navigation-background arrow-down-circle Reply Icon Show More Heart Delete Icon wiki-circle wiki-square wiki arrow-up-circle add-circle add-square add arrow-down arrow-left arrow-right arrow-up calendar-circle chat-bubble-2 chat-bubble check-circle check close contact-us credit-card drag menu email embed facebook-circle snapchat-circle facebook-square facebook faq-circle faq film gear google-circle google-square googleplus history home instagram-circle instagram-square instagram linkedin-circle linkedin-square linkedin load monitor Video Player Play Icon person pinterest-circle pinterest-square pinterest play readlist remove-circle remove-square remove search share share2 sign-out star trailer trash twitter-circle twitter-square twitter youtube-circle youtube-square youtube

Cyber on campus: NSA boss part of academy-industry forum

May 14, 2015 (Photo Credit: Marcio Jose Sanchez/The Associated Press)

WEST POINT, N.Y. — Before visiting with the newly created Army Cyber Institute last year, Mark McLaughlin hadn't been back to West Point since his 1988 graduation.

But after meeting with ACI staffers and cadets on their contribution to the service's cyber mission, he made plans to return. And bring friends.

"We have to get this interaction going — public-private, private-public," said McLaughlin, the chairman, president and CEO of Palo Alto Networks, which includes 80 of the Forbes 100 companies in its cybersecurity portfolio. "There are a lot of academy alumni running around that are paying a lot of attention to this cyber thing. If what you want to do as the ACI, or what the DoD wants to do on a broader basis with all the academies together, is to work with industry somehow, there's a tremendous amount of affinity for the mission from folks who've graduated from the academies who are now in positions to assist you.

"So, why don't we have a meeting? And here we are."

Thursday's inaugural Joint Service Academies Cyber Security Summit provided a forum for the ACI, along with representatives from the Air Force, Coast Guard and Naval academies, to present their programs to an alumni-filled audience. Representatives of Citigroup, General Electric, Goldman Sachs and other companies also participated, as did public-sector cyber leaders from the FBI, Department of Homeland Security and other agencies.

That type of cross-sector information sharing was stressed by Adm. Michael Rogers, head of U.S. Cyber Command and the National Security Agency, in his keynote remarks.

"The key to success," he told the group, "is going to be our ability to bring this together as a partnership."

Working across public-private lines was one tactic offered to address some national cyber concerns brought up by Rogers, who also discussed other problem areas for those in and out of uniform:

  • Public-sector training: While many companies cycle through cybersecurity and information-officer personnel every two to five years, Rogers said the federal staff can remain in place for up to three decades. "If we're going to keep the same workforce," he asked, "how are we going to keep them relevant?"
  • Internal threats: "Every one of those individuals on a keyboard represents a vulnerability," he said, adding that a strong "cultural ethos" was necessary throughout the DoD and NSA.
  • Post-hack actions: Rogers helmed 10th Fleet, the Navy's top cyber agency, when an Iran-sponsored attack succeeded in accessing the Navy-Marine Corps intranet in late 2013. "One of my takeaways from that was that we have focused a lot of time on how to stop people from getting in, but perhaps we need to spend more time thinking about what are we going to do when, despite all our best efforts, individuals penetrate our networks?"

Rogers did not take questions from the media, and the summit's breakout sessions were not open to the press. While much of the inaugural event centered on introducing academy efforts to graduates and others, there was some work to be done — or at least to begin.

"We want to start the conversations on the commonly shared problems," said Fernando Maymi, ACI deputy director and assistant professor at the U.S. Military Academy. "What is the relationship between the private and the public sector? At what point is [a cybersecurity issue] an internal issue, when do you involve law enforcement, and when does it grow into an issue that potentially could touch on a military response?

"Companies are taken through that spectrum fairly quickly, as evidenced by the Sony event. ... That is an area that hasn't been explored as carefully as it ought to be."

The environment for such talks may offer opportunities not yielded by similar industry conferences, said McLaughlin, who also serves as chairman of the National Security Telecommunications Advisory Committee.

"The service academies are really educational in nature," he said. "This is not a vendor-driven sales pitch. It is not a venue where people are just going to talk about the problem. Again."

Next Article