By Cheryl Pellerin
American Forces Press Service
WASHINGTON, March 12, 2014 – President Barack Obama’s
nominee to be director of the National Security Agency and commander of U.S.
Cyber Command said yesterday that legislation and transparency are critical to
the nation’s security in cyberspace.
Navy Vice Adm. Michael S. Rogers shared his views with the
Senate Armed Services Committee during his confirmation hearing. Now serving
commander of U.S. Fleet Cyber Command and U.S. 10th Fleet, Rogers also is
nominated to receive his fourth star and to be director of the Central Security
Service. If confirmed by the Senate, he would succeed Army Gen. Keith B.
Alexander, who is retiring.
“We face a growing array of cyber threats from foreign
intelligence services, terrorists, criminal groups and ‘hacktivists’ who are
increasing their capability to steal, manipulate or destroy information and
networks in a manner that risks compromising our personal and national
security,” Rogers said in his opening statement.
“They do so via a manmade environment that is constantly
evolving, and through the use of techniques and capabilities that are
continually changing,” he added. “This is hard work, and it requires change --
something seldom easy either for individuals or for organizations.”
If confirmed as Cybercom commander, Rogers said, his priority
will be to generate the capabilities and capacities the military needs to
operate in the dynamic environment of cyberspace, providing senior
decision-makers and fellow operational commanders with a full range of options
in that arena.
He will partner aggressively with U.S. allies and partners,
those in the private and academic sectors, the Defense Department, government
agencies and organizations, and Congress, the admiral said.
“I am also mindful that Cyber Command and NSA are two
different organizations, each having its own identity, authorities and
oversight mechanisms, while executing often related and linked mission sets,”
Rogers said. “Each has the potential to make the other stronger in executing
those missions, and I will work to ensure each is appropriately focused.”
The admiral said he would run the agencies in a manner that
protects the civil liberties and privacy of the nation’s citizens and ensures
strict adherence to policy, law and oversight mechanisms.
“I will be an active partner in implementing the changes
directed by the president with respect to aspects of the NSA mission,” he
added, “and my intent is to be as transparent as possible in doing so and in
the broader execution of my duties, if confirmed.”
He thanked the men and women of NSA and Cybercom for their
commitment to the nation’s security and their professionalism, and said he
looks forward to joining the team if he’s confirmed.
Rogers answered a range of questions from senators, but the
majority focused on a September 2013 news report of a hacker intrusion into
Navy computer systems, the need for cyber legislation, and Rogers’ solution for
Americans’ distrust of NSA prompted by Edward Snowden’s 2013 media leaks of NSA
collection practices.
On Sept. 29, the Wall Street Journal reported that hackers
possibly related to Iran broke into unclassified Navy computers before a
security upgrade had taken place, and that it was November before the Navy had
rid the network of the hackers. The report cited unnamed U.S. officials. Rogers
confirmed that a segment of the Navy’s global unclassified network was
compromised by an opponent who was able to gain access to the system.
“I generated an operational requirement not just to push
them out of the network,” he said, “but I wanted to use this opportunity to do
a much more foundational review of the entire network … to drive change within
my own service.”
The admiral said the damage was not significant because the
hackers did not opt to engage in destructive behaviors.
“My concern from the beginning was, ‘Well, what if they had
decided that was their intent?’” he told the Senate panel.
Rogers called it a “significant penetration,” and noted that
over the past few months, he had updated the committee’s staffers multiple
times on his comprehensive operational response “to put a much longer-term
effort in place.”
Other questions were related to the president’s launch in
February of a Cybersecurity Framework, a voluntary how-to guide for
organizations in the critical infrastructure community to enhance their
cybersecurity. Because it hasn’t been possible over the past few years to get a
cyber bill through Congress, the framework is seen as a way for industry and
government to try to strengthen the security and resiliency of critical
infrastructure through existing standards, best practices and guidelines that
would improve critical infrastructure cybersecurity.
In response to a question from the panel about the
effectiveness of the voluntary framework in protecting the nation from a
cyberattack, Rogers called it a step in the right direction.
“But I do believe that in the end, some form of legislation
that addresses both the requirement and need to share information, as well as
trying to address the issue of setting standards for critical infrastructure
for the nation, in the long run is probably the right answer,” he said.
Another question from the panel was on the necessity of a
provision in cyber legislation that gives commercial companies liability
protection from their customers when the companies share information about
cyber intruders with the government.
“I'm not a lawyer, but my sense is that it's a critical
element of any legislation,” Rogers said. “I believe to be successful, we
ultimately have to provide the corporate partners that we would share
information with some level of liability protection.”
The admiral added that he believes commercial firms would be
much less inclined to share information without such a provision.
As to the timing on getting such legislation in place,
Rogers said, “The sooner the better. It is only a matter of time, I believe,
before we start to see more destructive activity. That is, perhaps, the
greatest concern of all to me.”
The panel posed several questions about distrust by the
American people and the international community of the NSA after the media
leaks last year by Edward Snowden that disclosed NSA collection of telephone
metadata of U.S. citizens in the United States. Other panel members were
bothered by the number of Americans who consider Snowden a whistleblower rather
than a lawbreaker.
Rogers said he believes one of his challenges as NSA
director, if confirmed, is to determine how to engage the American people, and
by extension, their representatives, in a dialogue in which they have a level
of comfort as to what NSA is doing and why.
“That is no insignificant challenge for those of us with an
intelligence background, to be honest,” the admiral said. “But I believe that
one of the takeaways from the situation over the last few months has been, as a
senior intelligence leader, that I have to be capable of communicating in a way
that highlights what we are doing and why, to the greatest extent possible. I
think we can be a little more communicative about why we are doing this, what
led us to these kinds of decisions.”
Rogers said the dialogue should be much broader than the
National Security Agency, because the discussion is about more than the
intelligence aspect of security.
“In the end, this fundamentally boils down to an assessment
of risk, in terms of our security as a nation as well as our rights as
individuals,” he said. “We value both, and we have to come up with a way to
ensure that both sides of that risk coin are addressed.
“But we should never forget that there is a threat out there
that aims to do us harm,” Rogers continued, “that does not have the best
interests of this nation in mind, and wants to defeat what this nation
represents.”
Posts
No comments:
Post a Comment