SAN FRANCISCO—Admiral Michael S. Rogers, director of the National Security Agency (NSA), took the stage here today at RSA, where he took pains to stress the need for dialog and the role of the NSA as public servant.
RSA primarily attracts members of the security industry, but Rogers's presence was a touch awkward as the Admiral followed a lengthy debate from the creators of public key encryption and other security luminaries about (among other things) the value of protecting privacy against government surveillance. "Well, certainly an interesting panel to follow as the head of the NSA," Rogers quipped.
Rogers seemed to be seeking a new kind of dialog with the security industry. "The nation counts on [the NSA] to generate insights to help ensure its security and safety, and to do it in a way that addresses the rights and privacy of our citizens," he said.
The Consent of the Governed
Rogers painted a picture of a world with more and increasingly complex cyber attacks, but stressed that the NSA will not overstep its bounds. The challenge while moving forward, he said, is to ensure "we are about national security, but everything we do must comply with law and [be done] in the defense of our citizens."
This is "not the government deciding unilaterally what to do, or industry deciding what to do," he said. "Our citizens need to the be the one saying what they find acceptable and what they do not."
These comments are in stark contrast to statements made by the agency in the wake of leaks made by Edward Snowden, which revealed massive data interception operations and even some domestic spying. Back then, the emphasis by the administration and the NSA was that the operations were carried out legally, and were necessary for the defense of the nation. Previous narratives focused on authorization by the secret FISA court rather than consent of citizens.
Looking To the Future
But despite a conciliatory tone, Rogers made sure to inject an air of urgency about the threat landscape.
"If we can take anything away from OPM and from Anthem," he said, referring to major data breaches at the U.S. Office of Personnel Management and the health insurance company, "it's that data is an increasingly desirable commodity to steal."
That trend likely won't change any time soon, but data theft is just the beginning.
"What happens when that same activity is used to manipulate data, software, and products," he asked. "What do we do when we cannot trust the data that we're seeing?" He cited as examples individuals discovering that their bank accounts had been tampered with, or attackers spoofing data for airline traffic.
The attacks on the Ukrainian power grid two months ago should serve as a warning, he said.
"It is only a matter of when, not if, that you'll see a nation state actor attack the critical infrastructure of the United States. Seven weeks ago it was the Ukraine, and this is not the last we're going to see about this."
This article originally appeared on PCMag.com.