What Former NSA Chief Keith Alexander Thinks of Trump's Cyber Stance

Retired Gen. Keith Alexander speaks to media outside the West Wing of the White House, in Washington, Tuesday, Jan. 31, 2017.

Retired Gen. Keith Alexander speaks to media outside the West Wing of the White House, in Washington, Tuesday, Jan. 31, 2017. Carolyn Kaster/AP

The former NSA director hopes Trump will allow government to more actively defend industry from cyberattacks.

Former National Security Agency Director Gen. Keith Alexander wants government to take a more active role defending private-sector networks from cyberattacks and he thinks President Donald Trump can help make that goal a reality.

Alexander was one of several cybersecurity experts who met with Trump and former New York City Mayor Rudy Giuliani shortly after the inauguration to discuss early-stage plans for a major government push on cybersecurity.

Alexander declined to provide details about the closed-door portions of that meeting, but told Nextgov he was impressed with the new president’s demeanor and his interest in the issue.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

“I was impressed with the way he took on advice and came back with questions,” Alexander said. “I think, if the nation could have sat in and watched it, they would have said, ‘that’s our president; that’s what we need done.’ I’m very upbeat based on that.”

He also hopes Trump will allow the Defense and Homeland Security departments to pivot from responding to private-sector breaches and cyberattacks after they happen to more actively preventing adversary nation-states and other cyberattackers from penetrating U.S. companies’ networks in the first place.

“Here’s the question: Is defense of the country incident response or preventing an attack?” Alexander said. “In the [Obama] administration, it was incident response. That means after the attack. That means, the missile landed and blew up the city and now, we’re in there cleaning up. If that’s your city, you’d say, ‘we’d like to stop that missile' and that’s what we should be doing [in cyberspace] in my opinion.”

Industry, however, has been hesitant to share the sort of information about its internal networks that would allow government to help repel an attack before it happens—partly because of concerns about government surveillance prompted by NSA information shared by leaker Edward Snowden.

Legislation signed by Obama in 2015 shielded companies from legal liability in exchange for voluntarily sharing cyber threat information with the government and nevertheless took many years to pass.

Nextgov spoke with Alexander on the sidelines of the RSA Cybersecurity Conference in San Francisco. The transcript that follows has been edited for length and clarity.

Nextgov: President Trump has said he wants to make government cybersecurity a major priority. What should he do?

Alexander: If you were to step back and look at government at large, the biggest problem that you see is antiquated infrastructure, IT staffs that are not fully resourced with the best talent, departments and agencies struggling to maintain the competence levels that they need.

Especially on the civilian side of government, the first thing that comes to mind is, if we were a corporation, how would you start to consolidate? I assume that we’ll walk down the road.

Nextgov: Government has attempted to consolidate IT numerous times in the past and run into a lot of stumbling blocks.

Alexander: This is where President Trump will come in. It’s a business decision. If we were running government like a business, we’d do this. It’s the logical thing to do and you’ll save money and get better security. So, get on with it. Departments and agencies will say, ‘I don’t want to do this because I don’t want this guy to run my stuff.’ The reality is, get over it.

Nextgov: It sounds as if you’re bullish on Trump’s business experience making a difference.

Alexander: Everybody has some levels of reservation, but I’m bullish because I think he’s going to approach this[and this is] why he was electedas a business person vs. a politician. You want to save money? You want to do a better job? Here’s how you do it. Wha-chhhh! [Karate chops the air.] Everyone says, ‘well, there’s political things.’ ‘I’m not looking at politics. If you’re running the government like a business, you’d do it today.’

Nextgov: Will this mean more opportunities for cyber and IT contractors?

Alexander: I think those opportunities will probably remain consistent. The key would be those firms that can see the vision of where you’ve got to go.

Nextgov: Do you expect something that goes beyond consolidating and improving IT and security?

Alexander: Step two would be, OK, what’s the role of government?

There’s actually two sets of roles and responsibilities for government: to protect themselves and their data and to protect the nation. You have to have a mechanism of sharing information that can go at networks speed—information about attacks that are coming in at networks speed that the ‘defend the nation team’ can see.

Nextgov: Does that mean more cyber threat information sharing between the Homeland Security Department and critical infrastructure?

Alexander: It actually goes far beyond that. What’s DHS’ job?

Nextgov: To protect the nation domestically?

Alexander: No, DHS’ job is actually incident response and to set standards. DOD’s job is to protect the nation. If the nation is under attack, DOD is supposed to respond, but DHS is the ones that sees [the attacks].

Nextgov: But there are gray areas like the Sony breach where DHS is the lead response agency because they don’t reach the level of armed attacks against the U.S.

Alexander: I’m not a constitutional lawyer, but when you read the preamble to the Constitution, there’s a phrase in there: 'provide for the common defense.' You and I believe, as physical people here, that we’re protected from a foreign army coming in and shooting us. If a foreign power were to come in and destroy our infrastructure with bombs, should our military protect us? Yes. Now, what about when cyber is a prelude to that first step?

Nextgov: Do you think DOD should play a larger role in domestic cybersecurity?

Alexander: That’s where the administration has to sort out the rules of engagement. The real question is, should the constitution be re-written ‘for the common defense of some, not all, not you Sony and not you Target? If you’re hit by nation-state actors, well, sorry, good luck with that?’ No. It’s the common defense. And it’s hard, but it’s doable.

Nextgov: There was an early sense Trump might pivot to relying more on the military for domestic and critical infrastructure cybersecurity. Should he do that?

Alexander: I don’t know where specifically he’ll come down on that. I think what he’d say is, ‘how’s it going to work? Show me how you’re going to defend the country?’

I think the administration is wrestling with this. My experience, in sitting down with the president, is he was very thoughtful. He asked great questions. I saw a version of the president I thought the rest of the nation needs to see.  

Nextgov: Are you concerned either the hiring freeze or the administration scandals so far will get in the way of the Trump administration accomplishing what you want it to?

Alexander: No. With the hiring freeze, the question is how much government do you need. The new heads of departments and agencies need to come in, look at what they have, where they can save, what they should do. That’s a good thing to do.

On the second part, I have no greater insight than you do on that. I think they’re going to do the right thing. Standing up a new team in government, even if you have 60 days to prepare, you can’t do all of it.

It’s in our best interest to see this country doing good and we should be doing the best we can to help the current administration, whether we voted for him or not, accomplish what’s good for our country. It seems to me that the rhetoric that was pre-election continues. My comment is: Wouldn’t it be better if we argued over how we help government get it right?

Nextgov: Do you think the concern about Gen. [Michael] Flynn [who recently resigned after acknowledging discussing sanctions relief with Russian officials before Trump’s inauguration] was a result of pre-election rhetoric?

Alexander: I wasn’t in the team in there. I’ve met him and knew him from before, but I didn’t work directly with him. I suspect that he did that for the good of the administration.

Nextgov: Should he not have resigned?

Alexander: I don’t know. I don’t know what went on the room, so it’s pure speculation. I will tell you, by and large, the team he’s selected are really good people.

Nextgov: The government presence at cybersecurity conferences has risen since you came to Black Hat in 2013 in the wake of the [Edward] Snowden leaks. Is that a good thing?

Alexander: It’s a good thing. This is not two nations, an industrial nation and a government. It’s ‘one nation, under God, indivisible’ and we haven’t done that. We’ve missed that in our approach. The government is here not for the government. It’s for the people and for industry. The more government reaches out, the more it talks to industry, the better it is and what industry and the people want is for the government to protect our nation.

We should be cheering them on like we do at the Olympics instead of nitpicking them like we do today. We’re running around fighting with each other and the bad guys are throwing arrows at us. We should be thinking about what we can do to fix government, defend our country, work with our allies. Do you think terrorists stopped and said: ‘They’ve got a new team in there. Give them a few months before we come in. Give them an even chance.’ That ain’t happening. Same thing in cyber. 

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.