Two of the Five Eyes share their cyber priorities.
GCHQ Director Jeremy Fleming addresses the 9th Annual Billington Cybersecurity Summit. He describes the threat, the importance of imposing costs, and the centrality of allied cooperation. Nathan Mitchell Photography
By The CyberWire Staff
Sep 11, 2018

Two of the Five Eyes share their cyber priorities.

Among the Summit's highest profile presentations were keynotes by Jeremy Fleming, Director of Britain's Government Communication Headquarters (GCHQ) and General Paul Nakasone, Director of US Cyber Command and Director, National Security Agency (NSA). They were clear that the special relationship between the agencies they lead is strong, and they were equally in agreement that cyberspace is now a principal arena of great power competition.

The view from Cheltenham: current, immediate engagement with the threat.

GCHQ Director Jeremy Fleming, before describing his organization's cybersecurity priorities, opened with a graceful acknowledgement of the long-standing partnership with US intelligence agencies—the two countries are now in their seventy-seventh year of signals intelligence. That partnership now extends to important areas of research, particularly in artificial intelligence and quantum computing. And while GCHQ's partnership with NSA is especially close and longstanding, GCHQ now has working relationships with other US agencies. They work with the FBI, for example, especially in child protection, and there's extensive cooperation in the offensive against online terrorism, especially that form of online terrorism represented by ISIS.

He also addressed the revival of great power competition "The threat from Russia is real and active," Fleming said. "It will be dealt with strongly by a team of allies." The attempted assassination in Salisbury of Sergey and Yulia Skripal by GRU-administered nerve agent showed that the threat manifests itself in many ways, not all them confined to cyberattacks. "A mixture of traditional and emerging threats is causing us to rethink our approach to security."

Fleming 's address came just after Prime Minister May's confrontation of Russia with the results of the UK's investigation of the attack. Russia had immediately denied any responsibility or complicity, but Fleming's direct attribution of the attack to the GRU admitted of no doubt or ambiguity—in GCHQ's view the evidence is clear. Fleming worries about the UK sustaining a national-level, critical cyber event that could produce much more widespread effects than hitherto seen. 

There would clearly be costs imposed for such actions. Those costs could take any available form, as Prime Minister May had said when she addressed Commons about the Salisbury attack. Fleming spoke with approval of the US indictment, a few hours before his keynote, of a North Korean operator on charges related to the Lazarus Group's attacks against US targets, including Sony Pictures.

He commended several measures to the audience. GCHQ's National Cyber Security Centre (NCSC) has been working on an Active Cyber Defence Program that aims at automated protection against cyberattacks. The program has already seen significant results in reducing phishing. Other experiments are under way.

And Fleming also staked out a position in the crypto wars. He sees access as essential to operating successfully against terrorists and organized criminals. "GCHQ is engaged in developing a solution that would enable responsible access without compromising privacy. The Government is in favor of encryption and doesn't wish to undermine it." But the ubiquity of encryption has enabled terrorists and criminals to hide. Responsible encryption would require cooperation with tech companies. "Here, as elsewhere, proportionality is key." 

His final area of concern is telecommunications infrastructure. Tech supply chains are irreversibly globalized. We need controls to balance investment, trade, and security. "Wherever technologies originate," Fleming said, "they must have robust cybersecurity built in at their core."

He closed by saying that we have an opportunity to keep our citizens, societies, and economies safe—and that's "something worth shooting for."

The view from Fort Meade: a strategy of persistent engagement.

General Paul Nakasone, Commander, US Cyber Command and Director, NSA, began his keynote by saying that he was speaking in his capacity as Commander, US Cyber Command, and then moved to some general considerations of strategy. He described Samuel Huntington's influential 1954 paper on transoceanic strategy. Huntington posed a question to the US Navy: what value do you provide that justifies the resources you receive?

The question might seem a curious one, given that the US Nay had less than ten years before emerged victorious in the largest naval war the world had ever seen. But that suggests why the question was worth considering. The US Navy faced no peer rival; there was nothing like the Imperial Japanese Navy to oppose it. Thus the fleet couldn't continue to structure itself as it had before and during the Second World War. Huntington proposed a new strategic concept, eventually largely adopted by the US Navy: power projection to contribute to the containment of the Soviet Union.

Nakasone maintained that today we face a similar shift in cyberspace, which has become an arena for great power conflict. Many adversaries are now skilled at operating below the threshold of kinetic military response. Great power competition has reemerged, and this competition is the environment that has shaped US Cyber Command and its mission. 

He recounted the brief history of US Cyber Command, which began when Operation Buckshot Yankee served as the catalyst to stand up the Command. Its Cyber Mission Force, four years in development, is now operational. Joint Task Force Ares was established specifically to thwart ISIS, and to deny the terrorist group the impunity to operate in cyberspace that it had formerly enjoyed. And the present chapter of Cyber Command's history is marked by its elevation to become the tenth US Combatant Command.

In Nakasone's view, the Arab Spring of 2011 was a turning point of world affairs. "We watched civil protest topple regimes. Dictators and autocrats also took notice, and began to weaponize information to control their citizens." Russia and China have learned to defend their borders in cyberspace, and to extend national power into grey areas beyond their borders. Iran and North Korea have also developed capabilities along these lines, lesser, but active and threatening nonetheless.

"The nation is in constant contact with adversaries in cyberspace," Nakasone said. "There is no pause, and there are no safe havens." Dominance in cyberspace can only be thought of as temporary. Our adversaries pursue "nibbling strategies" to make incremental gains short of war. They wish to stay below the kinetic threshold. This is the environment in which the United States and its allies much act together.

He proposed persistent engagement as the new model. Under this concept, we would defend forward and counter adversary actions. A strategy of persistent engagement recognizes that we must act as threats emerge, and not simply respond to incidents. We will also pursue persistent presence and persistent innovation.

"It's not the big that eat the small," Nakasone concluded. "it's the fast that eat the slow."

In a fast coda at the end of his remarks, General Nakasone wanted the conference to understand one thing about the near term of the persistent engagement he proposed. There is, he said, no higher priority for US Cyber Command and NSA than the security of the US midterm elections.