NSA Director: Evolving Cyber Threats Require Deeper Public-Private Partnerships

Gen. Paul Nakasone testifies during a Senate Select Committee on Intelligence hearing about worldwide threats in April.

Gen. Paul Nakasone testifies during a Senate Select Committee on Intelligence hearing about worldwide threats in April. Saul Loeb/AP

“This is not Cold War 2.0 and China is not the Soviet Union,” Gen. Paul Nakasone said. 

The government has long leaned on partnerships with companies and academia to advance technology, but according to one top cybersecurity leader, the complexities of the modern conflict landscape warrant cross-sector collaboration that goes deeper than any before.

“I do think that there is a realization that we can't do this alone,” Gen. Paul Nakasone said Tuesday night at an Intelligence and National Security Alliance-hosted dinner in Virginia. “So, this partnership has to exist—and it's got to get even more powerful.”

Nakasone, the commander of U.S. Cyber Command and director of the National Security Agency, outlined areas of investment his team is pursuing in the face of new strategic challenges. They include talent, technology and partnerships. He also shed light on a new partnership NSA is embarking on with the National Cryptologic Foundation to advance future-facing research and build pipelines for cybersecurity jobs.

“Let me talk a little bit about the strategic environment we see today. It does begin with China—that presents our greatest political challenge of our time,” Nakasone explained. “This is not Cold War 2.0 and China is not the Soviet Union.” 

In his view, China and other nation-states are aggressively pursuing their own interests while undermining America’s by pushing misinformation and using disruptive infrastructure operations that in some cases are impacting the United States’ national security and power. “The dawn of the digital age made clear that the oceans no longer afforded the physical protection Americans previously enjoyed,” he added.

“Let's review the past 11 months—so, Microsoft Exchange, Colonial Pipeline, defense supply chain attacks. We've had zero-day vulnerabilities and we've had implants. That’s 11 months. Now, think about that in terms of what we were thinking about as an agency and a command even a year ago. If someone said, ‘Hey Paul, is ransomware a threat?’ I’d have probably said something along the lines of ‘Well, that's maybe a crime and I'm sure law enforcement will take care of that.’ But we don't live in that world anymore,” Nakasone said. “We can’t live in that world anymore.”

To better meet modern risks, Nakasone said NSA and Cyber Command are actively forming new partnerships with outside entities looking to cooperate. Through the recently launched Cybersecurity Collaboration Center, he said, NSA is working with more than 100 defense industrial base companies and their cybersecurity providers to provide timely, agile and bi-directional cooperation to help combat cyber threats. Nakasone noted that the agency also currently has contracts with more than 1,800 large or small commercial companies and academic entities. “The technology, services and products provided via these partnerships underpin all of our operations and provide robust security to our nation,” he said. 

And the cyber lead also announced a new and formal collaboration between NSA and the National Cryptologic Foundation.

“The NCF will create opportunities for the public and private sectors to engage on cybersecurity and national security issues,” Nakasone explained. “This is a force multiplier for us, and especially for our ability to enhance a cybersecurity education across the country.” 

First established as the National Cryptologic Museum Foundation, NCF was originally intended to support that museum with artifact acquisition, exhibits, and activities. Over time, the foundation’s mission broadened to include an education program that supports building a channel of students to enter cryptologic and cyber-related fields, which center on securing information through advanced techniques. 

NCF President and CEO Laura Nelson told Nextgov in an email on Wednesday that the foundation and agency have a longstanding connection and began partnering up in 1996.

“While the NCF and NSA have had a relationship over a number of years, this newly expanded partnership is the first that we have officially established with a federal government organization,” Nelson explained. “NSA and the NCF are committed to collaboration in addressing multiple challenges in the cyber domain and contributing to a whole-of-nation approach to cybersecurity and growing cyber talent.” 

Goals of the alliance support findings from the Cyberspace Solarium Commission regarding the need for improved cyber-oriented education. 

And each of the entities will have their own responsibilities. The NCF will provide K-12 webcasts and podcasts on cryptologic topics to pique the interest of students in seeking careers in the realm. Working with NSA's Center of Academic Excellence program office, the NCF will also partner to integrate its High School Cybersecurity Curriculum Guidelines, middle school cyber threat awareness materials, and virtual gaming into robust workforce pathways, Nelson confirmed. Public and private exchanges on critical cybersecurity topics aimed at advancing the understanding of national cybersecurity challenges and opportunities will additionally be convened. 

“Every aspect of life in the U.S. has a digital/cyber component, which has created increased security vulnerabilities in the U.S.,” the CEO said. “This partnership is focused on creating a sense of national urgency across multiple sectors in the U.S. to enhance cybersecurity and grow cyber talent.”

At the dinner, Nakasone further emphasized that “in this era of strategic competition, government, academia and industry partners must work together as a coalition with shared risks, shared goals and shared solutions.”