 For our final panel today, and thanks so much for spending your time with us as Called what is the future of cyber security our colleague Peter singer doing an interview with? General Paul Nakasone who is the commander of us cyber command and also the director of the national? security agency chief of the central security service so again, thank you and if I tried to list all of general Paul Nakasone's Accomplishments and is over three decades of service to the nation it would use up all our interview time So I'll just sum it up by saying that when it comes to national and cyber security. He's been there and done that His roles have ranged from command at the company battalion and brigade level to Assignments in the US Korea Afghanistan and Iraq to finally serving as both commander of US cyber command And director of the national security agency since 2018 During what has been in arguably one of the most dynamic times and not just cyber security history But overall national security general. Thank you very much for joining us Thanks Peter. It's good to see you again So let's jump right in as you come to the end of your time in military service Can you take us through how it started and evolved? What were some key lessons that you've learned along the way? Peter I was commissioned through the ROTC program at the end of the Reagan administration So I enter an army as a career intelligence officer Really at the kind of the height of the Cold War And what I see is first of all the demise of the Soviet Union I see the rise of the Balkans and then I'm at the Pentagon on 9-11 And I think I would characterize everything in my military experience pre 9-11 and post 9-11 And so from the post 9-11, you know opportunities like many of my peers to serve in Iraq and Afghanistan But in 2007 I landed the national security agency to command a brigade And I just happened to be at a time and a place where cyber is taking off I've seen our experiences in Iraq where we were able to bring signals intelligence to warfighters in the front end and Also seen in 2008 the penetration of our classified networks And so I'm there for the stand-up of US cyber command. So I guess a person has been fairly lucky in their experiences through their career So let's look at what's changed over that period of time Let's break it down What was the biggest change that you've seen within the military during that period and Then secondly, I'd like to ask you what's the biggest change in terms of the types of threats that you've been dealing with So for the military again I entered the military right after Goldwater Nichols has been signed and I would tell you the Dramatic change in our military is the ability to operate as a joint force. I Come into a service, you know, that's very parochial in the late 80s But by the 90s we have learned the lesson that it is all about being joint And the way that we're going to do things in the future is through a joint force and my experiences in Korea and Iraq and Afghanistan Reinforce this idea that if we're going to have success It's going to be part of the joint force and with that comes this realization that with the joint force We're able to take this concept this tenant that we've always talked about intelligence driving operations and Actually make it make it real and this is what we have done really since I would say since about 2005 So when you say make it real, can you give an a non classified example to illustrate that for us? Yeah, I saw it specifically, you know in 2006 2007 all the way in the mid-2000s in Iraq and Afghanistan when you had first of all our special Operations forces and then our conventional forces take what is you know Incredibly sensitive information from the National Security Agency and be able to utilize that a series of missions where they're actually able to Drive their operations one mission three missions five missions sometimes multiple missions in a night And this is not just on our very elite operators, but also on our conventional forces So let's talk about that threat side of things and the change in it So over the course of your career as you laid out, you know, you went from having to think about The Warsaw Pact Soviet Army to then Iraq to then insurgents Taliban to now great power competition Talk to me about how it's not merely the way the threat has changed But the way that you as a leader have to think about that threat I think the last portion is really important Peter because This idea of critical thinking being dynamic in your thoughts is something I've seen very successful leaders do throughout my career remember, you know, we come in with Really a bipolar world where we're all thinking about the full to gap We transition to Connor insurgency violent extremist organizations And then we're coming back to great power competition where the lessons that you learned in the late 80s suddenly are coming back in You know the mid-2000s and from that I think that I would say is that You know your ability to understand, you know, what are your competitive advantages? How do you think differently about the threat? How do you apply our competitive advantages to the threat? Are what makes very successful leaders and obviously separates those that have been successful from those that have been less successful as well So we've got some folks listening who um weren't around for that Lessons from the 80s in the Warsaw Pact that are coming back What's a particular lesson that you see coming back from that period of a different kind of great power competition? But there are some parallels Well, I think, you know, we we come back to deterrence, right? I mean deterrence is something we all studied As we came into the military in the late 80s as something we practiced I think we, you know lost a little bit of our operational knowledge of it, you know as Connor terrors and violent extremist organizations played out and now it's coming back But I think what's different and the way that I've seen it in cyberspaces It's not necessarily that our, you know, what we do have changed But how we do it needs to change and so when we think about deterrence, how do we use information differently? How do we use intelligence differently? How do we use our technology different to, you know, be able to signal to our adversaries of our capabilities? So let's go um into that area that is uh fundamentally different because, you know, literally it didn't exist back then which is Having to develop cyber strategy. So you've been part of doing this at both an organizational but also a national level First, what do you see as the essential elements of cyber strategy? Peter, I've seen four different cyber strategies from our department 2011 2014 2018 and now the the latest one that's coming out in the coming weeks Really successful strategies. First of all Are able to depict the strategic environment in which we are in Okay, that's one of the things that's necessary for strategy But the big piece that I think successful strategies have is being able to identify The one way or the one mean that we're going to get to our ends Much more successful. Let me give you an example I think 2018 is a watershed moment in terms of the way that department of defense approaches cyber everything up to that We were relatively passive We'd have an intrusion we would lose data. We would have an intruder in our networks And then we would go to to clean it up in 2018. We said this is going to stop We are going to have a much more proactive approach. This is defend for this is an idea of operating outside the united states To be in constant Contact with our adversaries to understand what's going on for us cyber command This is persistent engagement informing and acting and so to your question is you have to describe the strategic environment but importantly Describe exactly the ways and the means that you're going to get after to make a difference in what the strategic environment is telling us today So that's a really interesting that you've been there to witness and and been part of the creation of multiple different strategies So, um, I'd like to ask you and I'll put on my professor hat. I'd like to ask you To evaluate Not the strategy itself, but how we build strategy What does the us do well in terms of the building of strategy? and What do we need to up our game on when it comes to this building the process of developing strategy and cyberspace I think the u.s. Military Does very well at a doctrinal approach a methodology upon which we build a strategy We've done this. We have a doctrine that that Identifies how we do it as army officers learn this in leavenworth. You learn this at the army war college You learn this in your joint force training. It's very laid out. I think we we write a lot of strategies I think the challenge that I see with strategy right now is that we tend to be so siloed within the military That we forget that there's you know, there's other means upon which we can accomplish our outcomes How do we look differently at the interagency? How do we look differently at the intelligence community? How do we look differently at the private sector? These are all incredibly important in the environment in which we live today Particularly in the domain in which I operate which is cyberspace if you're going to write a strategy You're not talking about the private sector or you're not talking about international partners What's the value of the strategy going to be? I would say probably less than What you're hopeful and so I think the challenge that we have is we've got to think broadly about how we're going to bring different players into And make them a part of our strategy and ensure that we you know at somehow incorporate their contributions or what we need from Their contributions to be successful on our own ends Thank you. So you're at a um Important moment of transition Both for the nation but also for you personally As you look back, what are you most proud of? in your tenure at cyber command and the nsa and in turn Are there any areas of unfinished business so to speak? Personally, I would go back to 2018 and it's a russia small group I come out of my confirmation hearings knowing that There's going to be a safe and successful election the midterms in 2018 Or there's going to be a new commander and a new director of nsa And so we got after it very quickly. We brought together the best of nsa and us cyber command. He said, hey, this is our end We're going to get a safe and successful election for the midterms in 2018 And what really kind of grew from that or a number of different ideas that set the course for us at both our agency and command Things like hunt forward operations, you know today we've done 50 different operations 23 different countries 77 different networks with partners to hunt for adversaries This is an idea again. That's you know akin to our defend forward our persistent engagement It also brings in this idea of the private sector. So on the fall of 2018 we say hey, we found all this malware Let's look at a you know a a civilian company to see if they've ever seen this malware before So this private public partnership is actually demonstrated then And so what grows from the russia small group is first of all on the agency this idea that we need a cyber security director And a year later we do that what grows from that is that hey, what we are doing Is not going to change. We're going to do signals intelligence cyber security and cyber operations at both our agency and command But the how is dramatically different. We're going to operate in the unclassified space We're going to operate with public sector partners. We are going to be able to publish things like cyber security advisories that we released to the nation in the world This is different and this is all from the russia small group Let me talk a little bit about unfinished business for us I've talked about china as the generational challenge for our nation Our current generation our children our children's children It is a different nation in terms of the competition that we are experiencing now with china as we look to the future My sense is is that we will continue to have this very very high level of competition But if we want to ensure that the future is one where we're able to Protect our homeland and continue to Protect our lives and partners. We have to address the challenge that is china The diplomatic information military economic power of this nation is different than we have ever experienced In terms of the agency unfinished business for me is really focused on our people in the next five years We're going to hire half of our civilian workforce. We have to think differently about talent management. How do we onboard people? How do we train people? How do we do hybrid work? How do we look at things like well-being that is you know akin to what we saw what we needed during covet 19 And then on the command side the unfinished business for us really is getting to sustain readiness Our op temple has increased dramatically How do we take service like authorities and blend them into what we are doing and get the experiences of A force that is always ready and always able to continue to do multiple missions at one time This is the unfinished business for us. Peter So as you know, I work in that um space between both non-fiction but also sometimes Fictional future. So I'm going to ask your help um, can you paint a scene of What cyber security and cyber warfare will look like 10 years from now? What will be the same? What might be different? Let me begin with what I think the same is uh, I think success in the future will always go to Uh, the nation or the the activity that has the best people and are able to leverage the people And being able to apply those people in a manner that Gets sufficiently to the end state that they're trying to reach. That's not going to change I don't think that the nature of warfare is going to change in terms of being violent and bloody and incredibly Uh, challenging for a nation state But here's what I think is going to change the fact that speed is going to change dramatically We see it in our domain. What was once weeks has become days What has become days have become hours in the future will be down to seconds in terms of what we're going to have to be able to process What we're going to have to be able to do Secondly my sense is that partnerships are going to change if we are going to be successful particularly in the domain in which I operate Cyber space we have to have a much broader range of partners We have to have partners that are not only within our government But are within the private sector that are international partners that are academic partners that allow us to get after very very tough challenges in a very quick manner And the last thing that I think is going to change is is obviously I think we will see you know a continuing challenge with regards to How do we leverage the technology that is so quickly changing what we're doing whether or not it's artificial intelligence Machine learning whether or not it's encryption whether or not it's future quantum These are the things that we're going to have to master as first of all a joint force and then obviously as policy makers as well So you've been very generous with your time. So I'd like to close by asking one last question that in many ways is You know behind the scenes for some in the audience, particularly those at the start of their careers Is their advice that you would give to someone? just entering the field of national and cybersecurity Tips for for how to thrive in the way that you have So I think I'd begin peter with the idea that Treat your treat your work as both as a profession and as being a professional One of the things that I think I've been the beneficiary of has been really a career of continued education Uh, and whenever I was moving towards another rank or a new job It seemed like the service had sent me back to further training This is part of being a professional and being a profession. I've also had the the great fortune to work with incredible leaders People that really set the tone both in the policy making and also the operational force You know a series of of different folks on the joint force A series of folks of army leaders whether or not it's been Keith Alexander or stan mccrystal or others They have really kind of shaped this idea of what a professional does and how they operate The second piece is is that I've learned from my experiences that One of the key things that you have to bring to your work is passion It's passion. I mean you get up in the morning and what you do matters And you feel as though what you do matters and you get excited to go to work Obviously, some days you're more excited than others But the key to success here is that find something just you're passionate about And when you find that passion You know continue to continue to look at being a professional and in enhancing the profession And the last thing I would share and this is probably a bit parochial, but I think many in Many with my experience would say the same thing It comes back in many ways to small unit leadership When you're a rising cadet Before you get commissioned one of the things that they do is they teach you to be a small unit leader A fire team leader or squad leader and those lessons have never really left me Set the example lead from the front Establish and maintain standards being able to articulate guidance clearly Moral and physical courage, you know, it seemed like at the time when you're learning those things, okay Okay, I got it But every single job every single day that I I spend here within the agency and command I come back to the same principles And so small unit leadership really was among the most essential things that I learned early in my career