Rogers: National Security Agency Becoming ‘FEMA of the Cyber World’ (UPDATED)
Following major cybersecurity breaches nationwide, the National Security Agency is increasingly being called upon to advise both government offices and the private sector, said the head of the United States’ spy agency.
“Over the course of the last decade or so, increasingly NSA in its information assurance mission is being called upon to provide defensive insight as to how you stop penetrations — and once a network is penetrated — how do you drive the opponent out and then how do you configure structures so they can’t get back in,” said Adm. Mike Rogers, commander of U.S. Cyber Command and director of the National Security Agency.
Rogers said he often jokes with colleagues that, “we find ourselves becoming the FEMA of the cyber world.”
During the infamous Sony hack — in which the motion picture company suffered a major data breach in 2014, allegedly at the hands of North Korea — NSA was called in to help, he said July 14 during remarks at the National Press Club in Washington, D.C.
“If you had told me as a military leader, as the director of the NSA, that I was going to be involved in supporting a motion picture company in responding to how it was going to deal with a significant penetration I’ll be honest and tell you ‘Boy, I don’t think that’s going to come up during my time as the director.’ I failed to anticipate that one miserably,” he said.
The NSA also was part of a team that provided expertise following the Office of Personnel Management breach in 2015, Rogers said. During that incident, millions of government employee’s personal data was compromised.
Within Cyber Command, officials are working to increase its capacity and capability, Rogers said. Working alongside the Defense Department, the command is generating a "cyber mission force."
“It’s a force of dedicated, focused, trained and organized cyber professionals” designed to provide the department with high-end cyber warriors, he said.
The total force will include 6,200 individuals and the command has so far met half of that number, he said. Full operational capability is slated for late September 2018. Initial operating capability is scheduled for Sept. 30.
“That’s only three months away so I’m focused right now on making sure … that we meet that timeline,” he said. “I’m comfortable that we’re going to meet those milestones.”
When full operational capability is reached, there will be 133 specialized teams, including defensive and offensive, he said.
Demand for these types of cyber warriors is high and exceeds capacity, he noted. “We’re not even waiting until a team is fully constructed,” he said. “As soon as we get a cadre we are putting teams on targets.”
“Think about what that means,” he said. “In DoD we don’t take a fighter squadron and say, ‘Well, you’ve got five of your 24 aircraft. We’re sending you to Afghanistan.’ We don’t say, ‘Hey, we’ve got a brand new carrier coming out of the yards. You’ve done your builders acceptance trials, but you haven’t done your workups. We are forward deploying you to the Persian Gulf.’ The reality is because of the dynamics of cyber, we need to apply capacity as soon as we’re generating it.”
Meanwhile, Rogers said that U.S. Cyber Command is working alongside the rest of the military to help destroy the Islamic State. “We are doing offensive actions right now against ISIL in cyber in the fight in Syria and Iraq,” he said.
He declined to go into any further details.
Correction: A previous version of this article misstated the number of individuals currently within the cyber mission force.