China not ahead of U.S. in cyber and surveillance, NSA head says

Gen. Paul Nakasone, head of the National Security Agency and U.S. Cyber Command, said emphatically that China is not ahead of the United States when it comes to offensive cybersecurity and surveillance capabilities at a think tank appearance on Thursday.

"There is a scope, scale and sophistication that we ascribe to what China is doing today," Nakasone said at the event at the Center for Strategic and International Studies. "Are they getting better? Yes." 

Nakasone, who has served in the ‘dual hat’ role of NSA director and commander of USCYBERCOM since 2018, expressed confidence in the integrity and assurance of classified networks operated by the U.S. government — an area under his purview by law. Nakasone said his confidence comes from the results of ongoing "hunt forward" operations that look for clandestine activity on U.S. and allied networks. 

"We don't necessarily believe it, because we think it. We believe it because we test it, we exercise it, it's the whole idea of being persistently engaged on our adversaries," Nakasone said.

He also noted that he continues to be concerned by the prospect of China's cyber operatives "positioning themselves in different critical infrastructure elements of the United States, our allies, our territories, to perhaps utilize in the future. Why are they doing that? Why are they in our critical infrastructure? So that's the thing that we are addressing today."

One key to the U.S. competitive advantage in cyberspace is the relationship between the government and the private sector.

Nakasone said discussions with Mandiant Founder and CEO Kevin Mandia following the cybersecurity firm’s discovery of the SolarWinds hack in 2020 helped spur on the idea of creating an “unclassified facility outside of our agency where the private sector and our agency can talk'' about issues vital to national security. 

This led to the establishment of NSA’s Cybersecurity Collaboration Center, which Nakasone said is currently engaging with more than 400 different private sector companies across the defense industrial base to better address a host of national security concerns. 

“They talk to us because we have this incredible element of intelligence that comes from our work outside the United States,” he said, adding that “being able to bring the power of what our agency and command does” to issues such as ransomware, supply chain risks and zero-day vulnerabilities through these discussions is key to mitigating potential threats.

“This is what we’ve learned from Russia-Ukraine,” he added. “Being able to leverage the private sector, being able to work with the private sector, being able to understand what the private sector is doing is tremendously important.”

Nakasone also noted that the agency is currently working on an AI roadmap to guide its use of emerging technologies, which includes examining how NSA engages with key private sector companies to let them know “what we need” and ensure that “they understand that being able to protect their intellectual property is critically important in that environment that we live today.

“The generative models that have come — the large language model — provides this great opportunity, not only on the signals intelligence side, but also the cybersecurity side,” he added. 

Beyond forging partnerships with key private sector companies, NSA is also looking to staff its workforce with more employees who have tech sector experience. Agency officials told Nextgov/FCW in February that the agency is working to bolster its workforce by directly recruiting professionals who were let go by large tech firms amid a wave of layoffs across the industry.

Nakasone said the agency is looking to hire “the next generation of those that will contribute to our national security,” with NSA hoping to bring on over 3,000 new personnel this year and dramatically expand its civilian workforce over the next five years.