Cheryl Pellerin at the DoD News offers the below piece:
WASHINGTON, March 2, 2015 - Navy Adm. Michael S. Rogers, commander of U.S.
Cyber Command, took questions here recently on many topics -- cyber defense and
offense, finding the Islamic State of Iraq and the Levant on the dark Web and
cyber deterrence -- during a New America Foundation cybersecurity
conference.
Rogers, who's also director of the National Security Agency, spoke with CNN
national security correspondent Jim Sciutto and took questions from the audience
and from Twitter and other social media outlets.
Rogers often says, as he did at this conference, that he believes in
appearing publicly and putting no restrictions on questions asked of him.
"You can ask me anything," he said, "because we have got to be willing as a
nation to have a dialogue" on cyber issues.
Cyberspace as a Domain of
War
On a question about whether the United States is positioned effectively to
address cyberspace as a domain of warfare, Rogers said the nation is in a better
position in many ways than most of its counterparts around the world.
"We've put a lot of thought into this as a department," he added. "U.S. Cyber
Command, for example, will celebrate our fifth anniversary this year. This is a
topic the department has been thinking about for some time."
But the admiral said he doesn't think Cybercom is where it should be yet in
preparation for fully engaging in cyberspace.
"Part of that is just my culture," he explained. "My culture as a military
guy always is about striving for the best, striving to achieve objectives. You
push yourself."
Defending the
Networks
From a defensive standpoint it's difficult to defend a network infrastructure
that has been built over decades, Rogers said, noting that most of it was
created at a time when there was no critical cyberthreat.
"We're trying to defend infrastructure in which redundancy, resiliency and
defensibility were never design characteristics," he said. "It was all about
'build me a network that connects me in the most efficient and effective way
with a host of people and lets me do my job.'" Rogers noted that concerns about
an adversary's ability to penetrate the network and manipulate or steal data was
not a primary factor at the time.
The department is working to change its network structure to incorporate core
security characteristics, the admiral said.
On the offensive side, Cybercom is "working its way," Rogers said, and doing
this within a broader structure that dovetails with the law of armed
conflict.
Cyber as an Offensive
Tool
"Remember," he said, "when you look at the application of cyber as an
offensive tool, it must fit within a broader legal framework -- the law of armed
conflict, international law, the norms we have come to take for granted in some
ways in the application of kinetic force."
Cybercom must do the same thing in the offensive world, the admiral said,
"and we're clearly not there yet."
Like many nations around the world, the United States has capabilities in
cyber.
"The key for us is to ensure that such capabilities are employed in a very
lawful, very formulated, very regimented manner," Rogers said.
Legal Framework for
Cyberspace
In January 2014, in Presidential Policy Directive 28, Rogers said President
Barack Obama laid out the framework he wanted used in the conduct of signals
intelligence.
Today, the admiral said, "all that remains applicable."
Another question from the audience referenced ISIL's use of the dark Web to
raise money through Bitcoin, a form of digital currency.
The questioner described the dark Web as "a bunch of anonymous computers -- a
bunch of anonymous users -- that are still able to find each other" using a
browser that protects users' anonymity, no matter what a user is doing
there.
Nature of the
Business
On collecting intelligence from the dark Web, Rogers said, "We spend a lot of
time looking for people who don't want to be found."
In some ways, he added, that is the nature of the business, particularly
involving terrorists or individuals engaged in espionage against the United
States or against its allies and friends.
Such activities, the admiral said, are a national concern.
"ISIL's ability to generate resources, to generate funding, is something that
we're paying attention to," Rogers said.
Focusing on ISIL
"It's something of concern to us," he noted, "because it talks about ISIL's
ability to sustain themselves over time [and] about their ability to empower the
activity we're watching on the ground in Iraq, in Syria, in Libya [and] in other
places."
Such activities also are of concern to a host of nations, the admiral said,
adding, "I won't get into the specifics of exactly what we're doing, other than
to say this is an area that we are focusing attention on."
When asked about deterring America's adversaries from carrying out
cyberattacks, Rogers said the concept of deterrence in the cyber domain is
relatively immature.
"This is still the early stages of cyber in many ways," he said, "so we're
going to have to work our way through this" by developing and accepting norms of
behavior in cyberspace that will underlie and support the notion of
deterrence.
