NSA chief calls for cyber-cooperation, still supports encryption

Michael S Rogers, the Chief of the US Cyber Command and director of the National Security Agency, has called for international cooperation on cyber-crime, and says that the Internet cannot be ruled by one governing body.

NSA chief calls for cyber-cooperation, still supports encryption
NSA chief calls for cyber-cooperation, still supports encryption

Speaking at the CyCon conference in Tallinn, Estonia earlier this week, Rogers promoted the need for international collaboration, saying that cyber-crime can't be solved by an individual party alone.

“The essence of the future of cyber is cooperation…No-one has all the answers, together we have to create something,” he said, suggesting legal frameworks could be the way forward.

He went onto compare cyber-space to the high seas at the conference, which was organised by NATO's Cooperative Cyber Defence Centre of Excellence, and said that states, non-state actors and individuals have to work together to ensure a free Internet.

“I hope we do not find a world in which the internet becomes something that fractures and where the ability to move information freely is controlled,” Rogers said. He emphasised that as no one entity controls the cyber-space; cooperation partnerships are required for the future.

“The seas around the world are, much like the cyber-domain, not governed by one single nation. We have created maritime norms and have to do the same in the cyber-space to ensure a flow of information and ideas,” he said, adding that we should be, "Creating something equivalent to the maritime world that enables us to move ideas, goods and information freely around the globe."

“The changes we have seen in the cyber-space are immense. We take for granted what started 40 years ago,” the Admiral concluded. “Now we have a structure that has exploded in terms of the number of users, creating challenges of capacity and safety.”

Rogers later said that ‘encryption is not bad', suggesting instead that it is a fundamental aspect of the future. He did, however,  reportedly say that encryption needs a broader legal framework, something the US and other nations are working on.

Steve Lord, co-founder of the 44CON conference and director at penetration testing consultancy Mandalorian, told SCMagazineUK.com that the NSA comments left him ‘unsettled'.

“Within the context of cyber-defence, cooperation is an essential part of securing the services and networks we take for granted. However, whenever an NSA director talks about freedom it always makes me a little unsettled. The NSA's definition of freedom appears to be a very narrowly defined concept, in which freedom is subject to surveillance and attacks on civilians, both from inside and outside the United States.”

“We're already seeing chilling effects on security research through restrictions introduced by changes to the Wassenaar arrangement, in which individual states may have a greater hold over vulnerabilities and even vulnerability disclosure.”

“If we're to work together, we need a level playing field to work from and you have to accept that sometimes people are just not going to do what you want. You're not really working with someone when you're using leverage to get them to do your things for you (as is the case in recent discussions on putting backdoors in cryptography or common service providers like Google and Facebook). I hope that Admiral Rogers' view of non-state actors and individuals working together is based on genuine cooperation, not the latter, because the latter isn't free at all."

Rogers' comments came at an interesting time, not least because Iran this week claimed to have foiled US cyber-attacks against its Oil Ministry. The head of Iran's Cyber Police (FATA), Brigadier General Seyed Kamal Hadianfar, claimed on Tuesday that the country had foiled a US cyber-attack on the Iranian oil ministry during the last two months.

Iran previously saw damage to nuclear centrifuges, after an attack, widely believed to be by the US and Israeli forces working together, using the ‘Stuxnet' worm.