Army Lt. Gen. Paul Nakasone is the new leader of U.S. Cyber Command and the top secret NSA, the National Security Agency.
After hearing the Secretary of Homeland Security warn digital foes about the use of cyber warfare at RSA, we wanted to know about the Lt. General's views as he takes control of America's cyber warfare capabilities.
Here are seven quotes he gave during his confirmation hearing that paint a picture of where he is coming from—and where the United States is going in cyber.
#1 - We need increasing deterrence in cyberspace
"I believe it is possible for actions in cyberspace to have a deterrent effect and contribute to the Nation's overall deterrence posture. Effective deterrence requires a whole-of-government approach, however, and cannot rely solely on efforts in cyberspace. The current level and tempo of cyber attacks is not tolerable. Our adversaries see opportunity for strategic advantage through continuous activity in the domain. We must act purposefully to frustrate their intentions, increase their costs, and decrease their likelihood of success."
#2 - Several red teams are defending Department of Defense systems against cyber enemies
"The Department has a robust, defense in depth approach that employs multiple capabilities at different levels in our networks and enables our defenders to generate tailored effects and mitigation strategies. Notably, the employment of DoD's nine certified cyber red teams in a 'persistent cyber opposing force (OPFOR)' role, as well as the growing use of innovative 'Bug Bounty' programs in the Department, leads to the continuous testing and strengthening of our information networks’ defense."
#3 - How to define U.S. cyber weapons
"Our network is our weapons platform."
#4 - This is a 'defining moment' for the U.S. in cyberspace
"When I first started working cyber, operations were often just concepts, and when conducted, performed ad-hoc by technical specialists on loan from other organizations. Now, a mature and highly-capable Cyber force is built and in the fight, aggressively defending our network, conducting daily operations against adversaries, and strengthening the combat power and lethality of U.S. forces around the world. We are at a defining time for our Nation and our military. Near-peer competitors are posturing themselves, and threats to the United States’ global advantage are growing—nowhere is this challenge more manifest than in cyberspace."
#5 - Big believer in agile
"I support the Agile approach to cyber capability development and support the Department transitioning from its traditional development process toward a more responsive and flexible approach. In today's cyber environment, the traditional acquisition model delivers a solution to a problem too late to be operationally impactful."
#6 - Who should defend privately owned critical infrastructure?
"This issue should not be viewed in a binary manner. We should look to help each other. For example, the Cybersecurity Act of 2015 facilitates the sharing of threat information in a bidirectional manner. While the responsibility for protecting privately-owned networks lies primarily with the system owner, the U.S. Government has the responsibility to defend national interests more broadly."
#7 - China and Russia are America's top cyber threats
"I consider China a strategic competitor, whose cyber capabilities pose a high threat to U.S. government and commercial networks. China is using its cyber capabilities to support intelligence collection against U.S. diplomatic, economic, and defense industrial base targets important to U.S. national security... China is a near-peer competitor in cyberspace."
Russian: "As the most technically advanced potential adversary in cyber space, Russia is a full-scope cyber actor, employing sophisticated cyber operations tactics, techniques and procedures against U.S. and foreign military, diplomatic, and commercial targets, as well as science and technology sectors. Russia will likely continue to integrate cyber warfare into its military structure to keep pace with U.S. cyber efforts, and conduct cyberspace operations in response to perceived domestic threats. Also, Russian cyber actors’ have demonstrated the intent and capability to target industrial control systems found in the energy, transportation and industrial sectors."