bet365娱乐, bet365体育赛事, bet365投注入口, bet365亚洲, bet365在线登录, bet365专家推荐, bet365开户

WIRED
Search
Search

NSA Director of Cybersecurity Anne Neuberger in Conversation with Garrett Graff

Anne Neuberger, Director of Cybersecurity at the National Security Agency, speaks with WIRED's Garrett Graff as part of WIRED25, WIRED's second annual conference in San Francisco.

Released on 11/08/2019

Transcript

Good morning.

I'm Garrett Graff, I'm a contributing editor

at Wired and cover national security,

and I'm excited to be joined here today

by Anne Neuberger, who is the head

of the Cybersecurity Directorate at the NSA.

And I'm gonna ask Anne a little bit about that in minute,

but Anne is a longtime NSA official,

was appointed the first chief risk officer

at the NSA in the wake of Edward Snowden revelations,

and had a background in the Navy,

in the private sector before that,

including as the deputy chief management officer

of the US Navy.

And one of the things, you know,

the NSA is an incredibly hard institution

to cover and understand sort of what they're doing,

but I've always appreciated that Anne has been,

throughout her career,

one of the people who has been very open,

or as open as she can be,

about trying to engage with the public

about the role that the organization has done.

So, Anne, I thought I would start by asking you this morning

about the new Cybersecurity Directorate, which you head.

The NSA has sort of two main missions,

signal intelligence and cyber security,

and as of October 1st, it has this new

Cybersecurity Directorate that knits together

various parts of that mission, which you now head

as sort of the top cyber security official of the whole NSA.

So tell us a little bit about what your new role is,

and what the goal of this directorate is.

Absolutely.

So first it's truly terrific to be here.

I really appreciated the invitation.

Wasn't lost on me that there was one government individual,

part of the 25,

so really, really appreciated the invitation,

the opportunity to be here, and the opportunity

to really listen to all the talks going on today.

So I'll start with that.

The director of NSA, which is a four-star Army general,

General Nakasone, decided to stand up the directorate

because we recognize that we're at a crossroads

from a national security perspective.

There are significant advancements in technology,

in economy, in society,

that are converging and coming together.

Really exciting, right?

We see 5G, we see Internet of Things,

autonomous vehicles, drones.

And with those significant advancements,

we also see malicious actors able to accomplish

strategic impact with individual tactical actions.

For example, theft of a company's research

and development investments, which can then allow

others to more quickly productize a product.

It affects, like the discussion we just heard,

the future of jobs, the future of the economy here.

Similarly, we see certainly using social media

to influence elections, so achieving

those strategic outcomes with tactical activities.

We felt the need to ensure that,

while using these technologies,

we understand the risks to our democracy, to society,

economy, and we ensure that we're accounting for those risks

at the same pace as the advancements become reality.

So the director brings together thousands of people

to focus on those problems,

and to allow us to really not only recruit,

but keep the kinds of people we need

to ensure we're putting in place those defenses needed.

And as the public, what should we expect different

with the addition of the Cybersecurity Directorate

and sort of this specific focus on the mission now?

Absolutely, so first and above all,

our mission is to prevent and degrade cyber actors

on the most sensitive, critical, national networks.

What does that mean?

It means, for example, that you know, Garrett,

you mentioned earlier at the beginning,

NSA has two missions.

Well one of them is we build the cryptography

and distribute the key for things

like nuclear command and control,

the military's secure communications,

both with itself and with allies all around the world.

So ensuring that those networks,

our critical infrastructure networks,

for example the defense weapons systems,

ballistic missile defense systems, working very closely

with the Department of Homeland Security

on secure critical infrastructure networks.

That's a key focus area for us,

and there's a lot of interesting areas

both in technology that we need to focus on

and modernize in that space.

Beyond that, we recognize that defenders operate

in unclassified space, and in order for us to be effective,

we need to operate more in unclassified space.

So in our first month, folks may have seen

we issued three advisories.

And in them we say, you know, there's a nation-state actor

using this CVE, this vulnerability, to do this,

and here's what we recommend you do

to secure your network to address it.

So those kinds of things where we tie together

a threat to enable and present defense are critical.

And then finally, the third thing,

is future technologies, and ensuring that

we're working in standards bodies,

we're working with companies to ensure those products

are as secure as possible.

Cloud security, Internet of Things, looking at,

can we do for low-compute, low-power,

what's the cryptography for that?

Quantum-resistant computing, quantum computing

has significant implications for the cryptography

we use today to secure a good deal of internet commerce.

So those three types of efforts is what you'll see more of.

I wanna come back in a little bit to talking more about

the emerging technology, but let me stay with the NSA,

and its mission for a minute longer.

You've had a front-row seat as General Nakasone

has settled in, he's been there

about two and a half years now,

and he's been sort of a...

Remarkable transformation of the NSA,

and he has this second role, the dual-hat,

of heading CYBERCOM, and we've seen

a much more vigorous engagement from CYBERCOM

in offensive cyber operations, against targets like Iran,

and against actually Russia during the midterm elections

last year, and you had an election security role previously,

and I wonder if you could talk a little bit about

how General Nakasone is approaching his mission,

and the NSA's mission, and sort of how, philosophically,

he's looking at the work that the NSA should be doing.

Absolutely, so great question there.

The key principle he brings to it is to say

it all starts with partners, and it starts with

operationalizing intelligence to better secure.

What does that mean?

So I'll use counter-terrorism as an example.

In the counter-terrorism mission, when we learn of a threat

across the intelligence community,

yes, certainly we issue that warning and awareness

in a top-secret report, but in addition to that,

we quickly make information available

to a local police force, to an allied police force

anywhere around the world, to ensure

that they can do something to save lives.

At the end of the day, it's not interesting for us

to write a classified report and then people are killed

in a terror attack, that's not the goal.

The goal is saving lives.

And he brings that same approach to cybersecurity,

election security.

So as you noted, I was the NSA lead, co-lead,

working very closely with a Cyber Command co-lead

for the 2018 midterm elections.

And the guidelines he gave us was,

I don't wanna see a classified threat intelligence report

about what was done to shake confidence in the elections,

I wanna make sure there is a secure and safe election,

and that every American feels confident

in the integrity of the vote.

And that's where we were with regard to ensuring

we laid out together three lines of effort.

The first was ensure we're building the insights

to understand who might have an interest

in shaping the election in some way,

in tampering with election infrastructure in some way.

The second was ensure that information gets to people

who can do something about it,

whether other elements in the U.S. government,

we partnered very closely with DHS and FBI,

partnered closely with social media companies,

make sure they can actually...

And you saw, for example, accelerated take-downs

which occurred of accounts which were

maligned social influence, social media influence,

both because the social media companies really put in

a greater focus on their own.

And then finally, that's the distinct authority

Cyber Command has, so this is not NSA,

but Cyber Command is authorized,

is one, authorized by the president,

can impose costs to ensure that, as was stated,

U.S. government policy is any attempts to interfere

in a U.S. election will be met with some consequences.

And we're just about a year away

from the 2020 election now,

although it feels like it's been going on

for 72 years already.

For you too? [audience laughing]

Sitting here today, sort of knowing what you know,

surveying the horizon and the threat landscape that you can,

do you think that Americans should feel confident

that we will have a secure and accurate

un-interfered with election next year?

Yes, I think that there are...

Not I think, I know, that there are hundreds of people

across the intelligence community,

across DHS, FBI, working to do those three things

I talked about, right?

Ensure they understand what's potentially planned,

ensure they're making that information available,

and ensure that we're making clear to those

who might have an interest that there will be consequences.

But that being said, it is a challenging task.

And beyond the elections, one of the things we saw

in 2018, and I think we've seen

over the last number of years,

is attempts to heighten the polarization of our society.

As a democracy, what we rely on is,

I love the word that Nick used earlier,

which was civil discourse.

We don't have to agree on everything, in fact, we won't.

This is not...

The beauty of America is that people

from many different backgrounds can come together

and can live together with different ethnic backgrounds,

with different religious beliefs,

with different values potentially.

But that there's more that unites us than divides us.

And I think that when we look at how social media

can be used today, and the degree to which individuals...

Influence operations have been around since the days

of Adam and Eve, right?

But what's changed is the way social media allows

for targeted yet broad messaging

that makes people believe, hey, this is a friend,

I can trust them, and then at the time

those messages are integrated,

or for example combining cyber attacks

to gain compromising information that's then leaked

at an inopportune time to shape thinking.

Right before a key event, a key vote, or a key decision.

So that's the piece that we worry about a great deal

with regard to a trend, and that's not something

the government can take on alone at all.

That's the reason I so appreciate the invitation,

and that's the kind of work that needs to be done

between individuals committed to civic discourse

in our society.

So speaking of civil discourse,

the NSA being here in San Francisco,

in the Bay area and Silicon Valley,

that has not been necessarily the warmest relationship

over the last five years or so.

Garrett has such a nice way of putting things.

Which Edward Snowden has a little bit to do

with the soured civil discourse

between the NSA and the tech community,

and I wonder if you could sort of, sitting here,

sort of talk a little bit about what...

What you sort of wish that Silicon Valley understood

about the work that the NSA does on a daily basis,

and what, from the NSA's perspective,

you wish you could get from Silicon Valley.

So you are correct that the...

Discussions and the trust broke down a great deal

post-2013 media leaks, but my perspective is,

we had some responsibility to do with it long before that.

As human beings, we don't trust the black box.

We trust things we understand, we trust people we know,

we've met, we've heard their values.

And when you walk in, I don't know how many people here

have been to the National Security Agency,

but when you walk into NSA, and you pass all the turnstiles,

and you get to the elevator,

it's the way I walk in every single morning,

in front of you is a black granite wall,

and on the top of that wall it says,

they served in silence, and they have names,

most pretty young, of individuals who in the 60-odd years

of the National Security Agency have lost their lives.

Most are young, military.

The most recent one was actually just a few months ago.

And that culture of they served in silence

is one I think that didn't always do us well.

It's a culture of pride in saying,

we just want people to be safe,

we don't need people to understand our role in that,

but the flip side of that is that the citizens we serve

don't necessarily get to know who we are.

So I think we had some responsibility before Snowden.

And I think actually to your core question,

there is a tension in being an intelligence agency

in a democracy, and I think it's a good tension.

I've lived with that tension in my own life.

I was raised in a family with a deep fear of government.

My father grew up in Soviet-occupied Hungary.

He and my grandparents fled here

after the Hungarian Revolution.

My mom's mom wore long sleeves her whole life

to hide the tattoo on her arm from Auschwitz,

which was tattooed to make her not a human being,

to make her just a number.

You know, my great-grandparents and most of their children

were all murdered, gassed to death in the death camps.

So I grew up in a home which feared government

and the power of government.

And yet my parents talked about the tremendous gratitude

to have the opportunity to live in a democracy

where they could practice their faith

and live lives free of fear.

So the responsibilities that we have in this country

to use the force for good, to do that balance,

to ensure that we can live safely,

to ensure that individuals all around the world

can live safely because of who we are,

and balance that carefully,

because there is no perfect security,

and there is no perfect privacy, you need both,

and there's tension in that, and that's good.

That's the goal for us.

And what we need, to your question,

from the Valley, and I think

from really every American citizen,

is to get involved in that, to figure out

do we have that balance right, challenge it,

get involved in making that balance right.

Come into government for a few years,

or if you're working in Silicon Valley

and you have a way to both protect privacy,

but help folks understand that when there are threats,

whether that's child pornography, crime,

or a national security threat,

best minds are working on those areas

that are really not black and white, they're gray.

And balancing the gray to get to the best outcomes

and protect who we are as a country

is I think the core challenge we have in front of us today,

and we need great, committed people being a part of that.

Do you feel like the relationship between the NSA

and the Valley, and the tech platforms,

has been repaired in a meaningful way

over the last five years?

I think it's become much better.

I look at the work we did together in the 2018 midterms

where we said, neither of us can do this alone.

The Valley made clear they wanted insights

about how platforms were used, how individuals

were appearing to look like they were U.S. individuals,

how people can anonymously connect to platforms,

how you can ensure that people have to validate in that way.

And we made a commitment to recognize that...

It wasn't enough to write a classified report,

and we had to ensure that information we had

made its way to people who could do something about it.

So I think repaired is a hard thing to say.

I think it's gotten better, and more importantly,

I think there are now enough conversations around values

and core shared goals to make...

To make what we need to happen more likely to happen.

And where do you see those shared values

between the NSA and the tech community?

Like, what is the overlap in where you can have

a conversation about values?

America is not a perfect country,

but I think America was a dream

that people from all different backgrounds

could live together, and respect each other enough

to give each other the freedom

to live their lives differently.

To me, the fear of what social media allows,

it allows those ties to be frayed.

It allows people to treat people like other

by creating communities that say,

we're all in this community, and we can talk anonymously

and safely, and that other community doesn't know

what we're saying, and that's dangerous

in a society that has to have...

That shared values are paramount.

And I don't think we should think that the society

is just there without our working to keep it that way.

So I think the shared values to say freedom of speech

means also freedom to respect each other's speech,

and respecting each other's speech

means that civil way in engaging

so you're not shutting people down by the incitement

and the anger in your speech.

And how to ensure that we protect speech

to enable freedom of speech.

I think there's more shared discussions on how we get there.

There's still more to be done,

but I do believe that we're closer to that point.

And I think one part...

One of the things we're trying to do at NSA

is bring more diversity into tech.

We run, for example, GenCyber camps, we call them,

which are camps for kids in high school.

There are 15,000 kids participated, 38 states,

which is super exciting, right?

'Cause if you can get people involved young in...

Cyber is something that can easily be...

Intelligence is a harder thing, right?

Intelligence, but cyber is defense, is a shared goal,

and by getting kids involved young

who can see that it's a shared goal

between government and the private sector, then...

And that diversity then allows that as well

by everybody seeing themselves in it.

We have about a minute left, so I wanna get to

emerging technologies and sort of what you're thinking about

in terms of threats that you see coming over the horizon.

Yep, three trends.

One is certainly see nation-state actors

becoming more sophisticated.

We see more of a focus on disruption,

kind of what we saw with Iran, Saudi Aramco,

breaking tens of thousands of machines.

And that shift to disruption, as well as hacking

to gain compromising information

that's then leaked at an inconvenient time.

So that's certainly the trends we see overall in cyber.

What we're focused on are securing technologies

like I mentioned, like IOT, looking at cryptography,

high-speed cryptography at the 400G level,

low-power I mentioned, and certainly looking at

security standards to enable us all

to use those technologies safely.

So really excited about some of those areas,

distributed ledger is another area

we're putting some focus on.

Excited both for the partnership

and for what we can do with those technologies.

One of the things that sort of stands out to me

in covering cybersecurity is how each major attack

that we've fielded from a nation-state adversary

has represented a failure of imagination,

that the attack on Sony Pictures by North Korea,

Russia's attack on our confidence in our democratic process

in 2016, what do you think sort of the next failure

of imagination that we're going to see

in terms of an attack on the U.S.?

That's a really good question.

I think it...

One of the things we've seen is the weaponization of drones

and low-orbit satellites, sensor platforms,

I think bringing together the intelligence

off those sensor platforms with potentially large numbers

of weaponized drones is a key concern.

The technologies to defend against that,

the cost of defense far exceeds

the cost of just building and deploying a drone.

And we're seeing those kinds of technologies

in certain ungoverned areas around the world.

So that's something that we're thinking hard about

and how to protect against.

Great, thanks so much for joining us, Anne.

Thank you, Garrett.

[audience clapping]

bet365娱乐