Setting Standards for Cyber Security


Nov 14, 2014

Richard Danzig, Adm. Michael S. Rogers, and Michael E. Leiter at RAND's Politics Aside 2014

Richard Danzig, Adm. Michael S. Rogers, and Michael E. Leiter at RAND's Politics Aside 2014

Photo by Alex Cohen/RAND Corporation

Developing international norms and standards about appropriate cyber security activity by nations, groups and even individuals is key to governing online activity in the future, according to U.S. National Security Agency Director Adm. Michael S. Rogers.

Just as a set of agreed-upon norms helped guide behavior over nuclear weapons during the Cold War and paved the road for arms treaties, forging agreement about broad parameters for security activity online is needed to guide nations in the future, Rogers said.

Rogers made his comments during a panel discussion today at Politics Aside, RAND's postelection event that brings together policymakers, philanthropists and RAND experts for a nonpartisan examination of pressing policy challenges.

Panelist Michael E. Leiter, former director of the U.S. National Counterterrorism Center, noted the conflict between the United States and China over cyber spying and questioned whether those conflicts could be mediated in the future.

“There are going to be times the United States and China do not agree. But we need to keep talking to each other,” Rogers said. “We will not get anywhere if we don't talk to each other.”

Panelist Richard Danzig, former U.S. Secretary of the Navy, asked Rogers if the NSA and other branches of the government had done enough to educate the public about the online activities of U.S. security agencies.

If the government and the National Security Agency had engaged the public in a wider discussion about its goals and activities, Rogers said he suspects there would not have been such a large outcry about disclosures that the agency was collecting U.S. phone records.

But he noted that the public has much to learn about cyber security issues. On one hand, individuals seldom scrutinize security disclosers made when using a piece of personal technology. But those same people may react negatively to disclosures about lawful activities taken by national security agencies.

Rogers said the contrast underscores the need for all members of the U.S. public to both better understand today's technology and engage in a serious conversation about expectations for privacy, national security and activities that occur online.

“I hope it does not take something drastic for us to sit down and deal with this,” Rogers said. “This is not going away. It's fundamental to our future.”

Warren Robak