Ransomware is a top concern, but the agency is also looking ahead to defending networked weapons and post-quantum encryption.
Ensuring the U.S. has next-generation encryption necessary for the post-quantum era and reversing the recent increase in fallout from ransomware attacks are among National Security Agency cyber officials’ top areas of focus in the near-term.
“Six months ago, ransomware was not a huge priority for NSA. We had cybercrime elements being worked, but it was primarily viewed as a law enforcement issue and law enforcement had to lead. They still have that huge role,” NSA National Cybersecurity Directorate Director Rob Joyce explained on Wednesday. “But what we're doing is stepping up with a surge on ransomware issues to help the FBI, [U.S. Cyber Command], even things like the Treasury and State departments—because what we can do is we can inform their ability to get after the criminals.”
Joyce for decades has served in government cybersecurity and intelligence capacities, including in high-profile roles like special assistant to the president and White House cybersecurity coordinator. The directorate he now leads is only a couple years old and was formed partly to help the government track and eradicate foreign hacking campaigns and evolving cyber threats. He assumed his current position early this year, when his predecessor and close colleague Anne Neuberger was tapped to join President Joe Biden’s administration as the National Security Council’s deputy national security adviser for cyber and emerging technology.
During a discussion with Cisco Systems Senior Federal Strategist Andy Stewart at the Billington Cybersecurity Summit, Joyce outlined topics that NSA insiders will be centering their attention on in the months to come.
Threats from “big, nation-state adversaries”—namely Russia, China, Iran, and North Korea—have long been a focus, he noted. Now officials track the countries' roles in the recent rises in cybercrimes and ransomware that increasingly targets schools, hospitals and other essential institutions.
The security of defense weapon systems is another concentration moving forward, according to Joyce.
“We've been fighting in Afghanistan, Iraq and Syria for a couple of decades, right—the post-9/11 era is all about the insurgency fight,” he explained. “Those insurgents were not coming at our technology and capabilities. And as the U.S. worries about near-peer adversaries now, as we worry about the China threat, those are countries that have the capability to exploit us when we do things weakly or ineffectively.”
To that aim, NSA will be assessing weapons platforms and relevant systems holistically, to ensure that Americans, not those from competing nations, best grasp the networks that underpin those assets.
“We've got now, you know, wings with computers strapped on them. We float computers on the ocean. We launch computers with rocket engines on them,” Joyce said. “We don't think of our weapons systems and weapons platforms in that way—but in reality, they don't function without those computer networks. How do we harden them, defend them and even instrument them, which is often a gap in that world.”
Another priority for the NSA’s cyber teams will be to help pave the way for next-generation encryption ahead of the launch of the first quantum computer. The quantum era of supercomputing could emerge in the next two decades. It poses the potential for systems that can operate at unprecedented speeds, calculate the unimaginable and decode modern encryption mechanisms that protect private information and communications.
“So, we've got to be rolling out that post-quantum capability today to secure today's secrets for decades into the future,” Joyce said.