Government

Ex-NSA chief welcomes more U.S. offensive operations in cyberspace

The U.S. says the gloves are off, and former NSA director Rogers is pleased.

November 27, 2018

Former NSA Director Michael Rogers speaks Nov. 27, 2018, at the Center for Strategic and International Studies in Washington, D.C. (CSIS)

Former National Security Agency director Michael Rogers has welcomed the Trump administration’s willingness to use cyber-operations to deter foreign adversaries, adding that the United States’ previous reluctance to do so was counterproductive.

“My argument when I was [in government was]: “We want to keep the full range of options and capabilities available,” Rogers said Tuesday at the Center for Strategic and International Studies.

“One of the things that frustrated me at times was: Why are we taking one element just straight off the table?” said Rogers, who left the administration in May for the private sector.

“I just thought, boy, if you’re in Moscow or Beijing, you are loving this approach to life because it doesn’t really change your risk calculus,” Rogers added. While NSA director from 2014 to 2018, he also led U.S. Cyber Command.

Presidential Policy Directive 20, which then-President Barack Obama signed in 2012, had installed an intricate inter-agency legal and policy process for approving cyberattacks. Critics of PPD-20 said it unnecessarily delayed offensive operations, while advocates said it accounted for all of the potential repercussions of a cyberattack.

As part of a more combative approach to cyberspace, President Donald Trump rescinded the document in August. A “very different” policy framework is now in place, which includes the necessary interagency coordination but allows operations to be “conducted in a timely fashion,” White House national security adviser John Bolton said in September.

Asked at CSIS about the current U.S. approach to cyberspace, Rogers said, “I think we’re going in the right direction.”

During Rogers’ tenure at Cyber Command, the command forged a partnership with the U.S. financial sector through an information-sharing program known as Project Indigo. U.S. banks shared cyberthreat data with the command, keeping the government informed of nation-state hacking aimed at the sector.

Nonetheless, Rogers said that public-private coordination to boost digital defenses has been a challenge. “I still think one of the big pieces missing in this is how do we bring the government and the private sector together,” the retired admiral said.

Last month, Rogers joined the advisory board of venture capital firm Team8, which was founded by former senior Israeli intelligence officials. Ex-NSA officials criticized Rogers for lending his expertise to a firm closely associated with a foreign government.