NSA Heads: Same Threats, Different ToneIs Fear as a Motivator to Battle Cyberthreats in Decline at NSA?
In the same week that the new National Security Agency director spoke measuredly about the cybersecurity threat, his predecessor sounded the alarm about the calamitous dangers lurking in cyberspace.
See Also: Passwords Alone Aren't Enough
Michael Rogers, the Navy admiral who also commands the U.S. Cyber Command, doesn't downplay the serious threat facing the military, federal government, nation and society from our cyber-enemies. But he also doesn't express the dangers in the cataclysmic tone of his predecessor, retired Army Gen. Keith Alexander.
You can't scare people into action year after year.
In an interview with The New York Times, Rogers addressed the vulnerabilities the NSA confronts with dealing with the leaks of classified documents by its former contractor, Edward Snowden. "You have not heard me as the director say, 'Oh, my God, the sky is falling.' I am trying to be very specific and very measured in my characterizations," Rogers said in the interview that occurred June 27.
At his confirmation hearing in March, Rogers was equally as measured in his comments and didn't take the bait from Sen. Joe Machin, D-W.Va., to label Snowden a turncoat (see Rogers Declines to Call Snowden a Traitor). "I don't know I would use the word traitor, but I certainly do not consider him to be a hero," Rogers said.
Sounding the Alarm
Alexander in his public statements on Snowden and cybersecurity sounds more alarming. "This is an individual who is not acting, in my opinion, with noble intent," Alexander told ABC's This Week last year, adding later in the interview. "What Snowden has revealed has caused irreversible and significant damage to our country and to our allies."
At the Gartner Security and Risk Management Summit held late last month in National Harbor, Md., Alexander sounded more dire when describing the threat the nation faces from destructive attacks that he says NSA programs, including some that have been highlighted by Snowden's revelations, can help prevent.
Keith Alexander - Source: Gartner
Alexander said the United States government or businesses are ill prepared to defend against such brutal attacks (see The 'Disappearance' of Keith Alexander). "We don't have the defenses," he says. "We don't have government and industry working together, yet."
"In my opinion," he said a few months earlier, "the thing that could hurt our country the most is if one of those disruptive attacks hits one of the Wall Street banks and collapse our financial system. The monetary damage would be in the trillions of dollars. This would be huge."
Need for Imminent Threat
Fear, as a motivator, has its limits. Alexander wants to put the wrath of God into the hearts of federal lawmakers to enact cyberthreat information sharing legislation that has yet to pass Congress (see Opposition to Info Sharing Bill Grows). But fear only works if the threat is imminent.
Though on a much smaller scale, fear of catastrophic consequences of not following proven IT security procedures doesn't work if the same threat persists with no terrible circumstance happening.
"That fact is that you can't scare people into action year after year," Erik van Ommeren, director of innovation at Sogeti USA, said in an interview with Information Security Media Group [see The 'Game' Fervent IT Security Pros Play ). "... People grow accustom to the fear if they don't see it happening. ... Fear is not a great motivator to repeat time and time again."
Alexander and Rogers, who served as the Navy's cyber commander before being elevated, likely agree on the basics on the damage posed not only by the Snowden leaks, but by the real threats in cyberspace. It's just how they express it is how they seem to differ. It seems for now, at least from the NSA, that the rhetoric will be toned down.