Cybercrime , Governance & Risk Management , Incident & Breach Response
NSA Nominee Faces Armed Services, Intelligence Hearings
Senators Question Lt. Gen. Nakasone on Russian Disinformation, Cyber DefensePresident Donald Trump's nominee to head the National Security Agency is set to appear Thursday before the Senate Intelligence Committee, as part of his nomination approval process.
See Also: Gartner Market Guide for DFIR Retainer Services
Lt. Gen. Paul Nakasone, 54, has been nominated to replace Adm. Mike Rogers, the current director of the NSA and commander of the U.S. military's cyberwarfare unit, U.S. Cyber Command. Like Rogers, Nakasone would serve in both positions.
Nakasone currently serves as commander of U.S. Army Cyber Command, which supports U.S. Cyber Command. He previously commanded the Cyber National Mission Force at U.S. Cyber Command and also served as a staff officer for Gen. Keith Alexander, the first head of Cyber Command. Alexander headed the NSA from 2005 to 2014.
For the first time, the position of NSA director, who oversees a workforce of 36,000, must be approved not only by the Senate's Armed Services Committee but also the Senate Intelligence Committee. After that, the full Senate would vote on Nakasone's nomination, which is expected to succeed.
Nakasone appears to be a technically fluent and widely respected commander. "He understands military cyberspace operations better than almost anyone in the United States," Jonathan Reiber, a former, Obama-era senior Pentagon cyber officer who worked with Nakasone, tells Politico. "But, most importantly, he understands people."
Responding to Russian Interference
As part of the confirmation process, Nakasone appeared before the Armed Services Committee on March 1. That was just one day after Rogers testified to the committee that he had not been ordered by the president to confront, at the source, Russia's ongoing attempts to meddle in U.S. political affairs.
"My concern is, I believe that President Putin has clearly come to the conclusion there's little price to pay here and that therefore, I can continue this activity," Rogers told the committee (see Russian Meddling: Trump Hasn't Ordered Direct NSA Response).
Nakasone, in his opening statement, told senators: "If confirmed to lead U.S. Cyber Command and NSA, I will ensure our military commanders and national decision makers can call upon an aggressive and globally dominant cyber force with the capability and capacity to defend us at home and apply pressure on our adversaries abroad."
Citing Rogers' testimony, senators pressed Nakasone about what he would do to deter U.S. adversaries, including combatting hacking as well as disinformation and propaganda campaigns by Russia and China (see Putin Offers Extradition Promise to US: 'Never').
"We seem to be the cyber punching bag of the world, and it's common knowledge," Sen. Dan Sullivan, R-Alaska, said at the March 1 hearing. "We have officials who have come before this committee in an open session saying nope, we get hit and we don't retaliate. We don't retaliate against the Russians, the North Koreans, the Chinese."
Sullivan asked Nakasone: "Should we start cranking up the cost of the cyberattacks on our nation?"
Nakasone said that if confirmed, he'd work with the committee to develop new cybersecurity norms. "Right now, as this space develops ... the longer that we have inactivity, the longer our adversaries are able to establish their own norms, I think that is very, very important that we realize that," he said.
But he also suggested that not all online attacks should be responded to in kind. "We should always think of cyberspace not necessarily as only being a cyber response," he said. "We have tremendous capabilities in our nation. Being able to leverage those capabilities is something we should always think about."
Whatever the revised strategy that might be developed, however, "deterrence has to be a key part of that," he said.
Warrantless Surveillance Questions
At a Thursday appearance before the Senate Intelligence Committee, meanwhile, Nakasone is likely to be grilled not only on the country's response to Russia and other online threats, as well as his approach to cyber defense, but also the NSA's warrantless surveillance of Americans.
Staff for Sen. Ron Wyden, D-Oregon, tell Reuters that the senator plans to question Nakasone about his privacy stance, including how he would respond to any orders from the White House to create new warrantless surveillance programs.
Rogers, the outgoing NSA director, is the last senior intelligence official appointed by President Barack Obama who still serves in the current administration. He's also been instrumental in building up U.S. Cyber Command - the military's cyber warfare unit, launched in 2009. Last year, the Trump administration elevated it to become a unified military command, and it's scheduled to hit full operational capability - with 6,200 staffers across 133 teams - by the end of the 2018 fiscal year.
Battling Leaks
Rogers has served as director of NSA as well as commander of U.S. Cyber Command since April 2014, when he was brought in to help the agency avoid a repeat of the Edward Snowden leaks, which first began appearing in June 2013.
If Nakasone's nomination succeeds, one of his greatest challenges may be trying to avoid the leaks that have bedeviled the NSA.
Certainly, Rogers has not entirely succeeded in his mission to prevent them. In January, a classified memo from Rogers to NSA staff leaked, revealing his plans to step down this spring.
That leak was unfortunately symbolic of Rogers' tenure, which saw classified NSA information allegedly get stolen by government contractor Harold T. Martin III, who was charged in August 2016 (see Spy Whose Files Were Plucked by Kaspersky Pleads Guilty).
Last June, former American intelligence specialist Reality Leigh Winner was charged in a federal indictment with "removing classified material from a government facility and mailing it to a news outlet." The material contained details of a 2016 hack attack on a U.S. voting software supplier by Russia
U.S. officials continue to maintain that despite the 2016 election hacks and probes, hackers altered no vote totals (see States Seek Federal Help to Combat Election Interference).
The Shadow Brokers Saga
In the summer of 2016, the shadowy group known as Shadow Brokers - believed by many to be a Russian intelligence front - began leaking attack tools from the "Equation Group," which many security experts believe to be the NSA's offensive hacking team. The tools appear to have been stolen in 2013.
The Shadow Brokers' leaks may have come via Nghia Hoang Pho, an NSA agent who has pleaded guilty to taking home classified information and installing it on his home PC. The files appear to have been flagged by Kaspersky Lab anti-virus software he was running on the PC, although he had reportedly also installed a pirated copy of Microsoft Office 2013, meaning it's not clear who may have had access to his system (see Spy Whose Files Were Plucked by Kaspersky Pleads Guilty).
Pho was a developer within the NSA's Tailored Access Operations group, which is now called Computer Network Operations. The group specializes in penetrating into foreign computer networks for cyber espionage operations.
Moscow-based Kaspersky Lab has continued to deny any wrongdoing, saying it's become a political pawn between the Russian and U.S. governments (see Kaspersky Software Ordered Removed From US Government Computers).
But the NSA is not the only U.S. government agency to have seen highly sensitive information get leaked under mysterious circumstances.
Last March, WikiLeaks began releasing "Vault7," a series of alleged CIA files describing the agency's exploitation tools and techniques (see 7 Facts: 'Vault 7' CIA Hacking Tool Dump by WikiLeaks).