NSA chief explains new cyber directorate

The National Security Agency's new cyber directorate wants to bridge gaps between government agencies and the defense industrial base, according to the agency's chief Gen. Paul Nakasone.

"NSA's new cybersecurity directorate, which opened for business last week, will give us a laser focus on these challenges," said Nakasone, who also leads U.S. Cyber Command, during an Oct. 9 keynote at the FireEye Cyber Defense Summit in Washington, D.C.

Nakasone named three reasons behind standing up the cybersecurity directorate, which is headed by Anne Neuberger and stood up Oct. 1: to combat an evolving threat landscape, capitalize on ability to set security standards and make vulnerability assessments, and enhance partnerships with Cyber Command, Homeland Security, FBI and industry.

"It's not enough to just generate and share insights and set standards," he said. Instead, the directorate aims to "prevent and eradicate cyber threats in national security systems and critical infrastructure," with an initial focus on the companies that build and maintain defense and weapons infrastructure and accompanying capabilities.

"We must better protect our nation's advantage in the defense sector from intellectual property theft," he said. To assist with that, NSA is looking for the directorate to enhance its cybersecurity advisories, Nakasone said. The NSA issued one Oct. 7 regarding multiple advanced persistent threat actors and virtual personal network vulnerabilities.

Nakasone said the directorate will also help meld intel from inside and outside the U.S. to improve the U.S. cybersecurity posture in fruitful but an unclassified manner.

"Our customers are in an unclassified space," the intelligence chief said, which means process changes are needed. Rather than just feeding agencies "very sensitive intelligence at a high level; we've got to look at that differently," he said.

Nakasone has long believed that when it comes to cyber threats, more than information sharing is required.

"How do we have the ability to read in more key leaders of industry onto the security clearances necessary so they can take a look at some of the things we were able to garner?" the then-head of Army Cyber Command said during a 2017 INSA conference panel. "At the same time, how do we quickly form a partnership without a bevy of lawyers to work with the private sector?"