The United States has thrust itself and the world into the era of cyber warfare, Kim Zetter, an award-winning cybersecurity journalist for WIRED magazine, told a Stanford audience. Zetter discussed her book “Countdown to Zero Day,” which details the discovery and unraveling of Stuxnet, the world’s first cyber weapon. 

Stuxnet was the name given to a highly complex digital malware that targeted, and physically damaged, Iran’s clandestine nuclear program from 2007 until its cover was blown in 2010 by computer security researchers. The malware targeted the computer systems controlling physical infrastructure such as centrifuges and gas valves.

Reports following its discovery attributed the creation and deployment of Stuxnet to the United States and Israel. The New York Times quoted anonymous U.S. officials claiming responsibility for Stuxnet. 

Zetter began reporting on the cyber weapon in 2010.

“When the first news came out, I didn’t think much of it,” Zetter told a CISAC seminar on Monday. The title of her book refers to a “zero-day attack," which exploits a previously unknown vulnerability in a computer application or operating system.

“Watching the Symantec researchers unravel Stuxnet, I knew what fascinated me was the process and brilliance of the researchers. The detective story is what pulled me in.” 

Zetter’s book follows computer security researchers from around the world as they discover and disassemble Stuxnet over the course of months, much longer than any time spent on typical malware. The realization that Stuxnet was the world’s first cyber weapon sent shock waves throughout the tech community, yet did not create as much of a stir in mainstream society. 

“It’s funny because a lot of people still don’t know Stuxnet or haven’t even heard of it,” Zetter said. “The recent vandalization of Sony seems to have finally gotten people’s attention. It was not a case of true cyber warefare, but I'm glad that my book came out right before it happened because its perception as a nation-state attack has led to interest in all nation-state attacks, including Stuxnet. The Snowden leaks also put cyber warfare on the map.” 

“Countdown to Zero” also places Stuxnet in political context. The first version of Stuxnet was built and unleashed by the Bush administration in 2007, according to Zetter. Iran accelerated its enrichment process in 2008, leading to fears it would have enough uranium to build a bomb by 2010. President Barack Obama inherited the program; he not only continued it,but accelerated it. Another, more aggressive version of Stuxnet was unleashed in June 2009 and again in 2010. Obama gave the order to unleash Stuxnet while publicly demanding Iran to open itself up to negotiations. 

The effectiveness of the world’s first cyber weapon remains a subject of debate. The most optimistic assessment of Stuxnet is that it delayed and slowed Iran’s uranium development enough to dissuade Israel from unilaterally striking the country, and it afforded time for intelligence and diplomatic efforts. Stuxnet contributed to dissension and frustration among the upper ranks of Iran’s government (the head of Iran’s nuclear program was replaced) and bought time for harsh economic sanctions to impact the Iranian public.

“Stuxnet actually had very little effect on Iran’s nuclear program,” said Zetter. “It was premature, it could have had a much bigger effect had the attackers waited.” Iran still made a net gain in their uranium stockpile while being attacked and they are updating their centrifuges, which would make Stuxnet obsolete.

The more unsettling parts of Zetter’s book catalog security vulnerabilities in America’s public infrastructure, which could easily be victim to a Stuxnet-style attack, and consider the implications of the era Stuxnet heralded. For example, in 2001 hackers attacked California ISO, a nonprofit corporation that manages the transmission system for moving electricity throughout most of California. More recently, Zetter writes, in 2011 a security research team “penetrated the remote-access system for a Southern California water plant and was able to take control of equipment the facility used for adding chemicals to drinking water.”

The Obama administration has publicly announced that shoring up infrastructure security is a top priority. Zetter finds this ironic, because unleashing Stuxnet has opened the U.S. up to attacks using the same malware.

“When you launch a cyber weapon, you don’t just send the weapon to your enemies, you send the intellectual property that created it and the ability to launch the weapon back against you,” writes Zetter. “Marcus Ranum, one of the early innovators of the computer firewall, called Stuxnet ‘a stone thrown by people who live in a glass house.’”

More broadly, Stuxnet heralded an era of cyber warfare that could prove to be more destructive than the nuclear era. For Zetter there is also irony to the use of cyber weapons to combat nuclear weapons. She quotes Kennette Benedict, the executive director of the “Bulletin of the Atomic Scientists,” pointing out, “that the first acknowledged military use of cyber warfare is ostensibly to prevent the spread of nuclear weapons. A new age of mass destruction will begin in an effort to close a chapter from the first age of mass destruction.” 

Zetter has similar fears.

“The U.S. lost the moral high ground from where it could tell other countries to not use digital weapons to resolve disputes,” Zetter said. “No one has been killed by a cyber attack, but I think it’s only a matter of time.”

Joshua Alvarez was a 2012 CISAC Honors Student. 

Understanding the nature of violent conflict in the world's most dangerous flashpoints may help find ways to peace and stability, according to a Stanford expert.

Once a soldier, now a scholar, Joe Felter knows better than most the intrinsic meaning of war and conflict – he served on the front lines in the U.S. Special Forces in places such as Iraq, Afghanistan and the Philippines.

Today, the senior research scholar at Stanford's Center for International Security and Cooperationand research fellow at the Hoover Institution is on a different kind of mission: building knowledge on the subject of politically motivated conflict.

For example, how are the most casualties suffered and under what conditions? Are there patterns to why rebels are surrendering? And how do armed battles affect development and education in local communities?

Answers to these and other questions are found in the Empirical Studies of Conflict project database, which is led by Felter and Jacob Shapiro, his former Stanford political science classmate, now a professor at Princeton University. The effort focuses on insurgency, civil war and other sources of politically motivated violence worldwide. Launched last year, it currently covers the Philippines, Afghanistan, Colombia, Iraq, Northern Ireland, Mexico, the Israeli-occupied territories, Pakistan and Vietnam. The site includes geospatial and tabular data as well as thousands of documents, archives and interviews.

Since 2009, Felter has collaborated with colleagues at Princeton, the University of California, San Diego, and other institutions in developing the database. Today, they are advising policymakers and military leaders on how best to curb conflict, reduce civilian casualties and promote prosperity. Felter and his colleagues have outlined some of their work in this Foreign Affairs article published in January 2015.

Felter's research on Filipino insurgencies, for instance, has produced significant results. The senior officials there have invited him to brief their military on battlefield trends and counterinsurgency strategy, as Felter and his colleagues have interviewed thousands of combatants as part of the project.

What do they learn about the insurgent mindset? One Islamic militant chief talked tactics with him, then revealed that his greatest tool was his men's belief that Allah was waiting for them on the other side. Others included a Roman Catholic nun who was running guns and money to help the poor and a young college freshman recruited with the promise of $40 a month to support her family.

Pathways to peace

In the case of the Philippines, Felter had access to more than 100,000 individual reports of conflict episodes dating back to 1975 and more than 13,000 interview transcripts from rebels who were captured or had surrendered over the last 30 years. That information was coded in detail and compiled as part of the Empirical Studies of Conflict Project database. The Philippines is home to some of the most protracted Muslim separatist and communist insurgencies in the world, and that is precisely why the government is interested in learning how to thwart it.

L.A. Cicero

Crystal Lee, a Stanford senior and history major, has been Joe Felter’s research assistant since her freshman year.

"For me, it's kind of validating all the thousands and thousands of hours that went into all our coding," said Felter, adding that the information will help the Philippines government find ways to ease the costs and human suffering in the conflicts it faces.

It has been a transformational journey for Felter, who retired in 2012 from the U.S. Army as a colonel following a career as a Special Forces and foreign area officer with missions and deployments across Asia, Panama, Iraq and Afghanistan. In 2010-11, he commanded the International Security and Assistance Force Counter Insurgency Advisory and Assistance Team in Afghanistan.

"I spent a long time in the military deployed to environments where you could appreciate that what you were doing was having an impact," Felter said.

In higher education now, his vantage point is different from what it was on the front lines. Today, both perspective and policy are two of his main goals.

"Since I transitioned to academia, I haven't lost my commitment to trying to help practitioners in the field to better understand conflict – by using data," Felter said.

Stanford senior Crystal Lee, a history major, has been working with Felter as a research assistant since her freshman year, helping him code and compile the datasets.

"It's been really interesting for me to think about the implications that this type of data analysis has on governments and broader policy work," said Lee, who also has analyzed and reconstructed hundreds of interviews with former rebels for Felter's upcoming book.

She said that a romantic notion exists in Silicon Valley that if one uses a huge database, one can wave a magic wand and believe that so-called "big data" will solve everything. "But it's a really messy field and we've had to use best practices to make sense of the increasingly complicated picture of counterinsurgency and terrorism," she said.

Study at the local level

Felter pointed out that to truly comprehend the nature of counterinsurgency in places like the Philippines, Iraq or Afghanistan, one must realize that its roots are in local communities.

"You need to study it at the local level to really understand it," Felter said. "And the Philippines is like a petri dish for studying both insurgency and counterinsurgency because you have multiple, long-running insurgencies, each with distinct characteristics, and with an array of government and military responses to address these threats over time."

The coders are now doubling back over the dataset from 1975 to 2012 to make sure it's accurate and cleaned of any potentially sensitive details before it goes public. The data are the basis for two of Felter's ongoing book projects and dozens of working papers and journal articles.

Roots of research

A Stanford alum, Felter was in the Philippines in 2004 conducting field research as part of his doctoral dissertation when he was first able to gain access to what would become a trove of detailed incident-level data on insurgency and counterinsurgency.

John Tronco

Stanford scholar Joe Felter with members of the First Scout Ranger Regiment, Philippine Army. His research in the Philippines helps inform the Empirical Studies of Conflict database.

After bringing back the data and meeting with his faculty advisers – Stanford political science Professors David Laitin and James Fearon – he realized the extensive incident-level data could be coded in a manner that would make it a tremendous resource for scholars studying civil wars, insurgencies and other forms of politically motivated violence.

"This comprehensive conflict dataset is going to be the holy grail of micro-level conflict data," Felter said. "It has the potential to drive a significant number of publications, reports and analyses, and enable conflict researchers to develop insights and test theories that they would not have been able to do before."

The network is expanding. A dozen young scholars who were supported by funding for the Empirical Studies of Conflict (ESOC) project as postdoctoral fellows have now been placed in tenure-track positions at universities.

"What's unique about ESOC is that we're trying hard to make it easier for others to study conflict by pulling together everything we can on the conflicts we've studied," said Jake Shapiro, an associate professor of politics and international affairs at Princeton University and the project's co-director.

On Iraq, for example, the website provides data on conflict outcomes, politics and demographics, in addition to maps, links to other useful information sources and other types of research on Iraq, he said.

Shapiro says researchers working for the Canadian Armed Forces, the World Bank and the U.S. military have already turned to the database for help. Insurgencies cost human lives and dollars, enough so that the United States and the international community are now focused on rebuilding social and political orders in those troubled countries.

As Felter put it, "We are devoted to learning from all those experiences and to making it easier for others to do so as well, so that we can all live more peacefully and safely in the future."

Research highlights

The Empirical Studies of Conflict project includes the following scholarly advances:

• Research on insurgent compensation paid during the U.S. Iraq conflict shows that pay was not based on risk factors.
• Findings show rebel violence will decrease when projects are secure and valued by community members and when implementation is conditional on the behavior of non-combatants.
• A journal article describes the preference for "certainty" in the relationship between violence and economic risk in wartime Afghanistan.

Media Contact

Beth Duff-Brown, Center for International Security and Cooperation: (650) 725-6488,bethduff@stanford.edu

Clifton B. Parker, Stanford News Service: (650) 725-0224, cbparker@stanford.edu

American deterrence, though traditionally centered on the nuclear triad, is becoming ever more integrated and dependent on other technologies in space and the cyber world, Admiral Cecil D. Haney, commander of the U.S. Strategic Command, told a Stanford audience.

Haney, appointed to lead USSTRATCOM by President Barack Obama last year, made a daylong visit to Stanford on Tuesday, holding seminars and private meetings with faculty, scholars and students at the Hoover Institution and the Center for International Security and Cooperation. His seminar at CISAC focused on strategic deterrence in the 21st century.

Admiral Haney has made it USSTRATCOM’s goal, in accordance with the Nuclear Nonproliferation Treaty (NPT) and the 2010 START Treaty, to reduce America’s nuclear weapons stockpile. But he sees a world where maintaining a deterrent is still necessary.

“As we work to continue our nation’s goal of reducing the role of our nation’s nuclear weapons, we find other nations not only modernizing their strategic capabilities but also promoting them,” he said. Russia, Iran, and China attracted particular concern. Haney declined to estimate how much the U.S. can reduce its stockpile without hurting its deterrent posture.

While the nuclear triad is still the foundation of American deterrence, space and cyberspace technology are now fully integrated with nuclear platforms, making cyber and space security indispensable.

“Deterrence is more than just the triad,” said Haney. “We are highly dependent on space capabilities, more so than ever before. Space is fully integrated in our joint military operations as well as in our commercial and civil infrastructure. But space today is contested, congested, and competitive.” 

Haney said there are more than 20,000 softball-sized objects orbiting Earth.

Image

“Only about 1,000 of those objects are satellites, the rest is debris, increasing threats to our operational satellites as they travel at speeds exceeding 17,000 mph,” he said. The Joint Space Operation Center receives an average of 30 collision alerts per day.

Damage to some of our satellites could have devastating impacts on our economy, communications and infrastructure. Rival nations also pose space security challenges.

According to the U.S. government, China recently tested an anti-satellite missile. This follows a 2007 test when China successfully destroyed one of its satellites, and consequently created a cloud of debris that still poses a threat to international satellites.

“Keeping assured access to the space domain is a full-time job,” Haney said.

Likewise cybersecurity. America’s increasing reliance on cyberspace for both military and civilian purposes has created security vulnerabilities that can be exploited by both state and non-state actors. Haney cited the recent attacks on J.P. Morgan and Sony, Russia and China’s attacks on regional rivals, and non-state terror groups.

“We have benefited enormously from advanced computer capabilities, but it has opened up threat access to our critical infrastructure,“ Haney said. “As we confront terrorist groups we all know that they are not only using cyber for recruiting and messaging – but also to seek weapons of mass destruction.”

In a Q&A session after his talk during the CISAC seminar, a variety of concerns were raised about the USSTRACOM mission, including triad modernization, the ongoing personnel issues that have been in the news, and missile defense.

FSI Senior Fellow Scott Sagan asked about the recent spate of personnel problems at U.S. nuclear silos. Haney said a full review of personnel and procedures, ordered by Defense Secretary Chuck Hagel, was completed and changes have been enacted.

“We are trying to positively reinforce our workforce and I am getting a lot of positive feedback from operators,” Haney said. “We are having monthly conversations that include operational officers. When I visit sites I don’t just meet with commanders, I have meals with smaller groups of lower-ranking personnel.”

Haney previously served as commander of the Pacific Fleet. A graduate of the U.S. Naval Academy, he has personal experience with America’s nuclear deterrent as he served in submarines armed with nuclear ballistic missiles, which, in addition to land-based intercontinental ballistic missiles (ICBMs) and strategic bombers, make up part of the United States’ nuclear triad.

USSTRATCOM is one of nine unified commands that have control of forces from all four branches of the U.S. military. The command’s well-known responsibility is command and control of America’s nuclear arsenal, a role it inherited from the Cold War-era Strategic Air Command. Since its establishment in 1992, USSTRATCOM has been assigned additional responsibilities, most notably cyberspace and outer space.

You can listen to the audio of his presentation here.

Joshua Alvarez was a CISAC Honors Student during the 2011-2012 academic year.

CISAC's Scott Sagan is the chair of a new project by the American Academy of Arts & Sciences, called the New Dilemmas in Ethics, Technology and War.  The project convenes an interdisciplinary group of scholars and practitioners (political scientists, philosophers, ethicists, lawyers, physicians, historians, soldiers, and statesmen) in a series of small workshops to explore the intricate linkage between the advancement of military technology and the moral and ethical considerations of the deployment of such capabilities in war and in postwar settings.

The project will produce a multidisciplinary Dædalus issue that will inform the debate surrounding the acceptable use of modern instruments of war and will provide a useful teaching tool for both universities and military service academies.

You can read more about the project on the AAA&S website here.

Journalist Barton Gellman had left his job at The Washington Post and was working on a book about surveillance and privacy in America when he was contacted last year by someone using the code-name VERAX, or “truth teller” in Latin.

So began one of the most dramatic chapters in the history of modern American journalism – and government surveillance. In the spring of 2013, Gellman began having remote, encrypted exchanges with someone who clearly had inside knowledge of the NSA's global and domestic surveillance programs. 

“He was trying to figure out whether he could trust me and ... I was trying to figure out if he was for real,” Gellman told a packed Stanford audience Monday night.

Last December, he traveled to Moscow to put a face to the code-name and determine whether the information he was providing was accurate.

“All extraordinary claims require extraordinary evidence – and he was providing that.," Gellman said of former NSA contractor Edward Snowden. "I was convinced fairly early on that I was dealing with something fairly serious.”

So Gellman went back to The Washington Post, where he had been on teams that won two Pulitzer Prizes for their coverage of the 9/11 terrorist attacks and the power and influence of Vice President Dick Cheney during the Bush administration.

“I went there because I trusted them and because I wanted their resources and their advice,” he told the audience of some 600 people at the CEMEX Auditorium on Monday. The Washington Post would go on to win the 2014 Pulitzer Prize for Public Service, shared with The Guardian US, for their reporting on the Snowden materials and the NSA.

Gellman today is a senior fellow at The Century Foundation and a visiting professional specialist and author-in-residence at Princeton’s Woodrow Wilson School of Public and International Affairs. He is the author of Angler: The Cheney Vice Presidency and is currently working on a book about the Snowden affair.

Snowden’s explosive disclosures about the National Security Agency’s intelligence-collection operations have ignited an intense debate about the appropriate balance between security and liberty in America.

In a special series this academic year at Stanford University, nationally prominent experts are exploring the critical issues raised by the NSA’s activities, including their impact on our security, privacy and civil liberties.

Amy Zegart, co-director of CISAC and a senior fellow at the Hoover Institution, launched the “Security Conundrum” series in October with its first speaker, Gen. Michael Hayden, the former director of the NSA and CIA who defended the government surveillance programs. The metadata collection “is something we would have never done on Sept. 9 or Sept. 10,” Hayden told Zegart during their conversation on Oct.  8. “But it seemed reasonable after Sept. 11. No one is doing this out of prurient interests. No – it was a logical response to the needs of the moment.”

Zegart, in introducing Gellman, said: “Tonight, we move from inside the NSA to inside the newsroom, which played a key role in revealing the NSA’s secret activities over the past year.”

All Photos by Rod Searcey

Image

In the second lecture in the “Security Conundrum” series, Gellman was in conversation with Philip Taubman, former correspondent and Washington and Moscow bureau chief for The New York Times and a consulting professor with Stanford’s Center for International Security and Cooperation (CISAC). Taubman teaches the class Need to Know: The Tension Between a Free Press and National Security Decision Making.

Gellman recounted his dealings with Snowden and described how he and his editors weighed the Snowden materials. Few questions are more difficult for American journalists than determining how far a free press can venture in disclosing national security secrets without imperiling the nation’s security.

“I asked him very bluntly, `Why are you doing this?’” Gellman said of Snowden.

“He gave me very persuasive and consistent answers about his motives. Whatever you think of what he did or whether or not I should have published these stories, I would claim to you that all the evidence supports his claim that he had come across a dangerous accumulation of state power that we, the people, needed to know about.”

One of the first Snowden revelations, Gellman said, was the top-secret PRISM surveillance program, in which the NSA is allowed to tap into the servers of nine large U.S. Internet companies, including Google, Microsoft, Yahoo, Facebook and Skype. Snowden believed the extent of mass data collection about American citizens was far greater than what the public knew.

The Post reported that PRISM allows the U.S. intelligence community to gain access from the Silicon Valley firms to a wide range of digital information, including audio, video chats, photographs, emails and stored data that enable analysts to track foreign targets. The program does not require individual warrants, but instead operates under the broader authorization of the federal Foreign Intelligence Surveillance Act court.

Image

The FISA Court had also been ordering a subsidiary of Verizon Communications to turn over to the NSA logs tracking all of its customers’ telephone calls.

Gellman said Snowden asked for a guarantee the Post would publish the full text of a PowerPoint presentation that he had obtained describing the PRISM program. Gellman told him that his editors would not make any guarantees about what they would publish and in the end the paper only reproduced several slides so as not to harm national security.

Taubman asked Gellman what gives any journalist the right to publish classified documents and not hand those papers back to the NSA.

“I’m not accountable to anyone for my decisions about what is in the interest or not in the interest of the national security of the United States,” Gellman said. “What happens is the government tries to keep information a secret and I try to find it out – and then when that spillage happens, well, then we talk.”

In the case of PRISM, he sent emails to two “quite senior people” in the government and told them this was the type of email he only sends once every several years, when he is onto a big story they would want to know about. But he didn’t want to do anything over email, so when the senior officials called, Gellman gave them the title of the document about which he was going to write.

Image

That started the negotiations with the government and The Washington Post. In the end, the paper only published several of the government’s PowerPoint slides that explained the PRISM program because they were concerned about harming national security.

“We had no interest in doing that; we only had an interest in writing about the public policy question on a program that had secretly expanded in ways that almost no one knew about,” Gellman said. “To the extent that it involves drawing new boundaries allowing the government to spy on its citizens and the citizens never get to know that – that is quite relevant to know when you’re trying to decide whether you like what your government is doing.”

In a statement responding to the PRISM revelations by the Post, Director of National Intelligence James Clapper said information collection under the program “is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats.”

Clapper called the Snowden leaks about the legal program “reprehensible and risks important protections for the security of Americans.”

Gellman said Snowden has turned down million-dollar book and movie deals and lives in  “ascetic” asylum in Russia. Snowden told NBC News earlier this year that he was on his way from Hong Kong to Latin America, via Moscow, when his passport was confiscated and that Russia then granted him a one-year asylum.

“He is fascinating to me because he’s an unusual figure,” Gellman told Taubman, who had asked him what Snowden was like. He said the 31-year-old former systems administrator for the CIA did something most Americans would not: He gave up his personal freedom and changed the course of his life to make public the government surveillance programs that he believes are a danger to the American people.

“He described himself to me once as an indoor cat,” Gellman said. “He lives in a virtual world; there’s not a whole lot of difference for Snowden whether he’s living in Moscow or Hawaii – he’s is what I would call a net native. He has an ascetic personality; he doesn’t have or want very much stuff.”

Gellman added: “He is sort of Zen-like in his confidence that he has done the right thing.”

***

The Security Conundrum series is co-sponsored by CISAC, Hoover, and the Freeman Spogli Institute for International Studies, Stanford Continuing Studies, Stanford in Government and the Stanford Law School.

Other nationally prominent speakers will include Reggie Walton, the former presiding judge of the Foreign Intelligence Surveillance Court, and U.S. Sen. Dianne Feinstein, chairman of the Senate Select Committee on Intelligence.

National Security Agency Director Admiral Michael Rogers told a Stanford University audience during a rare visit to Silicon Valley that his greatest concern today is that the nation is not yet prepared to defend against a major cyber terrorist attack.

He said the growing rift among the signals intelligence agency, tech companies and civil liberties organizations over the shifting boundaries of privacy rights and secret surveillance is weakening the nation’s resolve.

“We have yet to be able to come to a broad policy and legal consensus about how we deal with some of the legal issues in cyber now,” said Rogers, who took over the leadership of the embattled intelligence agency in April.

The admiral, wearing military dress, spoke to some 300 Stanford students, faculty and tech executives in an event sponsored by the Center for International Security and Cooperation (CISAC) and the Hoover Institution.

Watch the Rogers talk in this video:

His wide-ranging talk on Monday – in which he appealed to Stanford students to consider a career at the intelligence agency – came on the eve of a hearing by a federal appeals court investigating whether the NSA’s surveillance program violates the U.S. Constitution’s ban on unreasonable searches. The Justice Department argues that collecting phone data is of overriding importance to national security.

The NSA, whose mission is to prevent foreign adversaries from getting their hands on classified national security data, has come under fire since NSA contractor Edward Snowden disclosed last year the extent of the government’s electronic surveillance programs. The former CIA system administrator leaked documents to journalists that revealed global surveillance programs with the cooperation of some telecommunications companies and European governments.

One of those journalists was Barton Gellman of the Washington Post, who received dozens of top-secret documents from Snowden when he traveled to Moscow to meet him. Gellman, who shared the 2014 Pulitzer Prize for Public Service for his reporting on the Snowden materials and the NSA, will address a Stanford audience on Nov. 17^th as part of the university’s “Security Conundrum” lecture series.

Rogers indicated that until a consensus is reached on government surveillance, the United Sates is vulnerable to attack.

“Is it going to take a crisis to wake us up and say, `Man, how did we get here?’” he asked. “I don’t want to be at the end of another 9/11 commission asking how we got here.”

Rogers said the government is backing a bill known as the Cybersecurity Information Sharing Act, which would allow tech firms and the U.S. government to share cyber threats captured through Internet data. The bill was introduced to the Senate in July but has not yet been voted on by the full Senate. Opponents of the bill say it would only give the NSA enhanced spying powers.

Image

Rogers called the proposed legislation critical. “Without it, cyber becomes a huge cost for us as a nation.”

Rogers said he knows Americans’ trust in their government is dismal.

“We have a fairly limited faith in Washington and there is incredible frustration over the mechanisms of our government, whether it be the legal framework, the courts, the Congress,” he said. “It’s hard to achieve a political consensus when we’re losing faith in many of the mechanisms.”

And still, he called on Stanford students – namely the engineering and computer science majors who were in the audience – to come work for him. While acknowledging that the NSA could not match the salaries of Google, Yahoo and Facebook, he said they could do something worthwhile for their nation.

“If we’re going to make this about money – we don’t stand a chance,” Rogers said.

But, he added, “We’ll give you an opportunity to dedicate yourself to something that is bigger than you: service to the nation.”

Rogers said young recruits would be given great responsibility at an early stage in their careers. And, they’d get to play real-world spy games. “We’re going to give you the opportunity to do stuff you can’t legally do anywhere else,” he said.

Not all students in the audience were ready to sign up.

Thu-an Pham, a sophomore who has yet to declare her major, said after listening to the talk that she’s concerned that NSA surveillance is curbing innovation.

"I'm worried about the impact of surveillance on the culture of innovation,” she said. “Glenn Greenwald gave a recent TED Talk on the importance of privacy. He showed that people alter their behavior to conform to norms and expectations if they suspect they are under surveillance, which stifles individuality and free-thinking.”

Pham also said she’s concerned about the possibility of American officials “outsourcing illegal tasks to other governments.”

The National Journal reported last week that the NSA has given broad access to British intelligence to Americans’ telephone calls and Internet traffic, leading civil liberties activists to accuse the agency of trying to circumvent the Fourth Amendment.

Amy Zegart, CISAC’s co-director and a senior fellow at the Hoover Institution, moderated the one-hour talk and Q&A in Encina Hall.  

Zegart, an intelligence expert, noted tech firms are tightening encryption standards to prevent government spying on their customers.

Google and Yahoo are working on tools to encrypt their email systems and Apple and Google just announced its mobile operating systems would eventually be encrypted by default. Government officials have warned that the tech firms could be aiding criminals and terrorists with these tougher encryption standards; FBI Director James Comey suggested Silicon Valley build encryption with a backdoor for the U.S. government to spy on potential terrorists.

“Industry is very concerned about evidence of the NSA undermining encryption standards. If the NSA were to find a way through encryption standards, how do you weigh the right thing to do?” Zegart asked.

“Let there be no doubt that a fundamentally strong Internet is in the best interest of the nation,” Rogers replied. “When you find vulnerabilities, we are going to share them; the default mechanism is that we’re going to share the vulnerabilities.”

Image

CISAC Affiliate Jennifer Granick, director of civil liberties at the Stanford Law School's Center for Internet and Society, asked Rogers to answer to disclosures by Snowden that the NSA secretly broke into communications on Yahoo and Google servers overseas.

“We do not use any foreign partners as a vehicle to overcome and bypass U.S. law,” Rogers replied. “When we partner with our Five Eyes teammates, we remind them that we have specific requirements that we must meet.”

The Five Eyes refers to an intelligence alliance of the United States, Canada, Great Britain, Australia and New Zealand to share signals intelligence.

Rogers conceded the Department of Defense no longer drives technical innovation, so the government will have to increasingly rely on the brainpower of Silicon Valley. He pledged to visit every six months and build partnerships with tech firms.

But he emphasized that national security could not be left to the technologists.

“It is unrealistic to expect the private sector to withstand the actions of nation-states,” Rogers said. “I think it is also unrealistic to expect the government to deal with this all by itself. We have got to create those partnerships that enable us to actually share information and insight in a real-time basis.”

Former CISAC Honors Student Joshua Alvarez contributed to this story.