Governance & Risk Management

Q&A: Blair Speaks Out on Cybersecurity

Intel Chief Discusses DHS's Role; Threats from Russia, China
Q&A: Blair Speaks Out on Cybersecurity
The Department of Homeland Security is leading government efforts to safeguarding critical IT assets in the United States, the government's top intelligence officer says.

"It's the Department of Homeland Security that has the lead role to protect both the government and private critical infrastructure on which our national life depends," Director of National Intelligence Dennis Blair told a gathering in California this week as his office released a four-year plan, known as the National Intelligence Strategy, that for the first time elevates enhancing cybersecurity as a primary mission objective for the government's 16 intelligence agencies.

In his remarks, Blair also said a significant amount of cyber attacks originate in China and Russia, though hackers instigate most cyber assaults from the United States.

Giving DHS a lead role is developing federal cybersecurity policy is a controversial move, since some officials don't feel one department should have say over how another department should protect its information systems. Still, legislation before the Senate would grant DHS the authority to review cybersecurity budgets for all civilian agencies and department. Blair didn't address that point in his remarks.

Here's the edited portion of Blair's address that focused on cybersecurity to the Commonwealth Club of California, delivered Tuesday, followed by a question and answer session with attendees as well as a Q&A with media representatives, also held Tuesday.

Three Presidents now have declared that our cyber infrastructure is a strategic national asset. And protecting that asset is a high national priority. The threat to that infrastructure comes from nation-states. It also comes from hostile, non-national organizations, and even from skilled individuals.

And our cyber infrastructure is intertwined - the systems we use for intelligence, other national security functions, other government networks and private systems use many of the same cables, many of the same service providers, many of the same switches and the same applications.

Now, the United States is not vulnerable to cyber attack to the degree that countries you may have read about like Georgia and Estonia, which have been attacked in recent years. Our infrastructure is so big, so complex, that it doesn't have that sort of vulnerability. And in addition, we get a lot of practice all the time dealing with both attacks, hackers and with natural problems which force people to learn their systems and to make improvements.

But to keep those networks safe, we have to continually improve these systems, improve our skills, improve our defenses, as the hackers develop new attacks. And at the same time, we need to share ideas and best practices, so that American businesses can protect their private networks, which are also increasingly at risk from these same techniques. And they have to help us. We must take advantage of Silicon Valley's vast expertise - that constant innovation that comes.

It's the Department of Homeland Security that has the lead role to protect both the government and private critical infrastructure on which our national life depends. One of the most important agencies working with the Department of Homeland Security is an intelligence organization, the National Security Agency. It has an unmatched understanding of computer networks.

The NSA's technical capabilities and their expertise are absolutely critical to protecting our digital infrastructure. But the idea of using NSA's technical capabilities to help protect networks in our country often causes concern among some citizens.

We must and we do use our capabilities in a way that assures our citizens that their privacy and their civil liberties are protected. Americans must and they can have confidence that the technical capabilities of the intelligence community are being used to save lives and protect our nation, that they aren't being used to warehouse private information about Americans. We must and we can do our job under the oversight of the Congress and overseen by the courts.

So I believe that the intelligence community has a huge responsibility to help protect federal networks, to warn about the threats that are there, to share techniques that we've developed, and that we can do it without intruding on the civil liberties and the privacy of Americans. We have to continue to cooperate with those in the private sector on whose networks much of the critical infrastructure resides. And we have to do those jobs carefully, under supervision, entirely within the provisions of the law, with proper oversight from both the legislative and the judicial branches.

What follows is the edited transcript focusing on cybersecurity of the two question and answer sessions Blair held Tuesday, one moderated by John Bussey of The Wall Street Journal following the director's address to The Commonwealth Club of California, and the other the media conference call. The transcripts were provided by the Office of the National Intelligence Director.

Q: Hackers - any place in the world, they're breaking into protected networks, even apparently the Pentagon. Can you assure us of the safety of our secure networks and systems? And this one: The U.S. economy seems ever more reliant upon the Internet for daily commerce. Do you see mounting evidence of a potential attack on or through electronic infrastructure, and from where?

A: I don't think - from what I've learned about cyber offense and cyber defense, and the advantage of having the intelligence community involved in this business is that we're the ones who go out and use these techniques to steal other people's secrets, so we know what can be used against us, and that can inform our defenses in a very good way. And what I've learned in this business is that there's no final answer. The offense learns something. There's a hacking attack that's discovered, throw up defenses. Offense goes out to another attack, and it's one of those games of offense and defense - a crew race, who's taking the last stroke. That means that you can't rely on some solution. We can't go down and tell somebody, "Give us the ultimate firewall. Give us the ultimate safeguard." What we have to rely on is the skill and ingenuity and the hard work of our cyber workers, compared to the people who are trying to come after us.

We try to set up a system so that the things that we know are threats, we can build the defenses to, and we can put them up as fast as the threats come at us. And some of the attacks that have been talked about publicly coming against government systems, we - our more secure systems are protected by more layers - and we keep those okay. But the systems right next to the Internet - the dot-gov network, which we rely on both in all the branches, certainly the dotcom network on which power grids of electrical companies, banks, tunnel through those for their business - they're right up close to the Internet where anybody can roam, so we have to keep improving the defenses, detecting attacks, and knocking them out. ##So it's really a continuous game, and I would say that overall we're staying ahead; but it takes an awful lot of hard work to do it.

Q: Back on this question of cybersecurity, though, this seems to be an increasingly large focus of our intelligence community. And I wonder if you could answer that part of the question that asked where is this coming from? And is it coming from a country that has state involvement in it or is it coming from criminal groups? What is the kind of the primary cyber threat now to the United States?

A: If you count them up, most of the attacks against American cyber systems originate in the United States - sheer volume. Not all of those originate, because as many of you know, you go from one computer to another in order to attempt to disguise, and the final IP from which you make your attack on a circuit will generally be several hops from where you were. When you trace it all back, we find a huge amount of activity coming out of China. We find a lot of activity coming out of Russia. We find a mixture there of unofficial and semiofficial backgrounds. But that attribution is a tough part of the cybersecurity business, so we don't have as much certainty as we'd like to as to exactly who's behind the attack. But those are the countries that a great number of them come from.

Q: I was struck in the strategy about the very forthright language about China and its military expansion, its resource-based diplomacy, about the need to increase counterintelligence and penetrate foreign espionage services, the U.S. cyber-architecture. It seems to me that this is a - is this intended as a muscular response to the U.S.' external threats? I mean, in the broad picture, how would you sum up the posture that this report adds up to?

A: I would say that it is a muscular intelligence response to meet the nation's responsibilities so that we can provide good advice to the policymakers and in the field. We do have to be very aggressive in the areas that you cited in cyber, both protecting our own secrets and stealing those of others, because not only in the developed countries but through the world information is moving to networks. And that's where you have to go to learn what other countries and other groups are up to. And that's what you have to be able to protect in order to be able to do your own work without it. And yes, China is very aggressive in the cyber-world, so too is Russia and others. So absolutely right that it's a muscular intelligence strategy; but it is to inform a nuanced, intelligent, agile, overall national security strategy.

Q: Many departments in the federal government will be facing large numbers of baby boomer retirements. How do you effectively recruit the next generation for service to the country? And I wonder if maybe we can turn that question slightly. There's been a very large recruitment of intelligence analysts since 9/11, and I wonder if the type of individual that you are recruiting now - younger, Internet savvy, Facebook, MySpace, used to sharing information - is helping you in the goal of interagency information sharing? So one question is: How are you going to replace all these people with qualified individuals? And the other: Is the nature of the individual who's coming into the departments a different sort of cat?

A: Right. The demographic profile of those hundred thousand people in the intelligence community that I mentioned is sort of dumbbell-shaped or nut-shaped. We do - 50 percent of them, as I mentioned, came in since 9/11, so we have a lot of fairly new, not all of them young, but new to the intelligence business. And then we have those of us who were sort of the Cold War generation going out.

So I think as that new generation works its way through and gains more experience, that will be good. And working with them - I gave you a little bit of description: incredibly hard working, savvy - it takes a little bit of adjusting. We have a classified MySpace network that we use to get analysts together to talk about things. And I bet on any given day I'll open my e-mail and say, hey, Dennis (the moderator), I'd like to be your friend. So I write back and say I'd like to be your friend too.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.