Skip to content
Don't miss

Get the daily Cyber Briefing in your inbox

SIGN UP
Podcast

Revisiting Offensive Cyber Discussion with Adm. Mike Rogers (Ret.)

Season 2 Episode 49 •

Show Notes

In this re-releases episode of Cyber Focus, host Frank Cilluffo sits down with Admiral Mike Rogers (Ret.), former Commander of U.S. Cyber Command and Director of the National Security Agency. Rogers shares insights from his leadership across two administrations, discussing offensive cyber operations, the evolution of Cyber Command, and pressing national security challenges. The conversation spans from undersea cable vulnerabilities to public-private integration, the future of quantum and AI, and the enduring need for clarity in cyber policy. A decorated Auburn alum, Rogers reflects on lessons learned, historical inflection points, and what must change for the U.S. to stay ahead in the cyber domain.

Main Topics Covered:

  • Shifting to a proactive cyber posture: persistent engagement and defend forward
  • The evolving role of Cyber Command and comparisons to SOCOM
  • Vulnerabilities in undersea cable infrastructure and space-like situational awareness
  • Lessons from Ukraine on real-time public-private integration
  • Strategic implications of AI and quantum technologies

Key Quotes:

“I believe that what [offensive cyber actions] we ought to authorize is not just going after infrastructure but directly going after capability within those nations that are generating these effects against us.” — Adm. Mike Rogers

“If you’re going to deter an entity, they have to have some level of awareness of both [your] capability and intent.” — Adm. Mike Rogers

“If you had asked me five years ago when I left Cyber Command, would a foreign entity, in this case a nation-state, upload destructive malware into critical U.S. infrastructure in a time of peace?… I would have said to you… there’s a low probability. Boy, I got that wrong.” — Adm. Mike Rogers

“I think it requires a little precision in how we discuss these matters. Because not all hacks are the same, not all hackers are the same, not all intentions are the same, not all capabilities are the same. [Not] everything is an ‘attack’.” — Frank Cilluffo

“I’m not interested in collaboration; I’m interested in integration. I’m interested in a real-time situational awareness between government and the private sector.” — Adm. Mike Rogers

Relevant Links and Resources:

Guest Bio: Adm. Mike Rogers (Ret.) served as the Director of the National Security Agency and Commander of U.S. Cyber Command from 2014 to 2018. A four-star admiral with a distinguished 37-year career in the U.S. Navy, he helped shape modern cyber strategy at the highest levels of government. Since retiring from active duty, he has advised Fortune 500 companies, startups, and global institutions on cyber, intelligence, and national security issues.

Transcript

1
00:00:00,000 –> 00:00:01,000
Frank Cilluffo [00:00:01]:
Welcome to Cyber Focus from the McCrary Institute, where we explore the people and ideas shaping and defending our digital world. I’m your host, Frank Cilluffo. This week we’re revisiting an important conversation on offensive cyber operations.

2
00:00:01,000 –> 00:00:02,000
Frank Cilluffo [00:00:17]:
At a time when the stakes are only growing, the tools, tactics, techniques and procedures and authorities in this space continue to evolve. And in the coming days, the McCrary Institute will be releasing a new paper that digs many of the issues we touch on in this episode.

3
00:00:02,000 –> 00:00:03,000
Frank Cilluffo [00:00:34]:
To help frame that conversation, we’re going.

4
00:00:03,000 –> 00:00:04,000
Frank Cilluffo [00:00:37]:
Back to a conversation I had with Admiral Mike Rogers, an Auburn alum who served as Director of the National Security Agency, Chief of the Central Security Service and commander of U.S. cyber Command. Before that, he led Navy’s 10th Fleet, its operational cyber arm. And Mike brings a unique perspective on how offensive cyber fits into deterrence, war fighting and day to day competition in cyberspace. I hope you enjoy and stay tuned for our new report.

5
00:00:04,000 –> 00:00:05,000
Frank Cilluffo [00:01:09]:
So I thought we’d start with lot of discussion these days coming from National Security Advisor Mike Waltz and many other leaders on the fact that we need to be more proactive and lean forward in our cyber posture. And, and I think it’s important that people also recognize when you were at Cyber Command, you also played a significant role in the defense strategy that did lay out persistent engagement, defend forward. And if I’m not mistaken, even in your commander’s intent, you highlighted the significance.

6
00:00:05,000 –> 00:00:06,000
Mike Rogers [00:01:42]:
Check it out.

7
00:00:06,000 –> 00:00:07,000
Frank Cilluffo [00:01:43]:
Looking at it holistically, right?

8
00:00:07,000 –> 00:00:08,000
Mike Rogers [00:01:44]:
And I was very fortunate. I served under both President Obama and President Trump. I felt that we needed to be more aggressive in cyber. I utterly failed to convince President Obama and the team to do that, but I worked hard and was successful in convincing President Trump that we needed to change that. So, you know, I, I, because I do believe, look, we need to inject more uncertainty into the calculation of the individ of these entities that are conducting attacks and penetrations against us. And the more we kept publicly saying, well, we think cyber’s escalatory, we’re just not going to do cyber cyber. I thought, why would we automatically take something off the table? We should decide on a situational basis is offensive cyber applicable, rather than just saying to ourselves, hey, we’re not going to even consider it. I just thought that was a little ridiculous personally.

9
00:00:08,000 –> 00:00:09,000
Frank Cilluffo [00:02:35]:
And I would agree, my sound bite’s been, we’re never going to firewall our way out of this problem alone, so we have to look at it in totality. But, but what do you think that looks like? I mean, it’s easy to sort of from a policy standpoint and strategic perspect, explain what offensive capabilities are. And I think it’s fair to say we have been leaning forward a little bit. Yes, yes.

10
00:00:09,000 –> 00:00:10,000
Mike Rogers [00:02:58]:
So what you saw at the end of the Biden administration was their public acknowledgment that they were doing cyber offensively. Now, what they were doing is important when you think about how you potentially use cyber offensively to preclude an adversary’s ability to conduct cyber against you. Let’s take Salt Typhoon, for example. To me, you got two broad options. Number one, you can try to go after the commercial infrastructure that the adversary is using. So in this case the Chinese, the Russians, rather than attack directly from infrastructure in the PRC to attempt to obfuscate themselves, they will use commercial infrastructure. And the previous administration announced they were going after that infrastructure. But my view always was, look, the adversary can always go get different commercial infrastructure.

11
00:00:10,000 –> 00:00:11,000
Frank Cilluffo [00:03:50]:
Exactly.

12
00:00:11,000 –> 00:00:12,000
Mike Rogers [00:03:51]:
It’s not really going to stop them. My view was in specific targeted instances on a very defined condition. And it’s a major policy decision. It’s not something you just would automatically delegate.

13
00:00:12,000 –> 00:00:13,000
Frank Cilluffo [00:04:05]:
The Cyber Command commander to say, hey, execute this whenever we see it. I believe that what we ought to authorize is not just going after infrastructure, but directly going after capability within those nations that are generating these effects against us, that we should be able to go after specific targets, whether it be those actors that are executing this kind of activity. Second, PLA, Ministry of State Security, the GRU, the FSB in Russia, do or do you also consider potentially, well, why don’t we consider putting at risk the same infrastructure in their nations that they are penetrating in ours now, again, it’s a specific policy discussion. Cyber is only one dimension of the potential range of options that you consider. I’m the first to acknowledge that. But my sense is don’t take them off the table. Right? My sense is, number one, don’t take it off the table. Number two, another argument I always used to make is you just don’t do these overnight.

14
00:00:13,000 –> 00:00:14,000
Mike Rogers [00:04:06]:
The Cyber Command commander to say, hey, execute this whenever we see it. I believe that what we ought to authorize is not just going after infrastructure, but directly going after capability within those nations that are generating these effects against us, that we should be able to go after specific targets, whether it be those actors that are executing this kind of activity. Second, pla, Ministry of State Security, the gru, the FSB in Russia, do or do you also consider potentially, well, why don’t we consider putting at risk the same infrastructure in their nations that they are penetrating in ours now, again, it’s a specific policy discussion. Cyber is only one dimension of the potential range of options that you consider. I’m the first to acknowledge that. But my sense is don’t take them off the table. Right? My sense is, number one, don’t take it off the table. Number two, another argument I always used to make is you just don’t do these overnight.

15
00:00:14,000 –> 00:00:15,000
Mike Rogers [00:05:06]:
We need to prepare. We need to understand the battlefield. We needed to do reconnaissance. Which again goes to your previous comment about one of the ideas that we were always pushing at Cyber Command was this persistent engagement and engagement forward. We said, hey, let’s understand the terrain forward, outside the United States and its networks, and let’s also understand the adversary’s activities in some of those terrains outside. Because we could also learn about, well, if they’re doing this in Ukraine, if they’re doing this in Europe, we’re likely to see the same kinds of techniques, the same kinds of methodology used against the US and our view is if we got smarter about the adversary, it would increase the probability of successful defense for us.

16
00:00:15,000 –> 00:00:16,000
Frank Cilluffo [00:05:46]:
Absolutely. And not to point fingers because I think all administrations, but it’s also a policy making challenge. Right. At the end of the day, do we have the bright lines, the red lines in the silicon? Do you think we need.

17
00:00:16,000 –> 00:00:17,000
Mike Rogers [00:05:58]:
No, the reality is we don’t have red lines. When you see it, the reality is right now we don’t have those deadlines red lines. I think what we need to do is try to do a better job of articulating what is acceptable and what is unacceptable behavior. Behavior and then tying response to specific behavior. The part that would used to frustrate me was, and I can remember losing this one time in the sit room where I was just getting frustrated about a discussion. And again, that only happened once. Well, and again, no disrespect to the team, this is during the Obama administration and the discuss. We’re having a discussion, National Security Advisor, the president, national security leadership.

18
00:00:17,000 –> 00:00:18,000
Mike Rogers [00:06:42]:
When we’re having a discussion about what was the appropriate response to much of this cyber activity that we were seeing that nation states and criminal groups directing against US infrastructure, US Companies, targets within the government. And the conversation I kept hearing was we don’t want to respond. This would be escalatory. And I got a little frustrated over time and I said, could you guys help me understand why is it that we are sending the signal to the Russians, the Chinese, the Iranians and the North Koreans that this is almost acceptable behavior on their part and we’re not going to respond and at least respond in a meaningful, effective way that’s going to change your calculus and in a.

19
00:00:18,000 –> 00:00:19,000
Frank Cilluffo [00:07:28]:
Way that’s almost visible in public. Because I would argue there’s been some saber rattling that happens in the clandestine world. But at the end of the day, you also want to induce changes in other people’s behavior. Right. If you don’t respond to X, North Korea is going to respond and say.

20
00:00:19,000 –> 00:00:20,000
Mike Rogers [00:07:43]:
Hey, that’s because part of the concept of deterrence is if you’re going to deter an entity, they have to have some level of awareness of both stability and intent. Yeah, exact to understand you have both capability have intent. And just the one, well communicating you have intent. On the other hand they might say, sure, right. We’ve heard this before. You know, what do you really got?

21
00:00:20,000 –> 00:00:21,000
Frank Cilluffo [00:08:04]:
And that gets to a question you teed up with the People’s Republic of China and the Communist Party using commercial entities. You also have a big issue now with proxies. It gets difficult to discern sometime who’s the puppet, who’s the master. And in China’s case, maybe there’s some moonlighting going on for non government activity.

22
00:00:21,000 –> 00:00:22,000
Mike Rogers [00:08:24]:
Because you saw that with Volt type Volt Typhoon, which is Chinese penetration emplacement of destructive malware within segments of the US Electrical grid, where it was and water and transportation. Government developed malware that was provided to a non government entity in China and they were given a target and the malware to upload.

23
00:00:22,000 –> 00:00:23,000
Frank Cilluffo [00:08:47]:
Whereas in Russia’s case, it’s sometimes criminal enterprises who are given sort of the protection of. Right.

24
00:00:23,000 –> 00:00:24,000
Mike Rogers [00:08:55]:
They’re always. Our view, always seemed to be. There was a bit of a quid pro quo. Hey, look, we’ll leave you alone as long.

25
00:00:24,000 –> 00:00:25,000
Frank Cilluffo [00:09:01]:
As long as you’re willing to engage.

26
00:00:25,000 –> 00:00:26,000
Mike Rogers [00:09:02]:
In the following kinds of activities.

27
00:00:26,000 –> 00:00:27,000
Frank Cilluffo [00:09:04]:
Well said, by the way, since you brought up Volt Typhoon. To me that seems like a line was crossed in the sand.

28
00:00:27,000 –> 00:00:28,000
Mike Rogers [00:09:10]:
Yeah. Now, I’d be, I would be the first of it. If you would ask me five years ago when I left Cyber Command. Would a foreign entity, in this case a nation state, upload destructive malware into critical US Infrastructure in a time of peace or short of conflict? I would have said to you, highly escalatory. Boy, I would think there’s a low probability. Boy, I got that wrong. I mean, clearly we’re seeing the PRC’s risk calculus is very different.

29
00:00:28,000 –> 00:00:29,000
Frank Cilluffo [00:09:39]:
And, and I do think that’s very different than espionage and very like Volt Typhoon. I mean. Right. In a weird way you say hats off. I, I mean, not acceptable.

30
00:00:29,000 –> 00:00:30,000
Mike Rogers [00:09:50]:
Well, I think that goes to what types of behaviors? Look, I don’t think realistically you’re going to get nations to stop the use of cyber for espionage.

31
00:00:30,000 –> 00:00:31,000
Frank Cilluffo [00:09:58]:
Yeah. In fairness, we’re not gonna exactly.

32
00:00:31,000 –> 00:00:32,000
Mike Rogers [00:10:01]:
We’re not going to stop doing it. I wouldn’t expect the Chinese shock.

33
00:00:32,000 –> 00:00:33,000
Frank Cilluffo [00:10:03]:
There’s gambling going on in the casino. Exactly. So.

34
00:00:33,000 –> 00:00:34,000
Mike Rogers [00:10:06]:
So to me, if we think Focus on behavior, it’s. While we may not like it, I suspect we’re going to define that as acceptable or something. We don’t think we’re going to be able to determine. On the other hand, things like we’re seeing with emplacement of destructive destructive malware in critical infrastructure. Going after health.

35
00:00:34,000 –> 00:00:35,000
Frank Cilluffo [00:10:28]:
Exactly.

36
00:00:35,000 –> 00:00:36,000
Mike Rogers [00:10:28]:
Hospital, potential light loss of life or injury, you’re going. Wait, that, you know, going after search, for example. A nation’s ability to re establish cyber functionality, network connectivity, that to me falls, hey, that’s not acceptable behavior.

37
00:00:36,000 –> 00:00:37,000
Frank Cilluffo [00:10:44]:
Exactly.

38
00:00:37,000 –> 00:00:38,000
Mike Rogers [00:10:45]:
That’s the kind of behavior to me we got to focus on trying to deter.

39
00:00:38,000 –> 00:00:39,000
Frank Cilluffo [00:10:47]:
And I still feel like we’re playing kid soccer when we talk about this issue. Cyber attack, everything is an attack.

40
00:00:39,000 –> 00:00:40,000
Mike Rogers [00:11:05]:
Well, right now I’m the first to admit, as a military, I would always say, could we be a lot more precise around the world attack as, as a military individual attack is a specific legal connotation to me. And scanning is not the same, is not the same thing, etc, But I do think it goes to. So we need greater precision and greater definition in terminology and intent. We need to realize there is a public communications component to a strategy. We need to.

41
00:00:40,000 –> 00:00:41,000
Frank Cilluffo [00:11:37]:
The bad guys understand too. Right.

42
00:00:41,000 –> 00:00:42,000
Mike Rogers [00:11:39]:
We need to realize that there is precursor activity so you can actually conduct offensive. You just don’t wake up one day and say, hey, I’m going to conduct an offensive. It takes preparatory work. So there’s precursor activities that you need that enable success. There’s the techniques that you will use, plus the specific targets you’re going after. There’s a broader policy discussion about what’s appropriate in a particular serial, what’s not an effect space. There is attribution concerns about, hey, what’s your confidence level that we truly understand? Have we accurately identified who the actor is that we are responding to? And we have high confidence. Those are all very valid concerns.

43
00:00:42,000 –> 00:00:43,000
Mike Rogers [00:12:18]:
And then lastly, remember the idea that a response to an event executed via Cyber, say salt typhoon or volt typhoon as examples. The default does not have to be on our part. Well, if they came at us in Cyber, we have to go back. My attitude always was case by case basis, and let’s consider a spectrum of.

44
00:00:43,000 –> 00:00:44,000
Frank Cilluffo [00:12:39]:
Capabilities that would include cyber.

45
00:00:44,000 –> 00:00:45,000
Mike Rogers [00:12:42]:
My biggest thing was, but could we just consider cyber rather than taking it off the table.

46
00:00:45,000 –> 00:00:46,000
Frank Cilluffo [00:12:46]:
Well said. And one thing that I’ve been impressed with, and tell me if I’m just being foolish here, but the fact that you’re starting to see attribution with multiple logos on it, all five eyes, maybe minus the kiwis, but, but, but at the end of the day you’re starting to. That’s a good thing. Yeah, it means we’re getting comfortable.

47
00:00:46,000 –> 00:00:47,000
Mike Rogers [00:13:06]:
You’ve seen a journey where there’s both increased Focus among multiple nations and even within nations to include government and the private sector about. Let’s come to a broad consensus as to exactly who this actor was that did this. Let’s come to a consensus about how they did it so we can learn from it and potentially share that knowledge with others so it doesn’t happen again. And then let’s also think how we might act in a coalition or a multinational kind of framework to identify it because it’s much more effective that way. So it’s not just the US beating the drum about hey China is always bad. That’s not an effective exact strategy for us.

48
00:00:47,000 –> 00:00:48,000
Frank Cilluffo [00:13:43]:
Exactly. And attribution is getting better and better and better and better. And now that we’re actually naming names you better have some consequences for to.

49
00:00:48,000 –> 00:00:49,000
Mike Rogers [00:13:52]:
Induce changes in that I always thought was the first step in a process that’s designed to generate an outcome. Exactly.

50
00:00:49,000 –> 00:00:50,000
Frank Cilluffo [00:14:00]:
In itself it could be dangerous.

51
00:00:50,000 –> 00:00:51,000
Mike Rogers [00:14:02]:
That’s it. Well we attributed it and that’s it. I always thought ah come on, this is the first step in something longer here.

52
00:00:51,000 –> 00:00:52,000
Frank Cilluffo [00:14:07]:
Well said. Well said. Another issue and, and just before we transition and pivot to another topic, I, I mean I think you were at, at Cyber Command when NSPM 13 was promulgated. National Security Presidential Memorandum.

53
00:00:52,000 –> 00:00:53,000
Mike Rogers [00:14:22]:
Right. So I, that the memo is just that self was. So you helped shape it. One of the last things I did was I attended the last Principles committee meeting where we, where we got the authority to we were going to change and then it was actually signed out in August. I left in April, did the last PC and then we actually between April and August. General Nakasone my relief, you know he and the team and others worked on. Okay so let’s rewrite. And it was actually then promulgated In August of 18 if my memory is.

54
00:00:53,000 –> 00:00:54,000
Frank Cilluffo [00:14:54]:
Correct and I would just foot stomp here that I think that was probably the most significant piece of guidance coming from the White House to enable some of our.

55
00:00:54,000 –> 00:00:55,000
Mike Rogers [00:15:05]:
Yeah. My view was it was an embodiment of an argument recognized we needed to go for it. Come on.

56
00:00:55,000 –> 00:00:56,000
Frank Cilluffo [00:15:11]:
Exactly. Exactly. Let’s jump to another hot button issue that’s being debated as we speak right now. It is. You are uniquely qualified, one of only four who’s been in those two hats. This is what it gets when you were commander of US Cyber Command but you also had the four star billet as director of the National Security Agency and CSS and, and, and, and all of that.

57
00:00:56,000 –> 00:00:57,000
Mike Rogers [00:15:35]:
A lot of discussion of us that have done it.

58
00:00:57,000 –> 00:00:58,000
Frank Cilluffo [00:15:38]:
What, what do you think some of the pros and cons. And I’m not going to put you on the spot to, to decide.

59
00:00:58,000 –> 00:00:59,000
Mike Rogers [00:15:42]:
So generally first let’s, let’s ask ourselves, frame it right. Why did they decide to go that route? They didn’t. The Department of Defense didn’t have to do it that way. The thought process at the time was number one, we’re creating this new military organization to execute this cyber function in order to accelerate its development. Can we align it with wherever we think in the department? We have already made the greatest investment and have the greatest set of, of existing capabilities. The idea being that if you could partner with those existing capabilities, that existing expertise, you can in fact accelerate the development of cyber computer, it would be done faster. Hence the decision we’re going to put it at Fort Meade, we’re going to co locate it with the National Security Agency. Then we also got into a broader discussion about okay, so well, what if one person was to lead both different authorities, different budgets, but one individual to execute both functions.

60
00:00:59,000 –> 00:01:00,000
Mike Rogers [00:16:44]:
The thought process as to why the department went down that line of thought was broadly along the following lines. One, one commander could ensure unity of effort between these two organizations and could help deconflict because one of the challenges is two different organizations, two different set of authorities. So slightly different missions, but they’re operating in the same battle space. They’re both out there in the same.

61
00:01:00,000 –> 00:01:01,000
Frank Cilluffo [00:17:12]:
Networks and one might be stringing them up, the other stringing them along, taking.

62
00:01:01,000 –> 00:01:02,000
Mike Rogers [00:17:16]:
Them out this view that hey look, they’re to going be operating in the same battle space. As we would say in the military lexicon, it would be really good to have a deconflict or one individual who could make the priority about okay, this is more important than that. The second big reason I thought was speed. If you had one person shaping the activities of both action, both organizations, you would gain speed and by and increase the probability of success. You can be faster than the amateur.

63
00:01:02,000 –> 00:01:03,000
Frank Cilluffo [00:17:49]:
What do you really need inside? It’s not get back to you in a day.

64
00:01:03,000 –> 00:01:04,000
Mike Rogers [00:17:53]:
Thirdly, it was designed to. So if you didn’t, if you each had a separate individual leading them and there was fundamental disagreement as to some activity they were doing, if you couldn’t get them to agree, then you’d have to kick everything up to their mutual boss. Their mutual boss happens to be the secretary of both U.S. Cyber Command and the director of NSA work for the Secretary. And there was a thought about, given the scale of activity in Cyber, look, this is just not going to work if we have to kick everything up to the secretary to speed, certainly not to make these decisions. So again the decision was well let’s, let’s put it one level below the secretary. And the idea being also hey, with a four star as the accountable individual, you theoretically at least get someone of maturity, experience, perspective which we’ve had and you supposedly get a benefit out of that. So that was kind of broadly the thought process that led to the current structure.

65
00:01:04,000 –> 00:01:05,000
Mike Rogers [00:18:49]:
One individual, the so called dual hat who is both the commander of U.S. Cyber Command and the director of NSA. And I also remind people, look, the four star bill, it comes not from NSA, it comes from U.S. Cyber. U.S. Cyber Command is a four star job. Yep, darns are the director of NSA is the three is traditionally been a three star billet. Over time the discussion has included because this was a big deal during, during my time.

66
00:01:05,000 –> 00:01:06,000
Mike Rogers [00:19:13]:
Okay, so get the theory of the case. In the execution of this you started to get questions like is one organization holding the other organization back? Is will you get, will you get a better outcome if you, in some ways competition is the wrong word.

67
00:01:06,000 –> 00:01:07,000
Frank Cilluffo [00:19:37]:
But if there’s, there’s always some healthy.

68
00:01:07,000 –> 00:01:08,000
Mike Rogers [00:19:40]:
Right that there’s some healthiness in this and then the other big issue got to be well, span of control. So you got one person who is both going to be one of the 11 combatant commanders in the Department of Defense with global responsibilities and that same person is going to run the largest intelligence organization in the free world. I’m not just talking about the United States. It is the largest intelligence organization in the free world. And there was questioning about can one person really do all this? And I used to kid people, hey, there’s a reason why I didn’t get much sleep for four and a half years.

69
00:01:08,000 –> 00:01:09,000
Frank Cilluffo [00:20:13]:
There you go.

70
00:01:09,000 –> 00:01:10,000
Mike Rogers [00:20:13]:
It’s just what it takes to get to get the job done. So this has been an issue that in terms of this assessment of is the current structure appropriate? We’ve had multiple reviews on this. It’s come up again potentially as a, hey, should we look at it? The bottom line that I always used to, I have an opinion. But what I used to tell people is you need to start with the following question. So tell me what the problem is we’re trying to fix and tell me how whatever course of action you’re pursuing that you’re recommending is going to address the problem you’re going to fix. I always said could we step back and take the emotion out of this dual hat thing and start with the fundamental question.

71
00:01:10,000 –> 00:01:11,000
Frank Cilluffo [00:20:53]:
Actually that’s very well said. And it’s I used to think that the Title 50 agencies, the intel business, would never want to compromise a source, a method, and sometimes we shouldn’t at the expense of Title 10. But you did bring a Title 10, which is a more traditional military approach. What good is cyber if you’re not, if you don’t have the net effect and outcomes that you’re kind of trying to meet.

72
00:01:11,000 –> 00:01:12,000
Mike Rogers [00:21:20]:
It’s interesting. I didn’t find the greatest challenge as a title. The director of NSA is a title leader.

73
00:01:12,000 –> 00:01:13,000
Frank Cilluffo [00:21:26]:
Yeah.

74
00:01:13,000 –> 00:01:14,000
Mike Rogers [00:21:27]:
I didn’t find the greatest challenge was between NSA and Cyber Command. To be brutally honest, I found at times the greater challenge was between Cyber Command and the broader intelligence community, some of whom also operate in that same cyberspace. Yeah, my frustration was, and I particularly had this with my friends at Langley where I said, so could you guys help me understand this? We’re dropping ordinance in Iraq and Afghanistan in the same environment in which you are operating human networks. And we’re able to deconflict that and we’re able to coordinate that.

75
00:01:14,000 –> 00:01:15,000
Frank Cilluffo [00:22:07]:
Yep.

76
00:01:15,000 –> 00:01:16,000
Mike Rogers [00:22:08]:
Just because I used to then say, you do realize you’re talking to the individual who is running the organization that conducts more Title 50 operations in cyberspace than any other element in the Title 50 world. So could you help me understand why your view is that that structure would be, you know, incapable of making these kinds of trade offs?

77
00:01:16,000 –> 00:01:17,000
Frank Cilluffo [00:22:49]:
Yeah, no, very insightful.

78
00:01:17,000 –> 00:01:18,000
Mike Rogers [00:22:50]:
They are trade offs. I’m the first to.

79
00:01:18,000 –> 00:01:19,000
Frank Cilluffo [00:22:51]:
And they are trade offs. And that’s sort of what JSOC provided in a post 911 counterterrorism environment where you sort of had covert action, military, all that was kind of blurring. But deconfliction, trade offs and all that were being addressed.

80
00:01:19,000 –> 00:01:20,000
Mike Rogers [00:23:06]:
And I would say the good thing is in the ensuing six plus years since I left the organization as Cyber Command has matured, as the number of operations it executes continues to grow, I mean, into the thousands, there’s a much greater sense of, okay, we can in fact conduct title 10 and title 50 operations in the same battle space, but for very different objectives under different authorities. And we can coordinate and we can in fact deconflict. I’m not going to pretend for one minute that at times there aren’t differences, opinion and disagreement sometimes in the same.

81
00:01:20,000 –> 00:01:21,000
Frank Cilluffo [00:23:44]:
Person’S head if you’ve got both. So yeah, no, that’s, that’s, and, and there is another argument that other combatant commands, since NSA is also a combat support agent for all the other CO comms, are they getting second fiddle? I guess is some sometimes what you would hear, I don’t necessarily buy that.

82
00:01:21,000 –> 00:01:22,000
Mike Rogers [00:24:04]:
But right now you would hear that. My response that always was NSA is a combat support agency, executes the priorities as defined by the Secretary of Defense who defines those same priorities for all the co-coms.

83
00:01:22,000 –> 00:01:23,000
Frank Cilluffo [00:24:20]:
Yeah, yeah, well said.

84
00:01:23,000 –> 00:01:24,000
Mike Rogers [00:24:22]:
Because I can remember for example, when we did the fight against ISIS the first time I really did offensive.

85
00:01:24,000 –> 00:01:25,000
Frank Cilluffo [00:24:27]:
Yeah, yeah.

86
00:01:25,000 –> 00:01:26,000
Mike Rogers [00:24:28]:
That was on your scale.

87
00:01:26,000 –> 00:01:27,000
Frank Cilluffo [00:24:29]:
Right.

88
00:01:27,000 –> 00:01:28,000
Mike Rogers [00:24:29]:
And the Secretary said to me go Mike, this is the, this is the priority. I want you to understand that. And what I told the combatant commanders was I’m going to shift resources, I’m not going to walk away from you, but I’m going to have to reprioritize. On the other hand, I also told the NSA team six months, yep, we’re going to do this for six months and then we’re going to realign because I acknowledge we can’t alter our priorities to such an extent for, you know, for years they said the guys were not doing that, but it was a.

89
00:01:28,000 –> 00:01:29,000
Frank Cilluffo [00:24:58]:
Use case and it demonstrated potential and I would say lessons learned and success that we can lean in that.

90
00:01:29,000 –> 00:01:30,000
Mike Rogers [00:25:07]:
Oh yeah. It’s funny because many people in the.

91
00:01:30,000 –> 00:01:31,000
Frank Cilluffo [00:25:09]:
World of Cyber and I think they forget about that. They forget ISIS was, their view is.

92
00:01:31,000 –> 00:01:32,000
Mike Rogers [00:25:14]:
Well, nothing started before 2018. And I often tell my friends, do you know how we got that in this, that presidential decision memorandum? We got it because we managed to show in an actual operational environment that we could execute offensive cyber fires.

93
00:01:32,000 –> 00:01:33,000
Frank Cilluffo [00:25:28]:
Boom.

94
00:01:33,000 –> 00:01:34,000
Mike Rogers [00:25:29]:
is why we created JTF Aries for Cyber, which still. And that the confidence that that generated is what got us those authorities in.

95
00:01:34,000 –> 00:01:35,000
Frank Cilluffo [00:25:52]:
18 and demonstrated how it can be utilized. You know, I, I, I do think history gets lost. So I think that is an important chapter that even in the cyber community we live in, I’d say maybe 10% have that recognition and awareness. And, and, and I think it is important to be able.

96
00:01:35,000 –> 00:01:36,000
Mike Rogers [00:26:13]:
Well, I often kid people, hey, it’s not unique to cyber. That’s the arrogance of the now. Remember, in generally most of our experiences.

97
00:01:36,000 –> 00:01:37,000
Frank Cilluffo [00:26:19]:
Hey, yes.

98
00:01:37,000 –> 00:01:38,000
Mike Rogers [00:26:20]:
Everything that we’re doing right now is. It’s never been this hard. It’s the most important thing. It’s just that the nature of the human experience in some ways I do.

99
00:01:38,000 –> 00:01:39,000
Frank Cilluffo [00:26:28]:
Hope that we can learn from.

100
00:01:39,000 –> 00:01:40,000
Mike Rogers [00:26:30]:
But you always want to learn from.

101
00:01:40,000 –> 00:01:41,000
Frank Cilluffo [00:26:31]:
Yeah. My dad used to always say obviously learn from your mistakes, but even to learn, even better to learn from the mistakes.

102
00:01:41,000 –> 00:01:42,000
Mike Rogers [00:26:38]:
Those who fail to appreciate and learn from history are doomed to repeat. And that is not necessarily a good thing.

103
00:01:42,000 –> 00:01:43,000
Frank Cilluffo [00:26:44]:
Well said. I’m going to put you on another hot button.

104
00:01:43,000 –> 00:01:44,000
Mike Rogers [00:26:46]:
Okay.

105
00:01:44,000 –> 00:01:45,000
Frank Cilluffo [00:26:47]:
And that’s Cyber Force. A lot of discussion. We recently had your the other Mike Rogers talking a little bit about this. I’d be very curious what your thoughts are there, Frank.

106
00:01:45,000 –> 00:01:46,000
Mike Rogers [00:26:58]:
So this was an issue during my time. I can remember I’ve discussed this with the two presidents I worked for as well as the secretaries of defense that I worked for in my position then. And it still hasn’t changed that much for me was our number one Focus should be creating operational capacity.

107
00:01:46,000 –> 00:01:47,000
Frank Cilluffo [00:27:18]:
Mm.

108
00:01:47,000 –> 00:01:48,000
Mike Rogers [00:27:20]:
I’m not enthusiastic about creating structure that doesn’t directly do that.

109
00:01:48,000 –> 00:01:49,000
Frank Cilluffo [00:27:24]:
Yep, yep.

110
00:01:49,000 –> 00:01:50,000
Mike Rogers [00:27:25]:
So for example, on the whole idea of a service or I said guys, we can either actually create we’re fighting teams and capacity or I can create higher headquarters with nice built, nice buildings. I just don’t want to go down that the latter route. I think we should do the former. For me, I also argued, look, the model to use is socom.

111
00:01:50,000 –> 00:01:51,000
Frank Cilluffo [00:27:48]:
Boom.

112
00:01:51,000 –> 00:01:52,000
Mike Rogers [00:27:48]:
This idea of empowering a operational commander with a series of responsive of service like functions so they not only control the employment of these assets, but they have the authority to direct the services in the man train and equipment of these resources. I said look, there is a great model there. And we went again, if you’re a fan of history. 1980, the abortive attempt to free the hostages, desert one leads to a fundamental review of special forces discussion at the time about are these so of such small number of such high importance of such very specific technical and operational knowledge that the majority of the force doesn’t have experience with. Does that merit a separate service?

113
00:01:52,000 –> 00:01:53,000
Frank Cilluffo [00:28:42]:
Yeah.

114
00:01:53,000 –> 00:01:54,000
Mike Rogers [00:28:43]:
Many of the arguments you would hear made about Cyber and the decision made ultimately I think SOCOM was founded in 1989, if my memory is correct, was no, let’s not create a service. Instead let’s come up with a construct that ties together both the operational commander and grants them acquisition, budget, control and service-like authorities and responsibilities. Now that’s the journey Cyber Command has been going on in the last couple of national defense authorization acts. Those capabilities, those authorities have actually been granted. So my recommendation to people is could we actually execute what we just laid out and see if it works before we just decide, hey, we made all these changes. Well let’s just blow it all up. I said let’s give. We’re pivoting to a new, to a different model.

115
00:01:54,000 –> 00:01:55,000
Mike Rogers [00:29:37]:
Having said that, it was the model that we envisioned when we created this. One of the things that I really am proud of about Cyber Command is this has played out the journey in Cyber and the DoD has been exactly the way I thought. I can remember having these discussions with the Secretary, with the Chairman. Here’s how this is going to play out. Here’s how we’re going to do these incremental changes that are going to give us the authorities that are going to keep building and this is what the end state’s going to look like. And you know, as we get to what Cyber Command is calling Cyber Command 2.0, which is now that these authorities have been granted, what are those implications in terms of Cyber Command structure, its manning its processes? My view would be hey, let’s actually implement that and see how it works and then make an assessment rather than we’re right in the middle of this thing and you just want to blow it up. That doesn’t seem very smart to me.

116
00:01:55,000 –> 00:01:56,000
Frank Cilluffo [00:30:30]:
Very, very well said. And, and since you brought up history, we have to have. I have to do a quick nod to an old friend and mentor, General Wayne Downing.

117
00:01:56,000 –> 00:01:57,000
Mike Rogers [00:30:38]:
Yeah, yeah.

118
00:01:57,000 –> 00:01:58,000
Frank Cilluffo [00:30:38]:
Very instrumental and he was There was actually shy Meyer who going back to where army built some of.

119
00:01:58,000 –> 00:01:59,000
Mike Rogers [00:30:44]:
Yeah, yeah, yeah.

120
00:01:59,000 –> 00:02:00,000
Frank Cilluffo [00:30:45]:
SF capabilities. So I’m glad you sort of, sort of went there. That just touches home for we all.

121
00:02:00,000 –> 00:02:01,000
Mike Rogers [00:30:52]:
Go, we all build on the efforts and the insights of those who come before us. I’ve always been a big believer in.

122
00:02:01,000 –> 00:02:02,000
Frank Cilluffo [00:30:58]:
That said, well said. I’m going to put you on yet the spot again.

123
00:02:02,000 –> 00:02:03,000
Mike Rogers [00:31:02]:
Let’s do it.

124
00:02:03,000 –> 00:02:04,000
Frank Cilluffo [00:31:03]:
Undersea cables.

125
00:02:04,000 –> 00:02:05,000
Mike Rogers [00:31:04]:
Undersea cables.

126
00:02:05,000 –> 00:02:06,000
Frank Cilluffo [00:31:04]:
So it seems to be.

127
00:02:06,000 –> 00:02:07,000
Mike Rogers [00:31:05]:
Never heard of them. Do we have such a thing?

128
00:02:07,000 –> 00:02:08,000
Frank Cilluffo [00:31:07]:
Why does it matter? A and B, why are we seeing more of it? And C, what do we do?

129
00:02:08,000 –> 00:02:09,000
Mike Rogers [00:31:14]:
Check. So first, undersea cables as we’ve switched to fiber and you know, optics is the primary long haul method for the Cyber community. Transmission of communications and information cables, the method that we use to flow these optical pathways under the oceans of the world have become more and more important because they represent the single greatest volume. Not that there aren’t. Yeah, you can use microwave, you can use satellites and overhead, and those are all components of long haul passage of, you know, big data links. The reality is cables give you the greatest capacity, the greatest throughput, the greatest speed and the greatest amount.

130
00:02:09,000 –> 00:02:10,000
Frank Cilluffo [00:32:00]:
And they’re there.

131
00:02:10,000 –> 00:02:11,000
Mike Rogers [00:32:02]:
Right. They’re all in place. And we’re, we’re continually adding more.

132
00:02:11,000 –> 00:02:12,000
Frank Cilluffo [00:32:04]:
Exactly.

133
00:02:12,000 –> 00:02:13,000
Mike Rogers [00:32:06]:
Now the nice thing is between what is on orbit, between what we have terrestrially in the form of cable, we have some backup and redundancy. So we’ve created a system, knock on wood, right now, where we don’t have single point failure, broadly speaking, and we have enough capacity that we’ve been able to flex the, the reason you’re. And at the same time we’re seeing more adversary activity around cables. You’re seeing the Russians, you’re seeing the Chinese, you’ve seen multiple instances of cables in the Baltic, for example, that have been cut. The assessment being, hey, intentionally cut in. And also it’s a reflection of a broader context. Hey, we’ve got an ongoing conflict in Europe with, between Frank and Ukraine, the Europeans supporting that. The United States has been supporting them.

134
00:02:13,000 –> 00:02:14,000
Mike Rogers [00:32:53]:
Not surprising them in some ways that suddenly the infrastructure that helps support that effort in some ways is, is being, being, you know, they’re going after it. The thing that I think we need to do differently is I compare cables to space. If you look at space, we have spent a lot of money to create a level of awareness that we know what’s happening in space and we’re not surprised by activity directed against infrastructure in space.

135
00:02:14,000 –> 00:02:15,000
Frank Cilluffo [00:33:22]:
Surprised at some of the gall, but that’s different.

136
00:02:15,000 –> 00:02:16,000
Mike Rogers [00:33:26]:
But we’re not surprised by activity. We see it between the radar systems we’ve developed, the imagery systems we’ve developed, the capabilities we’ve developed to generate situational awareness about what’s happening in orbit. I compare that to cables. Where I’m going. We have no situational awareness, broadly speaking, and we don’t become aware of something until the cable’s broken. Yeah, my view is one of the first steps we need to do. We have got to create situational awareness around those cables, just like we’ve done in Cyber. We needed to do the same thing.

137
00:02:16,000 –> 00:02:17,000
Frank Cilluffo [00:33:57]:
I think you’re right.

138
00:02:17,000 –> 00:02:18,000
Mike Rogers [00:33:58]:
In cables that then gets land, sea.

139
00:02:18,000 –> 00:02:19,000
Frank Cilluffo [00:34:00]:
Space, so you have full visibility.

140
00:02:19,000 –> 00:02:20,000
Mike Rogers [00:34:02]:
It gives us enhanced situational awareness enhancement, it gives us potential speed of response, whether it’s to do activities that would potentially shape and warn an entity. Hey, you don’t want to do that. We’re aware of what you’re doing, you want to do it. It perhaps, perhaps would speed up our ability to respond to activity and it also would feed, I think, and enable a better policy discussion.

141
00:02:20,000 –> 00:02:21,000
Frank Cilluffo [00:34:25]:
Yeah, I couldn’t agree more because I feel like that is still unknown. Exact visibility is lacking.

142
00:02:21,000 –> 00:02:22,000
Mike Rogers [00:34:33]:
We only know about it once we.

143
00:02:22,000 –> 00:02:23,000
Frank Cilluffo [00:34:35]:
Get a break when it’s too late.

144
00:02:23,000 –> 00:02:24,000
Mike Rogers [00:34:36]:
And I’m like, this is not the.

145
00:02:24,000 –> 00:02:25,000
Frank Cilluffo [00:34:38]:
Way, it’s not the way to go about it. Yeah, I hope people are listening. And I do think it’s that full picture. The Brits would call it the rich picture it all. Last question. Because I know there’s so much we can, we can discuss here, but a lot of talk over the years on public private partners, partnerships and I’ve been sort of, I feel like long on nouns, short on verbs. Every once in a while we’re starting to see it. What, how do you think we can think about this issue a little more creatively? And I want, while you’re thinking about that, you are in the midst of advising some really cool startups and new tech.

146
00:02:25,000 –> 00:02:26,000
Frank Cilluffo [00:35:20]:
How does that come into play and all, all this.

147
00:02:26,000 –> 00:02:27,000
Mike Rogers [00:35:24]:
So I, I think a couple things. First of all, there’s going to be different levels of interaction between the private sector and government. I don’t think it’s going to be a one size fits all and, and shouldn’t. And that’s not a criticism. Yeah, I don’t think it’s just like.

148
00:02:27,000 –> 00:02:28,000
Frank Cilluffo [00:35:37]:
Private sector is not monolithic anyway, nor is government.

149
00:02:28,000 –> 00:02:29,000
Mike Rogers [00:35:39]:
It’s gonna be a one size fits all. Secondly, to your point, which I would only reinforce when we say that the private sector, I mean that goes from, you know, commercially owned infrastructure to these large Cybersecurity firms that are generating the software and the hardware that we’re all using to actually execute both the operation of IT and OT systems as well as the tools. From a Cyber extra points for bringing up OT that we’re trying to defend both of those segments to the defense industrial base, to startups that are kind of, hey, we’re looking at specific problems. We’re doing it from the ground up, brand new. So I think we got to acknowledge that just as in government, it’s not a monolith in the private sector. My biggest frustration is when it comes to real time Cybersecurity, I. E. Defending networks in the private sector, traditionally what the government has talked about is what we are going to collaborate and generally that has been defined as I will share with you the private sector what I in government am aware of in terms of patterns and activity on the part of these actors.

150
00:02:29,000 –> 00:02:30,000
Mike Rogers [00:36:54]:
I will try to give you warning if I have specific information, I’ll try to inform and educate in terms of here’s our level, government’s level of awareness. But then basically we say you’re on your own, you own and operate the network and it’s your responsibility. Now I look at that and go, so it has not worked in 30 years. So could you tell me why you think it’s going to work now?

151
00:02:30,000 –> 00:02:31,000
Frank Cilluffo [00:37:16]:
Yeah, yeah.

152
00:02:31,000 –> 00:02:32,000
Mike Rogers [00:37:17]:
I think Ukraine shows you a very interesting model about how do you create Cyber resilience in a contested cyber domain. And the answer among the answers that I see is you got to move to a different model. And one of the changes in the model for me is I’m not interested in collaboration, I’m interested in integration. I’m interested in a real time situational awareness between government and the private sector. I’d start with a subset of critical infrastructure to try to prove the concepts, but I’m interested in real time situational awareness, not just I’ll share what I’m, what I see and oh by the way, if you become aware of something, let me know. Real time problem solving. Hey, so if, if this is our situational awareness picture and we’re seeing this kind of activity, what can you do and what can I do perhaps to address this either to preclude its effectiveness or respond if it has been effective. If you define effectiveness as a network was penetrated and potentially some sort of effect was achieved, extraction of information, locking down of the network, disabling the network, etc, and I think it also shows you what in the Ukraine we brought together the government, brought together the network owner, the information, if you will, intelligence that the Ukrainian government has been able to generate as well as the deep technical knowledge and intelligence that the broader western commercial Cyber security firms like Microsoft, you know, like Cloud Strike, just to name a couple that have publicly acknowledged, hey look, we’re working directly with the Ukrainian government.

153
00:02:32,000 –> 00:02:33,000
Mike Rogers [00:39:04]:
I’m going guys, that’s a model for success. Now I’m the first to acknowledge America is a nation of 335 million, which, with a much bigger set of infrastructure, which is why I would argue start with a subset. Personally for me I’d go for power and water, healthcare maybe, but pick one or two, three if you want to go that far. Let’s develop and operationally some concepts and let’s see if we can make this work rather than trying to do it all at once.

154
00:02:33,000 –> 00:02:34,000
Frank Cilluffo [00:39:34]:
Exceedingly well said. Not only to speak to a navy, we don’t want to boil oceans, but we also want to look very specifically to what operational. If we’re talking collaboration, it has to have the word operation.

155
00:02:34,000 –> 00:02:35,000
Mike Rogers [00:39:46]:
That’s why I want integration. I’m like, collaboration to me is the way we’ve been using. It just is not.

156
00:02:35,000 –> 00:02:36,000
Frank Cilluffo [00:39:52]:
It’s a little loosey goose.

157
00:02:36,000 –> 00:02:37,000
Mike Rogers [00:39:53]:
Right? Collaboration to me effectively has been. I’ll tell you what I know. And oh, by the way, if you’re the network owner, well, when I have the time or if I have the insight, I’ll share it with you. I’m going, guys, we cannot work like this. And it just hasn’t worked. Doesn’t mean that people aren’t working hard, doesn’t mean that there isn’t information flowing. But my attitude would be, look, let’s be honest, it just is not working. So we’ve got to try to do.

158
00:02:37,000 –> 00:02:38,000
Frank Cilluffo [00:40:17]:
Some things differently on that one thing. Technology races we cannot afford to lose. And I know AI, Quantum, obviously they’re more than buzzwords, but we can’t afford to lose those races, can we? Because they’re inextricably interwoven with pretty much.

159
00:02:38,000 –> 00:02:39,000
Mike Rogers [00:40:35]:
Because it’s a combination of. There are a set of core technologies in the world of today and in the near term that will both significantly shape national security but will also drive economic advantage, which are inextricably. Which I’m going, in the world we’re living in now in this digital world in which we’re hyperconnected, in which our business models, our supply chains are all integrated, this is the way that we’ve got to do things. We’ve got to look at what are the core enabling technologies. Now you can’t do this with everything. I’m the first to acknowledge that. And you got to ask yourself, so what do we need to do to retain competitive advantage? And what do we potentially also want to ask ourselves? What do we want to make sure that we absolutely protect so an adversary can’t gain access to it or potentially use it against us? And the two are somewhat related and intertwined. And AI and Quantum clearly are two technologies.

160
00:02:39,000 –> 00:02:40,000
Mike Rogers [00:41:33]:
You know, there’s been multiple reports. I, I just was a co chair of a Quantum report trying to provide an input to the new administration on Quantum with CSIS about, hey, look, we need to think about a strategy. I was just looking at some data that suggest in 2024 in the United States we had about $200 billion in AI associated, you know, development activity. Quantum, we had about $8 billion. So not surprising in some ways, because the perception is AI is out there.

161
00:02:40,000 –> 00:02:41,000
Frank Cilluffo [00:42:05]:
It’S really happening now. It’s.

162
00:02:41,000 –> 00:02:42,000
Mike Rogers [00:42:09]:
It’S not exactly accurate. Broadly, I think it’s fair to say there is a perception. Well, perhaps Quantum is a longer term challenge. Now my argument. Wait, wait, wait a second. Quantum is a spectrum of capability we tend to focus on. So you mean the capability to break commercial encryption, right? When you say quantum, that’s what you mean?

163
00:02:42,000 –> 00:02:43,000
Frank Cilluffo [00:42:26]:
That’s part of it. That’s part of it, yeah, yeah.

164
00:02:43,000 –> 00:02:44,000
Mike Rogers [00:42:29]:
And also potentially defend or strengthen basically capability.

165
00:02:44,000 –> 00:02:45,000
Frank Cilluffo [00:42:35]:
Blinding yourself and deafening yourself.

166
00:02:45,000 –> 00:02:46,000
Mike Rogers [00:42:37]:
But that’s only one element and it is, it is probably the portion of Quantum that’s going to take the longest to generate. So we should not tie our strategy, level of investment, operational concept of development purely to that component or that aspect of Quantum. There’s a whole modeling and simulation, navigation, health, there’s a whole lot of other use cases that are ongoing right now.

167
00:02:46,000 –> 00:02:47,000
Frank Cilluffo [00:43:03]:
And DoD historically has been an innovator in areas beyond just battlefield applications. Oh yeah, Admiral, what questions didn’t I ask that I should have? No, this was a tour de force. I mean, you covered so much territory here.

168
00:02:47,000 –> 00:02:48,000
Mike Rogers [00:43:19]:
But the key moving forward to me is, number one, a good strong dialogue, realizing that not one single entity has all the answers and not one single entity is going to be the solution. It’s not going to be the government doing all of this in terms of Cybersecurity, in terms of technology policy. It’s not going to be the government doing it by itself. It’s not going to be the private sector doing it by itself. It’s what is the, what is the integrated my, my word team based model that’s going to get us the outcomes we need, acknowledging that we got legal concerns and they should be addressed. We need to make sure we’re comfortable with the solutions we’re proposing as we move forward. But my number one frustration is, look, we can’t keep doing the same thing over and over and thinking we’re going to get a different solution. We have literally now have decades, not just years, but now we got a few years.

169
00:02:48,000 –> 00:02:49,000
Mike Rogers [00:44:14]:
We got decades of experience in this hyper connected digital world about both the challenges that cyber presents, as well as, you know, some potential things we could be doing. I just think we need to step back and say, okay, what have we learned and what might we do differently?

170
00:02:49,000 –> 00:02:50,000
Frank Cilluffo [00:44:30]:
Admiral, thank you for your many years of service to our country. Thank you for your continued leadership and stewardship on these issues. And you talk teams. I am privileged and fortunate to have you on our team. So thank you and keep fighting the good.

171
00:02:50,000 –> 00:02:51,000
Mike Rogers [00:44:44]:
Thanks, Ray. Thanks very much.

172
00:02:51,000 –> 00:02:52,000
Frank Cilluffo [00:44:46]:
Thank you for joining us for this episode of Cyber Focus. If you liked what you heard, please consider subscribing your ratings and reviews. Help us reach more listeners. Drop us a line if you have any ideas in terms of topics, themes.

173
00:02:52,000 –> 00:02:53,000
Frank Cilluffo [00:44:58]:
Or individuals you’d like for us to host.

174
00:02:53,000 –> 00:02:54,000
Frank Cilluffo [00:45:01]:
Until next time, stay safe, stay informed, and stay curious.

Related Content