NSA asks Silicon Valley to help fight cybercrime, terrorism

NSA Director Rogers says government can’t do it alone

SAN FRANCISCO -- The NSA is too big and slow to effectively fight ingenious cyber attacks without the help of Silicon Valley tech expertise, so it’s time to patch up relations between the two, the head of the NSA told a gathering of tens of thousands at RSA Conference 2016.

Attacks like the one that took down the Ukraine power grid last year can happen here – it’s just a matter of time, says Adm. Mike Rogers, director of the NSA.

Before that happens, NSA and private security experts need to come together, plan responses and practice them.

Rogers calls for the NSA and Silicon Valley to change what they’re saying to each other in order to come up with answers that best serve the country and figure out “what to do when we get penetrated,” which is just a matter of time. “We spend a lot of time right now talking about what we can’t do.”

Rogers was on a fence-mending mission after stolen data released by Edward Snowden showed that the NSA carried out bulk surveillance of U.S. telecommunications, which alienated many in the tech industry.

During his keynote address Rogers repeatedly said both sides have to overcome that rift. “I believe in what you bring to the fight,” Rogers says. “We are not going to solve this in the government.”

+ NOT AT THE SHOW? See all the news as it happens +

The sheer size of the NSA hurts its ability to come up with answers to cyber threats quickly, but Silicon Valley companies have the agility and skills to help. “Bureaucracy and innovation don’t go well together,” he says.

Rogers says he thinks both sides need to find a balance between privacy and the intelligence the NSA needs to gather. “Everything we do must comply with the law,” he says. “What we do is for the citizens and we need to be responsible to the citizens. … We need to set an acceptable level of risk. It’s time for us to all stop talking past each other.”

In order to persuade the audience, Rogers outlined the responsibilities of the NSA to defend Department of Defense networks, staff the agency with enough skilled personnel to carry out offensive and defensive cyber activity and defend critical U.S. infrastructure such as power and water delivery systems, financial systems and aviation.

He says he is fast-tracking a program to get a 6,200 person cyber-mission force fully operational by September 2018, but have parts of it up and running by September of this year. “We can’t wait for it to be perfect anymore.”

He outlined his three big concerns for the next three years:

  • Attacks on U.S. critical infrastructure like the attack late last year against the power grid in Ukraine. The attack was sophisticated and meant to take down the grid, but the attackers were also observing how the power staff responded and tried to slow down restoration of services.
  • Use of data theft to alter critical data so, for example, account information stored by banks is inaccurate. It could be used against the military, too, to corrupt intelligence used to make strategic decisions.
  • Use of social media and other cyber tools by criminals to provoke destructive behavior, similar to how nation-states use it to recruit membership to extremist groups.

Join the CSO newsletter!

Error: Please check your email address.

Tags rsa

More about NSARSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts