NSA Director Adm. Mike Rogers's Five Priorities For 2016
Whether you're in-house, at a firm or just a fan, cybersecurity is challenging lawyers at every step. It's no different at the government level. At the Atlantic Council, the director of the National Security Agency and the Commander of US Cyber Command, Admiral Mike Rogers, recently laid out five cybersecurity priorities for 2016.
US Cyber Command, a 6,200-person organization, is at the tipping point. Rogers says that the past several years were spent building capacity and capability that's all starting to come online.
1. Working on how to create a culture where "cyber hygiene" is every bit as foundational to you as an individual as the idea that if we gave you a weapon, you must make sure that it's secured. (A Wall Street Journal article noted that Rogers has floated the idea of "a court-martial for someone who clicks on a phishing email attack.")
2. Making it easier for the private sector to deal with the government on cybersecurity issues. Organizations may wonder: do we come to the FBI, because we think this is a legal issue; the Treasury, because we're in a sector that has a relationship with it; DHS, because it's also involved in the sector approach; or hire a private company? We have to sit down and have a much more specific dialogue, getting down to execution-level detail.
3. Defense remains our No. 1 priority: ensuring that our networks and systems within DOD are free from the presence of others. Cyber Command has three specific missions—defending our department's networks; being prepared, if directed, to respond outside of our department to incidents of significant cyber consequences within the private sector; generating a spectrum of capabilities from the defensive to offensive to ensure that our operational commanders and policymakers in our nation have a wide range of options to apply.
4. Building the power of partnerships, including international ones. No single nation, agency or entity has all of the answers or capacity to handle this. We are not going to do a "US-only approach" to address these challenges in cyber.
5. We need to move beyond a focus on the network structure, and get into systems and platforms, because they have as much vulnerability. That means working with the acquisitions world on how we buy systems, or create things from the ground up, in a way in which cybersecurity is a fundamental aspect of the design.
Here's Adm. Mike Rogers with Atlantic Council VP Barry Pavel.
By 2020, some estimate that here will be 50 billion devices connected to the Internet, says Center for Internet Security CEO and former DHS Deputy Secretary Jane Holl Lute (above). She thinks that number is low.
In her view, three critical questions associated with cybersecurity haven't been answered:
- How do we architect systems we can trust from components we can't?
- How do we ensure the integrity of our information and our identities in an open Internet?
- What will the role of government be?