By Cheryl Pellerin
DoD News, Defense Media Activity
WASHINGTON, March 2, 2015 – Navy Adm. Michael S. Rogers,
commander of U.S. Cyber Command, took questions here recently on many topics --
cyber defense and offense, finding the Islamic State of Iraq and the Levant on
the dark Web and cyber deterrence -- during a New America Foundation
cybersecurity conference.
Rogers, who’s also director of the National Security Agency,
spoke with CNN national security correspondent Jim Sciutto and took questions
from the audience and from Twitter and other social media outlets.
Rogers often says, as he did at this conference, that he
believes in appearing publicly and putting no restrictions on questions asked
of him.
“You can ask me anything,” he said, “because we have got to
be willing as a nation to have a dialogue” on cyber issues.
Cyberspace as a Domain of War
On a question about whether the United States is positioned
effectively to address cyberspace as a domain of warfare, Rogers said the nation
is in a better position in many ways than most of its counterparts around the
world.
“We've put a lot of thought into this as a department,” he
added. “U.S. Cyber Command, for example, will celebrate our fifth anniversary
this year. This is a topic the department has been thinking about for some
time.”
But the admiral said he doesn’t think Cybercom is where it
should be yet in preparation for fully engaging in cyberspace.
“Part of that is just my culture,” he explained. “My culture
as a military guy always is about striving for the best, striving to achieve
objectives. You push yourself.”
Defending the Networks
From a defensive standpoint it’s difficult to defend a
network infrastructure that has been built over decades, Rogers said, noting
that most of it was created at a time when there was no critical cyberthreat.
“We're trying to defend infrastructure in which redundancy,
resiliency and defensibility were never design characteristics,” he said. “It
was all about ‘build me a network that connects me in the most efficient and
effective way with a host of people and lets me do my job.’” Rogers noted that
concerns about an adversary’s ability to penetrate the network and manipulate
or steal data was not a primary factor at the time.
The department is working to change its network structure to
incorporate core security characteristics, the admiral said.
On the offensive side, Cybercom is “working its way,” Rogers
said, and doing this within a broader structure that dovetails with the law of
armed conflict.
Cyber as an Offensive Tool
“Remember,” he said, “when you look at the application of
cyber as an offensive tool, it must fit within a broader legal framework -- the
law of armed conflict, international law, the norms we have come to take for
granted in some ways in the application of kinetic force.”
Cybercom must do the same thing in the offensive world, the
admiral said, “and we're clearly not there yet.”
Like many nations around the world, the United States has
capabilities in cyber.
“The key for us is to ensure that such capabilities are
employed in a very lawful, very formulated, very regimented manner,” Rogers
said.
Legal Framework for Cyberspace
In January 2014, in Presidential Policy Directive 28, Rogers
said President Barack Obama laid out the framework he wanted used in the
conduct of signals intelligence.
Today, the admiral said, “all that remains applicable.”
Another question from the audience referenced ISIL’s use of
the dark Web to raise money through Bitcoin, a form of digital currency.
The questioner described the dark Web as “a bunch of
anonymous computers -- a bunch of anonymous users -- that are still able to
find each other” using a browser that protects users’ anonymity, no matter what
a user is doing there.
Nature of the Business
On collecting intelligence from the dark Web, Rogers said,
“We spend a lot of time looking for people who don't want to be found.”
In some ways, he added, that is the nature of the business,
particularly involving terrorists or individuals engaged in espionage against
the United States or against its allies and friends.
Such activities, the admiral said, are a national concern.
“ISIL's ability to generate resources, to generate funding,
is something that we're paying attention to,” Rogers said.
Focusing on ISIL
“It's something of concern to us,” he noted, “because it
talks about ISIL’s ability to sustain themselves over time [and] about their
ability to empower the activity we're watching on the ground in Iraq, in Syria,
in Libya [and] in other places.”
Such activities also are of concern to a host of nations,
the admiral said, adding, “I won't get into the specifics of exactly what we're
doing, other than to say this is an area that we are focusing attention on.”
When asked about deterring America’s adversaries from
carrying out cyberattacks, Rogers said the concept of deterrence in the cyber
domain is relatively immature.
“This is still the early stages of cyber in many ways,” he
said, “so we're going to have to work our way through this” by developing and
accepting norms of behavior in cyberspace that will underlie and support the
notion of deterrence.