SAN FRANCISCO—Gen. Paul Nakasone, commander of U.S. Cyber Command and director of the National Security Agency, came to the RSA Conference here with a message: He wants to work with the private sector, and he wants more people to come and work for the NSA to help it fulfill its mission.
Nakasone was a keynote speaker here on March 6 in a session moderated by CBS News reporter Olivia Gazis, who peppered the general with questions about adversaries, capabilities and the interaction of his agency with the current administration. Nakasone said his agency has taken active measures that have had a measurable impact on improving cyber-security.
“Over the past 10 years and even the past five years, we’ve seen adversaries that have been able to come into our networks, steal our intellectual property and conduct attacks in cyber-space, and there has been minimal response, “Nakasone said. “I think what’s changed over the past year is the idea that as a nation, we have to have a more proactive, forward-leaning approach to the defense of our nation in cyber-space.”
Nakasone became head of the NSA and U.S. Cyber Command in May 2018, and since then a national strategy for cyber-security has been published by the federal government. One of the ideas that the NSA is engaged in to support the strategy is persistent engagement.
Persistent engagement involves two key parts, the first being about enabling NSA partners, which include the Department of Homeland Security (DHS), the FBI, allies and also private industry. Nakasone said the NSA is able to provide indicators of compromise (IOC) to help partners understand threats. The other core element is the acting phase, which is about providing indications to policymakers and war fighters about what adversarial intent might be.
“When necessary and authorized, we are going to act against adversaries, so they understand that they can’t conduct attacks and steal our intellectual property,” Nakasone said. “Two-thirds of persistent engagement is enablement, and one-third is action.”
Cyber-Security Education and Tools
The NSA didn’t just come to the RSA Conference to talk about strategy; it also came with tools to empower organizations of all sizes. At the conference, the NSA released its Ghidra reverse engineering toolkit that enables security professionals to better understand what is inside of an application.
Helping to improve the state of computer science and cyber-security education is a theme that Nakasone also touched on. He said that the RSA Conference is a great place to talk about cyber-security talent because there is so much of it at the event. Nakasone said there is a need to develop computer science talent beginning at a young age and then all the way through college. One of the efforts that the NSA has led in cyber-security education is called Gen-Cyber, which to date has trained more than 12,000 students.
“We have to accelerate the idea of talent,” Nakasone said. “That’s the piece that I think we as a nation, much as we did during the space race, need to really take on.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.