With the nation’s attention focused on issues of cybersecurity and privacy, Gen. Keith Alexander, commander of U.S. Cyber Command and director of National Security Agency, joined John Brennan, FCRH ’77, director of the Central Intelligence Agency, and Robert Mueller, director of the Federal Bureau of Investigation, to publicly discuss the topic for the first time together. Joseph M. McShane, S.J., president of Fordham, moderated the Aug. 8 discussion at Fordham’s Lincoln Center Campus.
The panel represented the apex of this year’s International Conference on Cyber Security (ICCS) hosted by Fordham and the FBI, a four-day conference that drew 500 participants from 35 countries. The directors touched upon several of the same themes and technical concerns shared by experts throughout the week. Primary among those concerns was the increase in networks being compromised by hostile hackers, which Alexander called “one of the biggest threats facing this country.”
Even as federal agencies attempt to identify and prevent cyberattacks, they too are under threat from within. The general stated that, in light of recent leaks, the NSA plans to shed 90 percent of system administrator positions as it shifts to secure cloud technology.
Alexander said that in patching together the NSA’s network of 15,000 enclaves, system administrators were responsible for transferring data, securing networks, and “doing things that machines are probably better at doing.”
He said the intelligence community and defense department are moving toward a “thin virtual cloud structure” which would reduce the number of system administrators and allow networks to patch into other networks at a higher speed.
“At the end of the day, it’s all about trust,” he said. “People who have access to data as part of their mission, if they misuse that data, they can cause huge damage.”
As recent events regarding surveillance of Americans’ phone records has thrust the NSA’s investigative methods into the national spotlight, the issue of trust has come full circle. The general, however, said the agency is doing everything according to the letter of the law.
“Yes, people make mistakes; there’ll be compliance issues,” he said. “But no one has willfully or knowingly disobeyed the law or tried to invade your civil liberties or privacy.”
Brennan said that many laws, as they stand now, relate better to the physical world than to the cyber world. As more human transactions have migrated to the cyber realm, technology development has outpaced the rules, he said.
“It’s a new domain and the CIA has had to change, but the government framework hasn’t kept pace,” he said.
Using FBI parlance, Brennan said that in the physical realm of yesteryear an agent would have had to take a transcontinental flight in order to investigate or “bump” a suspect. But today the same can be done on the Internet.
“You can now surveil a terrorist by logging onto the Web,” he said. “This is where intelligence agencies have to take into account things that didn’t exist 30 years ago.”
He said the nation needed to take a fresh look at the role of government in the cyber arena, which he noted is 85 percent owned by private industry. The new paradigm demands protection of cyber infrastructure at a time when the government’s role hasn’t been clearly defined.
He added that if the CIA’s mandate is to identify threats to our national interests worldwide, then cooperation among industry, academia, and the government is needed to help redefine the legal structure, address systems engineering, and protect a “major lifeline to this country.”
Mueller said that, since 9/11, the FBI’s mandate has been focused on preventing future attacks, and that same mandate applies to the cyber arena. The FBI sees an “absolute necessity” to focus on the individual criminals and to use traditional law enforcement capabilities to identify them. But, unlike preventing physical attacks, preventing cyber attacks requires intense collaboration with the private sector.
In the event of an attack Mueller said that cyber experts from the NSA, intelligence from the CIA, and investigative resources from the FBI must be coordinated in an appropriate response in real time. One such joint effort is the National Cyber Investigative Joint Task Force, which operates under the FBI.
Coordinating with the private sector is still in the early stages, but Mueller twice cited the National Cyber-Forensics & Training Alliance, a wholly private entity out of Pittsburgh, Penn., that brings together industry, law enforcement, and academia.
“We believe that in the future a cyber threat will equal or even eclipse a terrorist threat, and the two may well be combined,” he said. “Just as partnerships have enabled us to address the terrorist threat, partnerships will enable us to address the cyber threat. … In this case the private sector is the essential partner.”
For more ICCS news coverage, visit www.iccs.fordham.edu.