FBI, CIA, and NSA Heads Convene at Fordham
With the nation's attention focused on issues of cybersecurity and privacy, Gen. Keith Alexander, commander of U.S. Cyber Command and director of National Security Agency, joined John Brennan, FCRH '77, director of the Central Intelligence Agency, and Robert Mueller, director of the Federal Bureau of Investigation, to discuss the topic for the first time in public. Joseph M. McShane, S.J., president of Fordham, moderated the Aug. 8 discussion at Fordham's Lincoln Center Campus.
|(L to R) General Alexander, Father McShane, Director Brennan, and Director Mueller during the question and answer session.
The panel represented the apex of this year's International Conference on Cyber Security (ICCS) hosted by Fordham and the FBI, a four-day conference that drew 500 participants from 35 counties. The directors touched upon several of the same themes and technical concerns shared by experts throughout the week. Primary among those concerns was networks compromised by hostile hackers, which Alexander called "one of the biggest threats facing this country."
Even as federal agencies attempt to identify and prevent cyberattacks, they too are under threat from within. The general stated that, in light of recent leaks, the NSA plans to shed 90 percent of system administrator positions as it shifts to secure cloud technology.
Alexander said that in patching together the NSA's network of 15,000 enclaves, system administrators were responsible for transferring data, securing networks, and "doing things that machines are probably better at doing."
He said the intelligence community and defense department are moving toward a "thin virtual cloud structure" which would reduce the number of system administrators and allow networks to patch into other networks at a higher speed.
"At the end of the day it’s all about trust," he said. "People who have access to data as part of their mission, if they misuse that data, they can cause huge damage."
As recent events regarding surveillance of Americans’ phone records has thrust the NSA's investigative methods into the national spotlight, the issue of trust has come full-circle. The general, however, said the agency is doing everything according to the letter of the law.
"Yes people make mistakes; there'll be compliance issues," he said. "But no one has willfully or knowingly disobeyed the law or tried to invade your civil liberties or privacy."
Brennan said that many laws, as they stand now, relate better to the physical world than to the cyber world. As more human transactions have migrated to the cyber realm, technology development has outpaced the rules, he said.
"It’s a new domain and the CIA has had to change, but the government framework hasn’t kept pace," he said.
Using FBI parlance, Brennan said that in the physical realm of yesteryear an agent would have to take a transcontinental flight in order to investigate or “bump” a suspect. But today the same can be done on the Internet.
"You can now surveil a terrorist by logging onto the Web," he said. "This is where intelligence agencies have to take into account things that didn’t exist 30 years ago."
He said the nation needed to take a fresh look at the role of government in the cyber arena, which he noted is 85 percent owned by private industry. The new paradigm demands protection of cyber infrastructure at a time when the government’s role hasn't been clearly defined.
He added that if the CIA's mandate is to identify threats to our national interests worldwide, then cooperation between industry, academia, and the government will be needed to help redefine the legal structure, address systems engineering, and protect a "major lifeline to this country."
Mueller said that, since Sept. 11, the FBI's mandate has been focused on preventing future attacks, and that same mandate applies to the cyber arena as well. The FBI sees an “absolute necessity” to focus on the individual criminals and to use traditional law enforcement capabilities to identify them. But, unlike preventing physical attacks, preventing cyber attacks requires intense collaboration with the private sector.
In the event of an attack Mueller said that cyber experts from the NSA, intelligence from the CIA, and investigative resources from the FBI must coordinate an appropriate response in real time. One such joint-agency effort is the National Cyber Investigative Joint Task Force, which operates under the FBI.
Coordinating with the private sector is still in the early stages, but Mueller twice cited National Cyber-Forensics & Training Alliance, a wholly private entity out of Pittsburgh, PA that brings together industry, law enforcement, and academia.
“We believe that in the future a cyber threat will equal or even eclipse a terrorist threat and the two may well be combined,” he said. “Just as partnerships have enabled us to address the terrorist threat, partnerships will enable us to address the cyber threat. … In this case the private sector is the essential partner.”
ICCS 2013 ran through Aug. 8
. For more coverage, visit @FordhamNotes and @ICCSNY on Twitter at #ICCS, go to Fordham's webpage,
or visit Fordham’s newsblog, Fordham Notes
Founded in 1841, Fordham is the Jesuit University of New York, offering exceptional education distinguished by the Jesuit tradition to more than 15,100 students in its four undergraduate colleges and its six graduate and professional schools. It has residential campuses in the Bronx and Manhattan, a campus in West Harrison, N.Y., the Louis Calder Center Biological Field Station in Armonk, N.Y., and the London Centre at Heythrop College, University of London, in the United Kingdom.