no nation on Earth that has the universities, that has the innovation of spirit, that has the capability to develop the talent that we have today.”
“Ten years ago, we stood up U.S. Cyber Command, but I would also say, before I talk broadly about U.S. Cyber Command, let me come back to our Army and Army Cyber, because it’s coming up on its 10 year anniversary, as well.”
“On Thursday, Lieutenant General Steve Fogerty is going to unfurl the colors of US Army Cyber Command, at Fort Gordon, in a brand new facility, a $300 million facility built right next to NSA Georgia… Incredible what our Army has done in terms of the investment and the importance that they place on cyber… Think about this, in 2013, General (Raymond T.) Odierno, then the Chief of Staff of the Army, decided that we needed a cyber center of excellence, a school.”
“One year later, he took the bold step of creating the Army’s newest branch, and so for over six years, we as an Army have been able to develop that force, a school that trains our best, a branch upon which young people can come in and say, ‘Hey, one day I wanna be a sergeant major within the Cyber Force of our Army, or one day I wanna be the Commander of US Army Cyber Command.'”
“This is what we’ve been able to do as an Army in terms of Cyber Command, much has changed since 10 years ago, and we stood up the command, we went from a sub-unified to two years ago, becoming a unified combatant command.”
“With that, what have we learned?”
“First of all, we learned the idea that we can’t be episodic when facing the adversaries of our nation, in 2018 to ISIS, we have to have to be persistently engaged with our adversaries.”
“Secondly, we’ve learned that we don’t operate alone — we operate with a series of partners, whether or not that’s broader partners in the department, its combatant commands, whether or not that’s interagency partners, like DHS and FBI, or whether or not that’s international partners or academic partners, partnership is alive and well in the cyber domain, and something that we’ve captured.”
“The final thing that we’ve learned: after everything, and after every single tally has been made, the most important thing that we have is our people, it’s our talent. It’s what we have to do to be able to grow the next generation of leaders. We’ve been able to produce tremendous technology throughout our nation’s history, but what really gives us the advantage, is to be able to recruit, to be able to train and as I mentioned, to be able to retain that group of leaders in that group of folks that manage our force, and that has been really what we’ve learned, General.”
Nakasone said the NSA hired 2,000 people last year to improve its depth and abilities and mentioned DreamPort, the cyber innovation, collaboration, and prototyping facility located in Columbia, MD, created by the U.S. Cyber Command and the Maryland Innovation and Security Institute in May 2018. DreamPort enables collaboration between federal and private sector cybersecurity experts to develop tools that could be useful to federal cyber warriors, in an unclassified way.
He also mentioned 5G technology as an area where the government strongly favors domestic technology as the alternative to allowing foreign manufacturers to have such an important role in vital infrastructure.
“Two final thoughts I would offer. The number one mission at US Cyber Command, the National Security Agency, as I mentioned: a safe, secure and legitimate 2020 presidential elections.”
“How are we gonna do that? We’re going to understand our advisaries better than they understand themselves. Much of the same in 2018, we’re gonna work with a series of partners.”
“And thirdly, when we see our adversaries attempting to interfere in our democratic processes, we will act.”
“And then I think most importantly, coming back to the final message I’d like to leave with folks: again, it’s our people. It’s our talent. That’s what makes us different.”
“If you’re interested in solving hard problems, if you have an affinity for math or science or the legal aspects or policy or analysis… If you want to be part of a broader team, come join us military, civilian, Cyber Command or NSA, it matters not. I cannot imagine a more exciting place to be than being able to defend our nation or secure the future.”