NSA chief wary of proxies

Admiral Michael Rogers speaking at George Washington University on May 11, 2015.

At a May 11 appearance at George Washington University, Adm. Michael Rogers, head of the NSA and Cyber Command, said nation-states might increasingly turn to proxies for cyberattacks. (Photo by Sean Lyngaas)

As the U.S. government’s ability to pinpoint the source of cyber behavior grows more precise, nation-states could increasingly turn to proxies to carry out attacks, according to National Security Agency Director Adm. Michael Rogers.

“One of the trends I look for increasingly in the future … [is] do you see nation-states start to look for surrogates as a way to overcome our capabilities in attribution?” Rogers said May 11 in remarks at a cybersecurity event at George Washington University.

U.S. officials consider accurate attribution, which is supported by the NSA’s vaunted cyber capabilities, to be an important method of deterring cyberattacks. Rogers has said publicly that the NSA’s software analysis identified North Korea as the perpetrator of the large-scale hack of Sony Pictures Entertainment in November.

Rogers, who is also head of U.S. Cyber Command, said at GW that it was important for the U.S. to promptly identify the culprit of the Sony Pictures hack and to talk publicly about possible responses to the attack, as President Barack Obama did when he vowed to respond to the digital siege of the movie studio “in a place and time and manner that we choose.” Rogers added that he “didn’t want anyone drawing the conclusion … [that] perhaps this is within the realm of the acceptable.”

Nonetheless, attribution in cyberspace can be very difficult because adversaries have myriad ways of hiding their tracks.

While nation-states have always been capable of creatively masking their footprints, there has been little incentive for them to do so because retribution from victims of cyberattacks has been rare, according to Tony Cole, vice president and global government CTO at FireEye.

“If real cyber norms get established between nations and they include extradition agreements for violations, then we can expect to see higher levels of sophistication across the board to further muddy the attribution waters,” he told FCW.

Rogers also touched on another key component of the U.S. government’s cyber deterrence strategy: the ability to launch attacks. Referring to what he said was the offensive component of the cyber strategy Defense Secretary Ashton Carter unveiled last month, Rogers said, “We think it’s important that potential adversaries out there know that this is part of our strategy.”

About the Author

Sean Lyngaas is a former FCW staff writer.


  • Federal 100 Awards
    Federal 100 logo

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

  • Government Innovation Awards
    Government Innovation Awards -

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.