NSA Talks: Cybersecurity

Video thumbnail (Frame 0) Video thumbnail (Frame 7756) Video thumbnail (Frame 11147) Video thumbnail (Frame 16845) Video thumbnail (Frame 24684) Video thumbnail (Frame 25672) Video thumbnail (Frame 28096) Video thumbnail (Frame 35427) Video thumbnail (Frame 39670) Video thumbnail (Frame 50003) Video thumbnail (Frame 60336) Video thumbnail (Frame 61305) Video thumbnail (Frame 65002)
Video in TIB AV-Portal: NSA Talks: Cybersecurity

Formal Metadata

NSA Talks: Cybersecurity
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
The National Security Agency (NSA) has authorities for both foreign intelligence and cyber security. This unique position gives NSA insights into the ways networks are exploited and the methods that are effective in defending against threats. Over time, NSA has adapted the focus of its security efforts and continues to evolve with technologies and the adversaries we face. The talk will look back at some of the inflection points that have influenced NSA and US Government cybersecurity efforts and look at what is necessary to stay safe in the new environment.
Axiom of choice Onlinecommunity Computer program Building Group action Information Decision theory Real number Virtual machine Bit Cyberspace Disk read-and-write head Mereology Twitter Type theory Goodness of fit Hacker (term) Internetworking Strategy game Energy level Self-organization Electronic visual display Data conversion Information security
Trajectory Dynamical system Group action INTEGRAL Direction (geometry) Database Public domain Data analysis Front and back ends Web 2.0 Malware Mathematics Graphical user interface Component-based software engineering Hypermedia Drum memory Information security Vulnerability (computing) Physical system Control system Point cloud Chi-squared distribution Cybersex Computer icon Twitter Inflection point Process (computing) Facebook Order (biology) System programming Website Convex hull Right angle Point (geometry) Dialect Slide rule Personal identification number Cybersex MIDI Denial-of-service attack Maxima and minima Mass Discrete element method Automorphism Event horizon Power (physics) Twitter Element (mathematics) Mach's principle Causality Term (mathematics) Internetworking Hacker (term) Internet der Dinge Gamma function Summierbarkeit Traffic reporting Game theory Hydraulic jump Dean number Mobile Web Authentication Information management Execution unit Focus (optics) Information Key (cryptography) Twin prime Weight Basis <Mathematik> Incidence algebra Latent class model Cryptography Inclusion map Event horizon Software Integrated development environment Lie group Infinite conjugacy class property Gastropod shell
Group action Public domain Cyberspace Open set Component-based software engineering Information Information security Point cloud Area Cybersex Service (economics) Digitizing Physicalism Sound effect Port scanner Connected space Type theory Category of being Process (computing) Internetworking Chain Normal (geometry) Right angle Energy level Asymmetry Spacetime Slide rule Divisor Cybersex Plastikkarte Event horizon Twitter Power (physics) Number Revision control Frequency Hacker (term) Operator (mathematics) Authorization Energy level Integrated development environment Internet der Dinge Operations research Shift operator Scaling (geometry) Information Expert system Line (geometry) Exploit (computer security) Integrated development environment Lie group Infinite conjugacy class property Video game Game theory Internet der Dinge
Email Group action INTEGRAL Multiplication sign Cyberspace Non-standard analysis Mereology Neuroinformatik Malware Mathematics Core dump Encryption Series (mathematics) Information security Descriptive statistics Vulnerability (computing) Physical system Cybersex Injektivität Pattern recognition Decimal Gradient Moment (mathematics) Non-standard analysis Database transaction Data management Time evolution Telecommunication System identification Right angle Information security Fundamental theorem of algebra Data integrity Point (geometry) Service (economics) Information systems Maxima and minima Black box Infinity Twitter Power (physics) Product (business) Natural number Authorization Uniqueness quantification Musical ensemble Energy level MiniDisc Address space Authentication Addition Standard deviation Information Magnetic tape Uniqueness quantification Pivot element Frame problem Performance appraisal Personal computer Integrated development environment Software Password Infinite conjugacy class property
Group action Nim-Spiel State of matter System administrator Programmable read-only memory Set (mathematics) Cyberspace Coma Berenices Mereology IP address Optical disc drive Pointer (computer programming) Sign (mathematics) Malware Component-based software engineering Software framework Information security Multiplication Exception handling Physical system Cybersex Link (knot theory) Theory of relativity Nuclear space Web page Electronic mailing list Menu (computing) User profile Category of being Digital photography Internet service provider Military operation Normal (geometry) Quantum Website Special linear group Right angle Sinc function Spacetime Point (geometry) Domain name Game controller Statistics Service (economics) Divisor Robot Real number Cybersex Virtual machine Maxima and minima Heat transfer Drop (liquid) Surgery Shift operator Metadata Power (physics) Natural number Internetworking Term (mathematics) Operator (mathematics) Energy level Normal (geometry) Gamma function Router (computing) Booting Traffic reporting Operations research Execution unit Dependent and independent variables Focus (optics) Information Artificial neural network Physical law State of matter Interactive television Expert system Denial-of-service attack Basis <Mathematik> Volume (thermodynamics) Incidence algebra Group action System call Mathematics Inclusion map Event horizon Commitment scheme Statement (computer science) Point cloud
Greatest element Presentation of a group Group action State of matter Multiplication sign Bit error rate Public domain Food energy Tendon Fraction (mathematics) Facebook Mathematics Strategy game Information Backup Endliche Modelltheorie Multiplication Physical system Cybersex Email Link (knot theory) Flash memory Shared memory Sound effect Solid geometry Statistics Flow separation Connected space Independent set (graph theory) Macro (computer science) Convex hull Right angle Encryption Quicksort Cycle (graph theory) Figurate number Arithmetic progression Writing Spacetime Point (geometry) Cybersex Authentication Exploit (computer security) Knot Mathematical analysis Mass Expert system Staff (military) Shift operator Power (physics) Latent heat Internet forum Energy level Divisor Acoustic shadow Normal (geometry) Gamma function Computing platform Authentication Operations research Execution unit Cone penetration test Information Uniqueness quantification State of matter Java applet Mathematical analysis Planning Computer network Limit (category theory) Cryptography Exploit (computer security) Word Event horizon Software Video game Object (grammar) Routing Local ring Address space
Cybersex Patch (Unix) Confidence interval Division (mathematics) Computer network Black box Contingency table Binary file Control flow Cryptography Mereology Thresholding (image processing) Element (mathematics) Software Different (Kate Ryan album) Infinite conjugacy class property System programming Website Energy level Right angle Information Modem
Hooking Multiplication sign
and right now he's gonna hand you up to speaker 4 Rob Joyce again let's give me a big DEFCON welcome but good morning everybody thanks for having me here for those of you don't know me Rob Joyce I'm from NSA 29 years at NSA one of the proudest things I did was I had the chance to lead the hackers of NSA organization known as ta oh but I've also worked on the defensive side of NSA as the deputy director for information assurance and for 14 months I was down at the White House leading leading cybersecurity policy for the nation so it's with kind of that background I'm gonna talk a bit today about where we've been in cybersecurity the things that that are on top of my mind and the things were focused on from NSA so last year I didn't make DEFCON it was the first one I've missed in several years I was really disappointed because I thought there was something important going on here and that was the election hacking village and I will be out there tomorrow and make a chance to go see and learn and focus on that that's one of the reasons I've really stayed trying to stay connected with the DEF CON crowd and come here every year is to be a part of some of the creative ideas innovation and the things that are uncovered and learned here it's not apparent everybody in the outside world I think why it's important to break stuff why it's important to focus on and find those flaws and then talk about it and I know even today there was some there was some discussion with the with the states about whether we should be doing the election hacking village or not believe me there are people who are going to going to attempt to find flaws in those machines whether we do it here publicly or not so I think it's much more important that we get out look at those things and and pull on it so that's [Applause] so the other reason I'm here is again to be part of this community so what you will find whether you know it or not there there are and have been and will be NSA people involved in Def Con throughout the years you know I'm up here there's no horns on my head I'm a real person I'm a technologist at heart if you want to see kind of the things that get me pumped and excited tomorrow at noon I've got another talk I'm talking about my house and a Christmas light display I put on every year building absurd Christmas lights that one actually might be more interesting I shouldn't say that as you sit here look about to listen to this talk but that's that's a cool talk so come over to DEFCON 101 tomorrow it's not in the program it's an ad so I'm happy to be able to do that so so why am why why am i and others at NSA it really is to focus on that technology and think about serving the country and and providing a way to make this place safer because as I talk throughout this morning you'll hear and I hope you'll agree that there are some really bad things some bad trends going on on the internet and through through cyberspace and I feel like each and every day I get a chance to push back on some of that and really try to drive toward better uses of that internet community so you know the year after Snowden when it was a no feds allowed I came to Def Con I didn't come on NSA's nickel I didn't come as a Fed I came as Rob choice but to stay involved in the community I think it was it was interesting that a lot of people knew me I'd done meet the Fed panel the previous year so you know they looked at me and knew I was from NSA but I was still you know greeted and and part of the community that was going on here so that was pretty cool it was it was notable that you know I think it was two years ago I was going up in the in the elevator to ask I talked and somebody turned and said hey aren't you that NSA guy that talked to our cybersecurity club so all the heads in the elevator snapped around and I owned it I said yeah absolutely and we started a conversation with the whole group there right and that is that's what I want you to see if you see me in the halls come up have a conversation we're real people I know not everybody at DEFCON agrees with NSA and our mission and the types of things that that are said about us in the press sometimes but I'm hoping I will show you that you know there really is noble intent there's important things to be done and we're invested in doing those kind of things so let me let me hop straight into it for those of you are on it unfamiliar with NSA there's really two sides to NSA there's a signals intelligence mission that's focused on getting out there and producing intelligence on threats to the country for decision makers for the law enforcement the military and trying to trying to pursue that and then there's the information assurance side that does cyber security for our national security systems the highest levels of information that we and the US government has to protect so with that
is a basis of kind of where I'm coming from I'll jump in to where I think things are going so so I'll start here with this slide that talks to the inflection points of the the technology landscape some big pieces of that one wireless device is about they're really really growing and exploding in the ecosystem another big thing is people are choosing to supply their data choosing to supply their data to those massive social media sites and what's happening there it's funding much of the web and shaping the ecosystem with that big data analysis and the advertising that they can serve up and so you've got to kind of think about that in terms of the the direction technology is going because that's what's funding a lot of this right and so if you don't acknowledge and understand those components you're going to miss the boat about where technology is going so if you look at the technology explosion from the 2000s to today there's some really big points 2015 we to the point where half the population of the world is online that is all the people in impoverished countries to the wealthy and sophisticated high-end technology companies half of those people have access to the Internet through some means and in 2014 mobile internet surpassed the fixed Internet so we're living on that cellphone device and if you think about it those mobile devices go with us they know where we are they're connecting us but it also they're really powered by the backend big data that that exists in the cloud and and that is a feature and an aspect of where we're headed in technology that you've got to consider in how we're doing security so for us in the u.s. more than any other nation I would say we depend on the availability the integrity the authentic the authenticity of the information on those nets and really unfortunately those vulnerabilities to exploit those networks are being being exploited by criminals and nation-states and so we've got to think about what we need to do to change some of those dynamics I talked
to the technology now let's talk about the environmental changes key aspect for me is in the nation-state arena the focus has moved from using the realm of cyber to steal secrets to using that realm to impose national power notable big incidents last couple years we had huge data breaches so on the slide I kind of moved from espionage focus tops to a growing trend of large-scale destruction and you all live through a couple of the big notable internet events in the last couple years I also think it's noteworthy how numb we've become right when a crypto currency exchange in Japan lost five hundred and thirty million dollars in in a cyber theft so this may be skewed because of the audience we're in but how many heard of that in January when you know half a billion dollars of cryptocurrency was taken so it's it's a pretty heavy group in this if you ask the average person on the street not as much and I think it's incredible that you know half a billion dollars walks out if that happened and it was a truckload of gold stolen from a bank imagine you know above-the-fold headlines but ho-hum another cryptocurrency you know it's session was was hijacked they lost a half a billion dollars we're really growing numb in that there were also pretty concerning reports back in January that caught my attention that was the Triton malware reports if you think about the the targeting of safety systems in industrial control in big industrial processes that is that's activity that you've got to start to wonder about the judgment that came to light not because somebody was really investigating and found it through extensive cyber sleuthing it came to light because they weren't doing a really good job in that in that safety system and cause note of notable outcomes so so to me the judgment of those people who thought they should be screwing around with a safety system without the knowledge and capability to actually manage it and shape it in the way that they were seeking just just shows how dangerous they are and that and it probably should scare each and every one of you I know it scared me to think about the folks going into that so we're also seeing countries use their national power in other ways China is using its cyber infrastructure to establish a social control system right the that social credit system that they're rolling out so that's another way to use the power of cyber technology again for some of the national aims and so you know for me the way it compares and contrasts the free world to some of the totalitarian regimes is how we're using those those elements of technology to either defend against abuses or prop up some of the social and justices that are happening so you've got to be aware of the new threat landscape the tools are available the data is out there the intent exists and that's intent the trajectory of that intent is a piece that worries me I think nation-states and criminals opposed to some of our basic social order are having their way in the digital domain and I would lump the election hacking and other things into that as well so make no mistakes a big concern is the chance for miscalculation is huge and whether it's trying to influence our elections or intrude on the safety systems of industrial plants that's something we as a community can they have to rally against and deal with so
continuing on the cyber threats I'll talk about four major trends that that that that are on my radar criminals and foreign adversaries constantly prowling this digital domain they they push on America's digital infrastructure continuously and those of other places in the world first area high-end sophisticated actors there's really been a fundamental shift in the nation-state activity as opposed to free and open societies right aggressive disruptive cyber operations asymmetric intrusions inflicting damage rapid weaponization of disclosed capabilities these state-sponsored actors are continuously building on the technique so what we'll see is some elite folks at the high end of that coming up innovating but quickly propagating that down at scale to other folks who can who can use it and turn it people fear zero-day exploits but really hiding in the account of an author unauthorized user is much more hard to ferret out over the long haul using authorized processes in ways that weren't intended and and so that that expertise of the high end folks who can figure out how to insidious insist you ously get their selves into your processes your your data as an authenticated user makes it really hard too hard to deal with so we're seeing those big splashy cyber events with increasing frequency kind of reinforcing that numbness and as I discussed earlier just getting commonplace second area the level of expertise is just decreasing you know the the quality of tools released the ability to get and build yourself on the shoulders of others and get out there is is really a leverage factor in enabling bad activity that's going on so most advanced members of some of these overseas groups create the tradecraft and then again bring others along unhinge to responsibly guide the use of those activities third area I'd highlight the move from exploitation to disruption so the last two years a number of this destructive attacks top of mind for me as Russia targeting Ukraine in their ongoing conflict they wound up inflicting on the world with wanna cry right it was aimed at Ukraine did a supply chain exploitation in the Ukraine but it quickly propagated to the globe and if you look a significant number of maritime ports were shut down the shipping channels disrupted that's real-world physical impact the supply chain of our modern businesses rely on those shipping channels to follow a predetermined predicted predictive timeline and by shutting down those ports impacting those things it had huge impact around the globe there was a non-binding resolution out of the UN in 2015 where a group of governmental experts said ok one of the important norms we have to establish is that we won't intentionally damage critical infrastructure we've seen disruption of civilian power we've seen financial institutions knocked down we've seen a lot of preparatory activity and critical infrastructure and that stuff has no purpose other than preparation for these types of attacks and so that's that's a trend line of the cyber threat that continues to worry me fourth area the growing use of information operations leveraging cyber intrusions and so that's the story of where you can get a hack grab data weaponize that data and then make outcomes from that data every single day we've got adversaries producing campaigns pursuing campaigns to achieve those strategic outcomes and many of those campaigns have cyber components when these people take our intellectual property in a big campaign any given single theft is just that it's a theft but when you look at it as strategic intent over timeline that really is a cumulative effect on our national economy and national security implications really are undeniable of campaigns that are looking to affect our our intellectual property and business chains so in America we have the luxury of thinking about national security as an away game right I think in by that I mean many of the conflicts Wars and activities in our lifetimes have taken place overseas we've been insulated from that but cyberspace has made it clear that we're no longer in an away game the threat has really come to us and that you know as cyber professionals or people interested in the technology has to be a fundamental truth that you've got to absorb and think about how that changes the way we need to react and
work so the new threat environment not only has that threat changed but the environment around it has changed I taught in the very first slide about information technology game changers the connectiveness of our life is exploding sensors abound around us if you think of the Internet of Things the amount of data that's that's pulled together and we can expect criminals to go ahead and look at exploiting and weaponizing that environment so it's an escalating threat environment that has me motivated to fundamentally look at how we protect ourselves and protect national security in that space so I hope I've set the
table for for the background I don't think any of that's hugely surprising but what I wanted you to do is kind of walk with me fought the thought and and get a sense of where that's been and where that's going so at NSA we're lined up with those two missions I explained you earlier what we found is cybersecurity benefits from the union of those two things the signals intelligence mission goes out and gets unique insights into foreign threat actors ensures that the national security systems are equipped to defend against those kind of trends I talked about signals intelligence really is at the core of NSA's fundamental advantage in doing security and so we can take and discover threat intelligence on foreign adversaries we can inform our partners DHS and others to go out and take action in that space and and both tactically counter the day-to-day malicious activities or support the the entities that can go out in a more strategic environment and degrade and defend against those who go after our freedoms and our institutions so we focus on providing deep expertise to the US government on the targets the technologies the cyber defense tradecraft we have to work and there's a lot of partnerships in that so in the US government we approach these threats as a team DHS provides a mitigation role FBI does an investigative role and then we underpin both of them with support and the expertise in the nature of the foreign threats I told you I'd walk a
little through history to cyber security at NSA has been on this this this journey for a while we've been working on the information systems and the comm systems of national security since 1953 so over 60 plus years we've not only produced the security policies but we've done that hard work of deploying and developing the secure products and services that implement those policies and that's kind of a unique place to be not only just writing policies but being a practitioner of it and that's one of the things that helped me at the White House was knowing that what we do and how we do it and what others do against us on top of writing that policy was so beneficial so in the 40 years ago we were in the security business it was communication secure earlier calm sect that was really almost exclusively about protecting classified information as it traveled between two points so we wanted to keep it from unauthorized disclosure we did that by building very secure black boxes right goes into unencrypted goes out encrypted high-grade encryption careful engineering to protect that information in the 70s even the early 80s the advent of the personal computer came around we had a new discipline for computer security or Compu SEC that was still focused on protecting the information from unauthorized disclosure but it also started address additional challenges the injection of malicious code or the theft of large amounts of data on magnetic tape it was really a transition into that new information realm we saw a big copy set contribution back then there was the rainbow series of books these were descriptions by the government telling everybody how we could protect trusted systems evaluate them with guidelines on things like passwords audits Network databases risk management it was stuff in the 70s and 80s we were talking about doing all the same problems we're talking about today right I think it was the time where we were first questioning how you could be sure a computer was doing what it was supposed to do and nothing more that was a surprising question back in that day it is not today but it really was a fundamental pivot at the time we realized separately we're dealing with COMSEC on one hand protecting information is it transited and Compu sec the computers and the security there and doing those separately was no longer feasible so we started working InfoSec and quickly realized that that also was not enough that we had to worry about unauthorized modification of the information data integrity on top of just the confidentiality of identification authentication and it became really important that after a transition transaction somebody couldn't say they were they were not part of that transaction so the non repeat non repudiation portion of that I think finally eligible receiver was an exercise the government ran in 1997 that was a key moment in the US government's recognition of the vulnerabilities of cyberspace a Red Team playing as foreign adversaries were able to target significant US critical infrastructure and it shocked the national level leadership and you saw a big pivot on the way we do security and even to the point you can probably point at that and say that was one of the fundamental justifications for the establishment of cyber command back in the day so as we evolved we got we got changes even beyond information assurance NSA as I said leveraging the power of intelligence and the defensive folks we integrated those two missions at NSA information assurance didn't go away it really is an integrated whole of effort where we inform from one hand and then act with the other so the SIGINT system was also set up to work in operationally relevant time frames where we had to produce intelligence for the warfighters time and speed mattered the information assurance mission was often about standards and evaluations and other things that weren't time bounded and so that's where we are today as cyber security on top of information assurance has gotten to the point where it needs to be in an actual and in actionable timeframe
so let me pivot over to back over to the nation-states there's been a lot of talk about cyber norms I mentioned earlier 2015 there was a UN group of government experts that recommended a set of cyber norms those norms were non-binding but they were a significant step because nations came together they debated revised and endorsed those norm but norms are only norms if people follow them right so norms are only norms if people agree and are executing that way I think though with all the discussions about norms people should generally agree that most nations are behaving reasonably on the Internet I think there's four notable exceptions naming names here right calling them out and I don't think they'll surprise anybody at this conference and and I deal with them on a daily basis to the point they just flow off my tongue Russia China Iran North Korea it's it's that it's that that that easy Russia certainly their use in election in their use of cyber and election in from interference information operations military operations doesn't need an introduction Russia has used cyber tradecraft since at least 2008 in a big way when the Russian incursions into Georgia were accompanied by a denial-of-service attack against the Georgia internet service right we saw that internationally as a component integrated with the physical activities there they were taking up so at NSA we've had a front-row seat to a lot of these activities our our former Deputy Director Rick legit talked about a Russian intrusion into the State Department he called it hand-to-hand combat because unlike a lot of places where you get an intrusion and you've got an incident response and the first sign that somebody's following up on it the attackers kind of disappear and and and lock and run what we saw were these guys retarget the system administrators try to lay down new tools new techniques in places that they hadn't been to hold that ground so it really was an interaction it was kind of bold and audacious as they fought to stay in that Network and and what we see is that is often this the same way they as a state have responded in the physical world so they mimic that behavior a good example of the insidious nature of some of that intrusion I would point to the may 2018 VPN filter right where Russia actors were targeting Soho routers we saw ap t28 fancy bear
called out and the Cisco talus reports estimated hundreds of thousands of devices were affected worldwide so that that malware had really creative ways of interacting it went out and it was trying to get instagram pictures to decode out of the metadata the IP address that it should use as as command-and-control callbacks and if those those Instagram photos were unavailable then it had a domain name to know all com that it would call out to and look for instructions so between the government the commercial industry that was disrupted those channels were disrupted and you even saw FBI warned everybody reboot your devices right disrupt the Russians command and control of this large army of bots we were going to see this was effective at knocking down that command and control but and that's the big but that I haven't seen really talked about much it's that there was a persistent stage one on all those routers so what it did was knocked it down if it was at a stage 2 or stage 3 implant it knocked it back to stage one which was power reboot persistent and then at that point it couldn't call back out to those two via those two methods to re-establish command and control but the Russian malware is actually still there it's still on those routers and if you know the secret handshake packet wake up knock you can go in and you can still talk to and control those routers and put a stage two or three back on so I guess I asked you know what do you think the odds are that the actors in Russia who put those down kept a list of the IP addresses that they put their malware on I think it's pretty high so what we really need is we need industry looking at an easy way because again these are consumer devices these are deployed that people can check for that persistent backdoor and that they can they cannot get off their machines in a real way right that's the kind of thing we're up against and that's um that's what I'm talking about in the the way that they're massively controlling and and and chasing big parts of the internet I think you know what we and the government did with that FBI warning that was a battlefield medic putting a tourniquet on something we need to get him into the hospital and do surgery and get him out of there so I'll leave that as a thought so so summon up Russia they seem the most willing perhaps the most skilled of our emissaries in seeking strategic outcomes and in and through operations that involve cyberspace but it doesn't have to just exclusively be cyberspace when we're talking China the immense volume of operations is the thing that I think comes to mind for most people first so we see them stealing stealing intellectual property and back in 2015 we got together our government and theirs to reach a commitment that we wouldn't steal for commercial profit we would start some cyber dialogues about the security in the space and fire I said we saw 90 percent drop off in cyber intrusions after that increment was reached from the government we don't have the specific stats but we saw a similar comparable drop-off but however kind of like like other intrusions China continues what they did was certainly certainly became more refined and even improve their tradecraft after learning from some of those compromises I would point to recent activity like the cloud hopper intrusions where they're targeting managed service providers to get in and underneath the whole wide array of businesses and then be able to move through those msps to exploit the businesses above them as a sign that you know they're still in this space so we're focused on cloud hopper with other allies other like-minded nations and trying to work work out ways to get them out of the infrastructure layers that gives them big advantage same thing that the social credit services that they're setting the social credit system highlights the totalitarian nature's of the way they look at the internet and the technologies and even a long term focus on the technologies that are going to be pervasive whether it's 5g or artificial intelligence quantum those things show that they're trying to stay ahead and use that tactical advantage and then even perpetuating a domestic legal regime where they they have to have intellectual property transfer from companies who want to do business with or in China so participating in the Chinese markets using their national laws to kind of edge people in ways that are not exactly cyber but aimed at some of the same outcomes again theme here that a lot of countries are looking at more than just cyber operations but cyber in part of a bigger larger activity so Iran as US and Iran entered into the nuclear agreement framework talks 2015 Iran really seemed to curtail a lot of the destructive cyber activity against Western interests they still went against Saudi Saudi Aramco and other big issues there but we saw was denial of service campaigns that had been disrupting the banks and targeting the banking industry dropped off a lot they even came after at one point a Las Vegas casino right where the CEO had made had made some public statements about wanting to wanting to attack Iran and so they took came back and defaced the the casinos web sites so what we see is Iran willing to use their cyber influence in in real world operations at a level that is targeted and malicious that we don't see other states behaving in similar ways so I think of nodal note you know when when bilateral relations between Iran and Saudi Arabia decreased we think that was a major factor in the January 2017 dated deletion attacks in Saudi and so you know as we move to a point where the US has just reimpose sanctions on Iran there's a lot of focus on how are they going to respond and one opportunity they have is certainly in the cyber realm so I know as NSA we're going to be
very vigilant and watching closely in that space the world needs to join in and be ready to push back if that's a tactic in a in a in a way of acting that they're going to take up we've got to be on guard and then over to DPRK so I would say DPRK has been some of the most consistent right they haven't shifted they've always seen cyber as an effective tool of state power but what we have is confirmation that that they're going to use cyber in every strategic activity they have when we put mishel defense systems in South Korea one of the plans of the US government was to expect cyber probing cyber efforts from DPRK to come at those systems as they went on the peninsula I think the disruptive attacks they've undertaken against Sony well understood but they've been hitting South Korea banks infrastructure government for several years we would expect that to continue right they don't have a lot to lose and there's a not a lot of levers we can use in that space to discourage it the biggest place that they stand out amongst nation-states is looking to steel hard currencies they hit the bank of Bangladesh for 81 million dollars in a theft and through the Swift Network they continue to do crypto currency thefts continue to target banks looking to get hard Western currency and it really shows the the way that as a nation-state they're engaged in criminal behavior so where do we need to be cybersecurity really is a team sports we in government absolutely recognize we can't do this alone if you look at strengthening cybersecurity it can't be something driven out of Washington DC I think the greatest progress happens from the bottom up not the top down and that you know as I talked about the election hacking village and other things that go on in forums like this and it companies in our industry it's a place where we've got to be prepared and figure out how to let that drive from the bottom up NSA has some unique expertise and capabilities that we track and coordinate the the overall federal efforts there is sector specific knowledge across the federal government places like Treasury who understand the financial industry energy who understands the power industry that that we can supply cyber expertise to and they know domain issues so that coordinated cross sector government industry to protect is vital a good example of where industry brings knowledge that we just don't and won't have Microsoft recently highlighted intrusions against a senator's email and what that shows is these companies like Facebook taking down Russian troll accounts they are going to know things on their platform and be able to see things that the government couldn't and shouldn't write and so there's got to be this connection as we work against those government nation states that are behaving badly at the federal level and they see some of the things on their platform there's got to be this virtuous cycle where there's engagement I think in in terms of social and in our our society the the Russian election madelung the the Russian divisive Mis they're trying to so is top of mind I think many of you heard the director of NSA general Nakasone set up a Russia small group he brought together people across cyber command and NSA to focus in on this problem and use the intelligence capabilities we have I think it will be a key component of informing DHS who can who contract to the state and locals what threats they're up against that sharing relevant threat intelligence with DHS getting in into the multi-state information sharing and analysis center the election I sacks other places like that so when it comes to Russia the recent policy pronouncements really made it clear that any attempt to go after our and interfere with our elections successful or unsuccessful really is a direct attack on our democracy and it's unacceptable so I think we're resourcing that the national defense strategy laid out a role for DoD and you're gonna see us resourcing and pushing into that so I've talked in the past about the intrusion life cycle I laid out you know as an attacker the mindset of an attacker how you go against a well-defended heart and target and you know you can argue about the way stops in between but you basically have to cascade through these activities to find your way in and exploit and make use of systems so there are points on these steps that we've got to think with a defensive mindset about breaking up interrupting and and and in disrupting their their ability to have success so it's worth your time if you're involved in any sort of defensive activity or you even want to protect yourself at home to go after and look at this kind of model and think through where your weak points and where can your heart because what you need is layered defense one thing I can't state in strong enough words really the basics matter right the basics totally matter ignoring the basics get you caught up in massive cyber casualty effects like wanna cry ignoring the basics Latta nation-state adversary tear into you get to their objectives easily and likely route into the point where you're gonna be hard-pressed to know if they're still in after you remediate the basics give a beachhead for much harder follow-on exploitation ignoring the basics will give you a beachhead for that harder to follow on so I think regardless of the changes in technology and there's some really cool innovative defensive things coming on if we don't have the discipline to stick to the basics the cool stuff really doesn't matter past present future it's going to rely on doing the basics because no matter how skilled an adversary is you know my time in the past at NSA you only use what you absolutely need right attackers are gonna limit the sophistication of what they're doing so
in that you know there's there's a host of things that we need to do where where it runs from no kid and get that multi-factor authentication out it matters you know enabling logging doing the analysis paying attention and for me I harped a lot in the USENIX talk I gave years ago about knowing your network because attackers don't care what you think you have connected they go after what you have connected and if you know if the if the shadow IT in your infrastructure gives them away in they're going to take that they're going to use that opportunity and go on so the
reality of where we are is that we're all living on commercial technology in the past the US government used to build used to build black boxes used to have isolated government networks we now live on that same commercial technology that banks industry critical infrastructures and we as citizens live on and there's a reason there's a Patch Tuesday right the day that stuff comes out is the day that people start picking at it and poking at it it's going to overtime erode and and people are going to learn flaws so it's important we keep up with that it's not that this tech is either good or bad we've got to have a way where we deal in that gray zone and if you're a static target if you're not improving evolving and moving with technology you're gonna fall so don't be you know that victim that doesn't doesn't move and gets to be a victim of technical debt so for me asymmetric advantage is the private sector and the government working together in that because what we found is we used to have a lot of expertise on this stuff you think cryptography the government had that monopoly today we do not a lot of the a lot of the innovation a lot of the brainpower is gonna be on the west coast it's gonna be an industry it's going to be in private companies and increasingly it's gonna be international - right there's not gonna be this huge dominance in Silicon Valley we're gonna see what the investments going on in Asia and elsewhere we're gonna see others rise with really important things that they can contribute so a coordinated approach is important so you know I'll leave you with a thought here if you know if you'll like this challenge and it's going to be a challenge for years and you want to be part of doing hacking for good you want to see using some of these skills to defend the country come to NSA you can be part of that I can tell you you can come back to Def Con and not worry other three-letter agencies may be waiting here for you to write so we can do that hacking stuff in a legal way you got to be Clarabel so sorry I know there's a heavy foreign contingent in here but we'd be happy to talk to you go to the NSA website so we're cyber going
it really means that we've got to innovate we've got to be engaged every single day we've got it we've got to counter the people are engaging us at a level below the threshold of war and the people are gonna make the difference in that so I've run past my time they're
about to give me the hook but I'll wander I think we're gonna go to the chill-out room if somebody's got a specific question thank you for your time and attention [Applause] Oh [Applause]