The director of the National Security agency, general paul nakasone, joined other National Security professionals to talk about the foreign Intelligence Surveillance act, and cybersecurity, in a discussion at the center for strategic and International Studies in washington, d. C. This is about one hour and 15 minutes. General, it is a real honor to be on the stage with you. For me, it is a personal treat. You became the director of the nsa and the commander of cybercom a little over five years ago. And before that, when i first had the pleasure of missing you when you are the head of cyber, you are the head of army cyber, he went from being a one star to a four star in just six years, an impressive sign of how wellregarded you are. I would like to use that fiveyear time period during your tenure at the nsa as the framework for our discussion this morning by looking at some of the extraordinary technological changes that have transpired over that period as well as a whirlwind of geopolitical events which have completely changed the scene from when he first took office. Especially in the areas you are responsible for. Let me start by going back to the summer of 2018, may of 2018. You first became the director. I recall month before we had authorized section 702 of the foreign Intelligence Surveillance act which i know you are going to comment on. We were still thinking about what the russians had done back in the 2016 elections. We were thinking about the nsa dealing with the aftermath of the snowden problems and the alleged shadow brokers theft of tools, et cetera. Looking back, what were your first thoughts in the summer of 2018 when you took office . General nakasone first of all, let me echo your thanks to csis and for dr. Jones and president henry for hosting us today. You have to back up to the spring of 2018. I am in my confirmation hearings in march. I come out of my confirmation hearings really well focused on the fact that we are going to have a safe and secure election in 2018 or they will find a new commander and director. My sense is that taking over in the fourth of may, the following week we were already talking about the 2018 elections. How do we have a safe and secure election . How do we bring the command of the agency together. So from the sixth of november and beyond, as the results were officially confirmed, it is all about the elections. You recall, the number one priority at the agency and command, safe and secure elections. Its an interesting point. But for me, the most important point is the fact that in the midterm elections in 2018, the ability for us to do this kind of work sets the foundation for where are the agency and a command going to operate for the neck to operate for the neck five years . How is the dual hack going to function closely between the command and the agency . How are we going to do innovative things like being able to send teams forward at the request of government to hunt down those networks . How do we look at the private sector differently and leverage this idea of, hey, at the private sector has an incredible amount of power, how do that . And the partnerships that form not only between agency and command, but agency command and fbi and with cisa and the private sector, that is all in 2018. That is an important piece for me. It is really the jumping point of jumping off point over rule. Glenn you said elections were mostly, not totally, focused on the russians because of their interference in 2016. But on the cybersecurity site, apart from the elections there were and continue to be a very serious threat in the cybersecurity world. I wonder how you think about that now. My sense is that many people feel we sort of got caught flatfooted with the solar winds intrusion, apparently by the russian fsb. It took months for that to be detected. We have seen in the interim, a wave of Ransomware Attacks evidently emanating from Eastern Europe and russia. Some of that continues to this day. How do you think about ways we need to counter the russian cyber malicious activity, apart from elections . General nakasone i think that, and you mentioned solar wounds, when you are doing and intelligence operation, you dont want to get caught. They got caught, and that should be perhaps the story that goes with solar. But the other story is, heh, the ceo and the founder of mandian comes to our agency the tuesday before thanksgiving to have a discussion about what he is seeing. It starts to formulate this idea of pay, maybe if we had an unclassified facility outside our agency where the private sector and the agency can talk to people, wouldnt that be powerful . The other thing is, it always comes back to, what are the competitive advantages of our agency and command . I think it begins with this idea, we operate outside the United States. It is foreign intelligence. We have an understanding of what our foreign agencies are doing. How do we communicate that with the private sector . This is the growth that nsa has today, unclassified facility outside of our gates, engaging with over 400 different privatesector companies in the Defense Industrial base. The idea is, how do we both give and get . Why do they talk to us . Because we have this incredible element of intelligence that comes forward outside of the United States, but they also talk to us for the fact that when you are talking to one of our folks, its not, hey, hold on a second, i will get somebody that really understands. They are talking to experts. That is really powerful and i think that is where we have been able to look at additions and abilities such as ransomware and zero days and supply chain and being able to bring the power of what our agency and command does to address those. Glenn numeral come back to russia, let me spend a minute on china. Seems like in intervening years, china has, to some extent, taken center stage in the cyber area. We can talk about the decades of cyber theft, disinformation. But it seems like there has been a little bit of a change maybe it is just my impressionistic sense, in the last several months or a year or so, it sounds like there is almost a step up in the level of sophistication on the chinese. We have heard about them allegedly hacking into the japanese classified networks. It sounds like there is a chinese attribution to the Microsoft Outlook hacks that apparently led to the emails of our secretary of commerce ambassador to beijing being read by adversaries. Even more ominously, we have seen reports about apparent chinese in frustration on infrastructure chinese infiltration on infrastructure in guam. Is my laymans perception correct . There is a lot of heated territory about how we need to deal with the chinese, but are they ahead of us in cyber surveillance . Are they equal to us . How do you think about the chinese . Gen. Nakasone no. Glenn that is clear. Gen. Nakasone i think this is a good lead in. There is a level of sophistication that we ascribe to what china is doing today. Are they Getting Better . Yes. But the question comes back to us as we think about this, is, how do we address it . What are the competitive advantages against a nation that has so much scope, so much scale, and increasing sophistication . I think it begins with this idea of our competitive advantages are first of all, being able to understand what are adversaries doing. You mentioned intelligence gathering. Utilizing different capabilities to spy on us certainly we have to address this. I am very concerned and we are addressing the issues that we may public in may of this past spring, about china living off the land. This idea of positioning themselves in different Critical Infrastructure elements of the United States, our allies, our territories, to perhaps utilize in the future. Why are they doing that in our Critical Infrastructure . That is the thing we are addressing today. Glenn is your sense that perhaps the chinese are infiltrating some of our Infrastructure Networks not only for surveillance, but in essence, for positioning themselves to future malevolent actions such as taking down networks . Gen. Nakasone certainly, what we have said is that there is an option that provides the chinese against many different scenarios. Interfering in our collective infrastructure, it is not to collect intelligence. It is our view. We want to make sure we are addressing that today. The ability for us to understand what our adversaries are doing i think the other piece that is a huge advantage is the private sector. This is what we have learned from russiaukraine. Being able to leverage the private sector being able to work with the private sector , being able to understand what the private sector is doing is tremendously important. And we have a global set of partnerships, for global set of partnerships that allow us a look throughout the world. Allows us a series of likeminded nations to be able to address actions such as these. This is truly a competitive advantage for us and it is what we are utilizing to address some of the issues you just highlighted there. Glenn let me turn the question around and ask something, not to put you on the spot, but how confident are we given the technical sophistication of the chinese hackers . How confident are we that our classified networks, of which you are the National Manager under statute and executive order, you are responsible for the pentagons classified networks, defense contractors classified networks, how confident are we that our classified networks have not been infiltrated, compromised . Maybe you could comment on how we would even know if that has happened. Gen. Nakasone confident and vigilant, those two are very important words. It is not just confident. It is confident that we have dylans. That we have vigilance. Every single day we are looking and making sure that our classified networks, that they are assured. That there is integrity there. You spoke about my responsibilities as a National Manager under my role as director of National Security. I am also responsible for the dod information network, both the classified and Unclassified Networks in merrill as commander of u. S. Cyber command. An example is how do you work with different combatant commands to keep this vigilance alive . We learned this in ukraine. Why was it they were able to share intelligence so effectively with our partners . It is because we set the theater to be able to understand that what were going to share has to be protected. And i would come back to this idea of hand forward operations. In the full of 2018. We have a intriguing idea of bubbling up from the bottom. Folks said, it wouldnt be interesting if we sent a team at the request of a foreign country to hunt on their networks . At the request of a foreign network, please come and help us look at what is happening on our networks. If you find malware or tradecraft or other areas you think are concerning, we want to be able to publicize that. One of the first places we go, 2018 . Ukraine. Following ukraine, four other times. The fourth time, in december of 2021 with a team of 19 marines and soldiers, go back to ukraine to hunt forward operations. This is the vigilance thats really important. We dont necessarily believe it because we think it, we leave it because we test, it we exercise it, its the whole idea of being persistently engaged on our adversaries. Glenn still on china for second, more broadly than just cyber, obviously when you took office five years ago, while china was very much perceived as a threat, it perhaps didnt have the same level of intensity now, partly because of the sort of political focus on it these days, everything from chairman gallaghers committee in the house which was created to address the perceived threat of china. But you pick up any oped today, everything seems to be very much focused on the pacing threat resented by china, particularly in the area of other technologies beyond cyber. How do you think about that, because obviously both the Cyber Command and the agency deals with some of these advanced technologies Artificial Intelligence, quantum, et cetera. The threat of potential threats to our encryption since you both make and break codes. Can you comment on this . How do we need to address this more broadly . Gen. Nakasone 2018 is kind of a big year for the department and looking at cyber. I think 2021 is the Inflection Point for our nation in cyber. You mentioned the beginning of 2021 with solarwinds. But remember what 2021 was like for us as a nation, it was solar winds, it is microsoft, Colonial Pipeline in jbs and caseya by may. The summer. In one year, over nine months, we had the supply chain have ransomware. Zero day attacks. I think at least for our agency, it was Cyber Security. That is a big year. We have a number of different abilities now that i think we didnt have before. Partnerships have been developed. When you say how do i think about it, i would begin with the idea that 2021 sets the foundation for us. How do we make sure that we bring quantumresistant encryption to bear for our nation as is directed by National Security policy memorandum 10 . How do we think about defending our national National Security systems differently . How do we work with the private sector . 2021 leads into 2022. If we talk about russiaukraine, we are learning in 2018 and 2021 that we have to be engaged with the private sector. The private sector gives us the ability to address again, the piece we talked about previously, adversaries scope, scale and sophistication. Doing it with a series of partners in a very, very focused strategy. And it pays off. Glenn so could i summarize by saying that you dont think the chinese threat in these areas is being hyped . You think it is something we very much need to continue to focus on, or do you think there is excess hysteria . Gen. Nakasone china is the pacing challenge of our nation. It is the generational challenge that our children, our grandchildren are going to address. We see it across the major lines of National Power, diplomatic information, military, economic. It is different than adversaries that ive seen in my three decades plus of service in the army. When i came in, it was a soviet union. I dont remember anybody ever saying, hope you dont bring cars from the soviet union to sell in detroit. We were thinking about the military component. Now we think about the many, many different components of National Power. This is where our agency has also pivoted, our command has pivoted to think about you know how do we provide support to broader issues in competition . How do we empower the elements of National Power that our agency has . Commerce . Treasury . These are all critical elements that we are working towards. Glenn you have talked about before, partly due to technology but also geopolitical events, the pacing threat of china, the aperture of National Security has expanded. The nsa therefore, is focused on not much wider array of threats than before. Lets get back to russia. What lessons have you learned from the ukraine conflict . I know we ask that question a lot, but again, from the perspective of now several years , the war has obviously going on well over a year and a half, could you comment in particular, from an intelligence perspective, on the role of opensource information that has been so important in this area, the role of the classifying information at the beginning, not something that the u. S. Intelligence community has previously done . What lessons have you learned from an intelligence perspective on this . Gen. Nakasone i have talked a bit about the preparation, what had forward does. What the private sector can bring. But lets talk about public information, right, a brilliant decision by obviously the president , the director of National Intelligence is, how do we sow our most Sensitive Information and share it with our allies and with the public . What does it do . At the end of the day, i think it does three things. First of all, it builds coalition for us. Secondly, it disrupts the adversary. Russia has never been the same since the fall of 2021 when we called out what they were doing. And the final thing, it enables a partner. Every single day, the work thats being done to provide information to ukraine. This is tremendously powerful. Even our National Security strategy talks about this idea of inherent National Strengths the Intelligence Community. We think differently about it now in terms of how do we take the information that weve collected, the intelligence we have produced, and how we protect the sources and methods, and then somehow be able to utilize that and share it. It comes back to what we were learning even in the summer of 218. If you can have an ability to garner this information, a lot of the things that we classify, we dont classify for what it is, but how we obtain it. So someone else obtains it, isnt that powerful to be able to tell that story . I think we have done a very good job in the Intelligence Community of doing that. If you would have came to me in the sum of 2018 and said, general, we will consider our most sensitive intelligence and we will have it released this fall, i would probably have been looking for a new general counsel. Glenn exactly, that is why they go into your office with that question. [laughter] i guess another remarkable change in just a relatively short period of time. Lets i mentioned at the beginning of this talk how just after you took office, congress had reauthorized section 702. I had the privilege of being in the office the year before you at the agency, and i recall how very involved the agency was i