Written by Jeff Stone
Well, that was weird.
When Gen. Paul Nakasone appeared Tuesday at the International Conference on Cybersecurity at Fordham University he probably expected to be met with questions about the new reorganization at the National Security Agency, or about the U.S. government’s ability to safeguard what’s expected to be one of the most contentious elections in recent memory amid historic levels of foreign meddling.
It was not to be.
Nakasone spent roughly an hour politely engaging Ted Koppel, the longtime broadcast journalist and author of a 2015 book on cybersecurity, in a bizarre conversation that alternated between Koppel questioning the decorated NSA director about the agency’s basic responsibilities, and whether he struggled with fake news from “tens of thousands” of “self-appointed journalists.”
The fireside chat between Koppel and Nakasone was perhaps the most widely anticipated presentation scheduled at ICCS, a regular gathering of some of the most powerful officials from the U.S. intelligence community. Koppel set the tone for the hour-long discussion with a seven-minute story about a World War II bombing campaign carried out by the German Luftwaffe that resulted in the deaths of hundreds of civilians. The bombing campaign, by Koppel’s description, resulted in an eventual understanding between the United States and the Soviet Union that similar attacks, carried out with nuclear weapons, could result in mutually assured destruction.
“I would say both the United States and the Soviet Union floundered in creating that strategy. We did silly things like teaching our children to duck under their desks in their schools, or creating bomb shelters, some of them still exist today, stocked with crackers and water,” Koppel said. “We developed plans to evacuate massive cities. All totally pointless.”
Ultimately, the former host of “Nightline” used the historical context to posit to Nakasone about the cyberwarfare strategy the U.S. has developed to avoid a similar scenario.
“Let me set context,” Nakasone said. “I think it’s important to set context for what we’re discussing today.”
The director went on to explain the NSA’s role in helping defend the U.S against what happens in cyberspace. U.S. Cyber Command, which Nakasone also leads, works in an offensive capacity, launching such attacks like the one against Russia’s troll factory on the day of the 2018 midterm elections to prevent interference.
The NSA is charged with gathering foreign and domestic intelligence for U.S. national security purposes, and the agency specializes in signals collection. Cyber Command, under the U.S. Department of Defense, is assigned to carry out defensive and offensive cyber operations. Much of the audience at ICCS, made up of current and former U.S. intelligence and law enforcement personnel, already understood the distinction, and waited for a conversation with Nakasone, a relatively inaccessible figure, to illuminate how the responsibilities at each organization has evolved at a moment when geopolitics seem particularly fraught.
Instead, Koppel used his time to ask Nakasone a series of questions that could have been answered with some thoughtful research:
Koppel: NSA, in theory, could act to prevent a cyberattack against American infrastructure. Is that correct?
Nakasone: [It’s] a little bit different in terms of…when you prevent an attack, is that to ensure redundancy and resiliency if a department requests our assistance? That has worked and we’ll go ahead and assist them. If you’re looking for something in terms of creating offensive options, that would be something that Cyber Command would do. That’s in the authorities I have from the president and down from the Secretary of Defense down to myself.
Koppel: So, again. I’m not quite clear on what they’re sending you in return. Explain the process, perhaps, by which another government agency comes to NSA or Cyber Command and says, ‘We think there are possible attacks on our banking systems’ or ‘We think that have been attacks on our power grid,’ what are you empowered to do?
Nakasone responded by pointing to the NSA and Cyber Command’s responsibilities as described by U.S. law and unclassified strategy reports. Later, Koppel sought answers about whether the NSA would be able to identify who was responsible in the event of a cyberattack, whether it originated in Uruguay or perhaps New York City, and which government agencies were the strongest and weakest in terms of cybersecurity. Nakasone deftly answered all of them without providing new information.
By the end of the conversation, the discussion had almost nothing to do with Nakasone’s responsibilities, or with urgent national security issues:
Koppel: Let me toss a risky question at you here. What do you think the media could be doing in terms of helping inform the American public ….[about] the security of the United States in this area of cybersecurity? Go for it.
Nakasone: Interesting that I’m advising the media now, Ted. One of the things that I’ve found most useful is the media interaction I’ve had where the journalists have come and talk to us to really understand what our mission and authorities are[.]
Koppel: We live in a media environment today in which there truly is so much nonsense going around that I would argue it creates a national security dilemma. I’m not quite sure how you deal with it but I’d be interested in your thoughts.
Nakasone: How we deal with that?
Koppel: Yes. How do we?
Nakasone: Uh. So, I think we deal with it by continuing to engage with our journalists…That’s one of the things that I think has changed with NSA over the past five years.
Koppel: No question. There was a time, as you know, when NSA stood for “No Such Agency.” There was absolutely no interaction with the media and you’ve come a long way since those days. I’m talking about the thousands of individual self-appointed journalists on the internet who are putting out a lot of nonsense and it creates, ultimately, a political problem but also a security problem. So I’m not talking about the New York Times or the Wall Street Journal or any number of regular news organizations. I’m talking about the literally tens of thousands of people who are putting out misinformation on the internet. Is there any way in which, I don’t want to say how you deal with it, but how do you encompass that in your strategy?
Nakasone: I think, you know, let me come back to my responsibility. I have the responsibility both as a commander and the director of an agency to be up front, to be transparent, and to answer the questions from my overseers and from the media to the best of my ability. I think the American public expects that out of leaders in our government, and I think that’s what I have to focus on.
We know Nakasone is big proponent of “persistent engagement,” as CyberScoop has reported, but it’s not clear if Koppel’s inane questions were ever in his threat model.