The directors of the National Security Agency (NSA) and the FBI affirmed their support for a foreign surveillance provision that allows for the targeted collection of information on non-U.S. citizens located outside of the country and both pledged a common goal to eliminate insider threats in their organizations at a national intelligence summit on Thursday.
New FBI Director Christopher Wray, making his first public speaking appearance since assuming the role, and NSA Director Adm. Mike Rogers, who also serves as commander of U.S. Cyber Command, spoke on a panel of national intelligence directors at the AFCEA INSA Intelligence & National Security Summit. Both called for the re-authorization Section 702 of the Foreign Intelligence Surveillance Act (FISA) deeming it critical for collecting information used to thwart terror attacks.
The controversial Section 702, which is meant to target only non-Americans in programs exposed by the 2013 Edward Snowden leaks, is currently set to expire when the FISA Amendements Act reaches its previously-extended deadline of Dec. 31.
“There’s a very valid concern which I understand. But, it would be a truly significant act and not in the nation’s best interest to withdraw Section 702,” Rogers said.
Rogers recounted that he told Vice President Mike Pence on Wednesday that if Section 702 is not reauthorized it would have disastrous effects on the NSA’s ability to conduct counterterrorism operations.
“The threat of terrorism has evolved from a large, complex cell-based approach to the kinds of attacks that are simpler. We see fewer people are involved in carrying out the attack and they’re going after softer targets. There is now a much shorter timeline between the idea and planning to the execution,” said Wray. “This is why 702 is important. It helps counterterrorism efforts when the window of time for planning is getting smaller and smaller.”
Earlier in the day at the conference, Rep. Adam Schiff (D-Calif.), the ranking member on the House Intelligence Committee, told attendees that he believes Section 702 will be reauthorized but that it’s not clear yet in what form.
The two directors also reaffirmed their commitment to cutting down the level of insider threats within their respective organizations in order to ensure the cyber resiliency of their networks and future missions without stifling the information technology innovation of their workforce.
Rogers pushed for a cultural change to handling sensitive data and cautioned against pinning this problem solely on contractors brought in from the private sector to assist the NSA. The responsibility is on all parties who work with the NSA, and a level of rigidity to ensuring cyber security practices are met has to be appropriate and practical, according to Rogers.
“We have to find a balance here. If the price of security is that we drive away the men and women that could help us with cyber solutions that’s a bad place to be. I reject that. So it’s about how do we find a middle ground,” said Rogers. “We have to do this from a risk-based approach.
Wray echoed Rogers sentiment and pointed to the FBI’s on-going elevation of a Insider Threat Center dedicated to identifying behavioral signs that pose cyber risks and which he announced will be granted greater executive oversight in the future.
“We try to talk about in terms of what is the culture of the organization. It’s about shared accountability,” said Wray. “I think you can have innovation and security at the same time. This shouldn’t lead to stifling the nation’s cyber security efforts.”
Defense Intelligence Agency Deputy Director Melissa Drisko was also on the panel and mentioned the move to algorithmic analysis and data-centric approaches to eliminating insider threats, but cautioned against a diminished role of human analysts.
“We’re looking at artificial intelligence, and we ask ourselves about what is the role of human analysts. What’s that going to look like in ten years?” said Drisko. “Now that doesn’t make it obsolete, but what does it look like? That will drive us to make the decisions about what kind of people we hire.”
Rogers urged the same caution to adapting more automated technological capabilities to a degree that would diminish the role of his workforce.
“The risk of not having individuals on the scene doing analysis is too high. Machines do some of the work, but you need humans there,” said Rogers. “I don’t see us passing off everything to a machine.”