January 21, 2016
The Obama administration is “trying to come to grips with” how to prevent terrorists from using technology as a recruiting tool, while at the same time safeguarding individual freedoms, Adm. Michael S. Rogers, the Commander of US Cyber Command and Director of the National Security Agency, said at the Atlantic Council on January 21.

The question of whether to censor online activity “goes to the heart of the whole American construct,” said Rogers. Yet, he added, the reality today is that there are some who “burn people alive in cages, behead people for videos” and seek to exploit technology to “spread that ideology and to incite others.”

Rogers noted that the United States has laws that prevent the exploitation of youth and filter social media content aimed at the exploitation of children. “Even as we acknowledge the freedom of expression and the rights of all of us to express our opinions, we have decided collectively as a society that the exploitation of youths is unacceptable,” he said. “So one of my questions gets to be, is there a similar kind of construct when it comes to terrorist exploitation of the information domain? In addition to the legal framework that we have created, is there a social pact that we can come up with that says, ‘Hey, look this is unacceptable to us. That is not something that we are going to allow.’”

Rogers is actively engaged with the private sector in his quest to find the answer to that question. Both the private sector as well as the government have to be comfortable with the solution, he said.

Rogers spoke at a Commanders Series event hosted by the Atlantic Council’s Brent Scowcroft Center on International Security. Barry Pavel, Director of the Scowcroft Center, led the discussion with Rogers.

The Islamic State of Iraq and al-Sham (ISIS) has most prominently embraced social media as a key part of a strategy to spread its radical message and recruit disaffected youths. Technology will increasingly be part of ISIS’ strategy, said Rogers. “That is a troublesome development for us and we have got to figure out how we are going to deal with it.”

A big challenge that the Obama administration faces in coming up with a solution to this problem is a trust deficit. The government is largely distrusted and concerns about privacy have never been higher, Rogers admitted. “Given that big kettle, how do we make all of this work? That is not an insignificant challenge for us.”

Terrorist groups have wider ambitions than simply using social media as a recruitment tool. Speaking at the Atlantic Council on Nov. 10, John P. Carlin, Assistant Attorney General for National Security at the US Department of Justice, said while terrorist groups are using social media to “crowdsource” terrorism, they are also intent on developing the capacity to conduct crippling cyber attacks.

Encryption debate

Encryption plays an important role in safeguarding personal information, but many in the intelligence community believes it also creates a national security vulnerability.

Rogers has staked a position on encryption that is at odds with some officials, including FBI Director James Comey, who has argued in favor of the intelligence community’s need to get access to encrypted data with the aim of detecting national security threats. The NSA Director described encryption as “foundational to our future” adding that “spending time arguing about ‘Hey encryption is bad and we have got to do something about it,’ that is a waste of time to me.”

“What we’ve got to ask ourselves is, ‘Given that foundation, what is the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives,’” he added.

Rogers’ comments come at a time when several states, including California and New York, are considering bills that would limit encryption and force smartphone manufacturers to sell devices that can be decrypted.

“Big data analytics are now available at such a level that suddenly now data becomes attractive to a whole larger group of actors out there,” said Rogers. “So, what you saw at OPM, my comment would be you’re going to see a whole lot more.”

Rogers was referring to a cyber attack, allegedly by Chinese hackers, on the Office of Personnel Management (OPM). The hackers accessed the records of more than twenty million current and former federal employees. The hack was detected in April of 2015, months after it occurred.

An emphasis on partnerships

Rogers sees 2016 as an “inflection point” for US Cyber Command.

“The capacity and capability is starting to come online,” he said. “The hard work of the last few years is really starting to pay off in some really tangible capabilities that you will see us start to apply in a broader and broader way…That is a positive for the nation.”

He emphasized the need for partnerships in this effort. “There is no one single group; there is no one single nation; there is no one single segment—private sector, [Department of Defense], broader government; there is one single entity that has all the answers here,” he said. “This is a challenge that will require us to work together in collaborative ways.”

In 2016, the United States will also explore how to work with key allies around the world on dealing with cyber threats, Rogers said. “We are not going to do a US-only approach to how we are going to address these challenges in cyber.”

‘Cyber hygiene’

The NSA's reputation has been sullied following revelations by former government contractor Edward Snowden of large-scale surveillance by the agency, including allegations that it had tapped German Chancellor Angela Merkel’s phone. In September of 2013, Brazilian President Dilma Rousseff postponed a visit to the United States following reports that the NSA had monitored her phone calls and e-mails.

The Department of Defense is working to create a culture of “cyber hygiene” and personal responsibility. “If we can deal with the basic hygiene, that probably takes away 80 percent of the challenges that we have got to deal with from a defensive standpoint, and that lets us focus on things that really matter,” said Rogers.

Rogers reminds NSA employees about four “foundational tenets”—they must obey the rule of law; acknowledge mistakes; differentiate between what is a mistake and what is a choice; and while their job is to defend fellow US citizens, they are also accountable to them. “What I remind the workforce is: ‘You do those four things, then we are going to be fine,’” he said.

Ashish Kumar Sen is a staff writer at the Atlantic Council.