Interview Russia appears to be having second thoughts on how aggressively, or at least how visibly, it attempts to influence American elections, according to a former head of the NSA.
I wonder if the Russians have said to themselves, ‘Look, we think there’s a return to be made, but perhaps being overly aggressive … overly visible isn’t in our best interest’
Mike Rogers is a retired US Navy admiral who was head of the surveillance agency and US Cyber Command between 2014 and 2018; his Navy career spanned decades. Since leaving the service, he has held roles in the commercial security space, and is now operating partner at Israeli security investment group Team8.
He spoke to The Register this month about American politics and adversaries including Russia; the effect of AI on the threat landscape; and the balancing act between government and commercial security.
The Register: In 2018 you testified in front of Congress that we could face a repeat of election interference by foreign powers because recommendations were not followed? How did things look to you in the 2024 election?
Rogers: First of all, the good news is that it doesn’t appear that the Russians, or other nations, have accelerated or significantly increased in either level of effort or the breadth of capabilities being applied on election influence. That doesn’t mean they’re not making an effort, but if you looked at 2016 and you argued it was an indicator of the future, yeah, it hasn’t quite worked out that way.
I suspect there’s a variety of reasons, mainly that governments have been much more focused on election security. I wonder if the Russians have said to themselves, “Look, we think there’s a return to be made, but perhaps being overly aggressive isn’t in our best interest. Being overly visible isn’t in our best interest.”
Now, no one should take from this that I’m saying you don’t have to worry about election security, absolutely not. I’m just highlighting that I am a bit surprised that it hasn’t been a little bit more aggressive.
The Register: We’ve recently seen layoffs at the US government’s Cybersecurity and Infrastructure Security Agency, aka CISA, and it’s an organization the NSA works with regularly. What’s your view on the future of the agency?
Rogers: The right answer is, we should downsize them and tell them, “Hey don’t investigate disinformation and misinformation efforts as part of your mandate. We think you’re focused on the wrong thing. We don’t think that should be a primary focus.” I think that’s the message that CISA is receiving at the moment.
CISA was a great organization, well, is a great organization. It does an awful lot. They inform enterprises and individuals about what the coming threats are. Can they not just get back to pure security?
- Deputy boss of Homeland Security says CISA needs to be reined in
- Homeland Sec: Election trolling none of CISA’s concern
- Infosec was last item in Trump’s policy plan, yet major changes are likely on his watch
- So, Russia no longer a cyber threat to America?
The Register: There were reports, now denied, that US Cyber Command was halting efforts against Russia. What’s your take on that?
Rogers: I’m not in the government now, but I will only say during my time we have those kinds of conversations, both in terms of what assistance we can provide, but also what can we learn. It’s one of the premises behind Cyber Command – persistent engagement.
We gained so much more insight, so much more knowledge of the adversary when we’re watching and interacting with that adversary in areas other than just the United States, and we create a greater sense of awareness, knowledge, insight, by partnering with those nations going forward while we’re doing it.
So we argued that at Cyber Command and it has been adopted as a strategy. It’s been that way now for six, seven years, that there’s a lot to be gained by persistent engagement. Just sitting in the United States waiting for the adversary to come after our networks never works.
The Register: What do you think is the role of the government in IT security matters?
Rogers: I believe that the US government has a role in cybersecurity. Now you can get into a debate about what that role looks like, which is all very fair. You can’t achieve cybersecurity at a national and an international scale, you can’t achieve the level of cyber resilience we need as a society without the help and focus of the government.
I don’t think the answer is the government does everything. But on the other hand, the government does have some unique roles.
