are also the same people on our committee for a number of years who have talked about making all states matter. making as many states matter as is possible. and this is what's -- this is what happens, madam chairman, when we have proportional that goes a little longer than to march 15th. march 31st is a pretty good date. and if that does mean that there's some regional primaries, that's probably a good thing. it allows campaign to spend their time in certain areas and not be spread out all over the country. thank you. >> all right. we're going to leave our coverage of the republican national convention rule committee meeting. you can turn to skrrks pan to continue to watch live coverage of this meeting pop. >> now nsa director michael rogers discusses the nation's cybersecurity challenges and his role in protecting the u.s. from cyberthreats. he also talks about how the military has provided protection for government and private

entities from hacking. this is an hour. good afternoon. i'm the washington correspondent for the salt lake tribune and the 109th e president of the national press club. our guest today is michael rogers, the commander of the u.s. cyber command, the director of the national security agency and the chief of the central security service. i would like to welcome our public radio and c-span audiences and like to remind you can follow the action live on twitter using the #npclive. it's time to introduce our head table guest. i would ask each of you to stand briefly as your name is announced. please hold your applause until i've introduced the entire table. from your right, jen judson,

reporter at defense news, tony ka patch yo, pentagon correspondent, max letterer, publisher of stars and striebs, the washington bureau chief of the "the new york times," the honorable john warner, former secretary of the navy and former united states senator from the commonwealth of virginia. blomburg news breaking news reporter, skipping over our speaker for just a moment, a retired u.s. navy captain who organized today's event. eric melt zer, senior news production specialist at the associated press. jerry zha rim ski, washington bureau chief of the buffalo news. john donnelly, the chairman of the press club's press freedom

committee. and vie yo la ginger, senior editor and writer at the united states institute of peace. thank you. [ applause ] our guest today, admiral michael rogers is wearing many hats. he's tasked with defending the defense department's networks and protecting critical u.s. infrastructure. as the director of the national security agency, he gathered foreign intelligence to monitor what nations, states and individuals are doing in the cyber arena. he accepted those responsibilities in april 2014, during the times when the public was still outraged about the scope of the nsa's phone and internet surveillance exposed from a former contractor, ed snow d

snowden. attacks on sony initially caused the company to cancel the release of a comedy movie and crippled thousands of computers. the obama administration responded by sanctions on the country for the attack. he points to russia and china as the biggest hacking threats saying that hackers in north korea and iran also represent challenges. still during his senate confirmation hearing admiral rogers admitted that one of his most demanding tasks is to get americans comfortable with nsa's actions. nsa espionage practices have been criticized by technology groups, and u.s. allies. rogers faces the challenge of having to explain his work to the general audience and to our foreign partners while keeping most of the details and finding secret from our enemies. he has a unique opportunity to talk about the nsa and the u.s. cyber command at the national

press club luncheon today. please help me give a warm welcome to admiral rogers, national press corps. [ applause ] >> boy, i got to tell you what i thought i heard there was please let me help me give it to admiral rogers. this is going to be an interesting consideration. so first of foremost, thank you for being here and to the national press club. thank you for the opportunity. i'll share a few thoughts with you and then i'm interested in a dialogue. i'll take your questions on any topic. to those who join us electronically, thank you for taking time for a conversation that i hope generates value for you and helps me to learn. i'm always interested in how you generate outcomes. that's what my ultimate job is. if i could i'm going to ade two things to what you heard in the introduction about the responsibilities of cyber command and nsa.

but before i forget, before i say that, my compliment to the club. i have never been at a function and had cookies with the label of the organization. [ laughter ] i got to tell you, than's amazing to me. my day is made. when i go back to ft. mead and tell them, look at the cookies this place had. in addition to what you heard on the u.s. cyber command side, defending the department of defense's networks, defend if directed by the president or the secretary of defense critical elements of u.s. infrastructure against significant events of cyber consequence, of significant cyber consequence. the third mission that you can't hear outlined was also generate the capacity and employ it across the range of the defense and the offense to support broader military operations around the world. and we have publicly acknowledged that we're doing offensive actions right now against isil and cyber and the

fight in syria and iraq. i'll be up front and tell you i'm not going to go into more details. i'm asked in forums like this, can't you give us more details and i'm going no. we're in a fight against an adaptive learning adversary and vi no desire to give that adversary greater insight. i'm not going to go down that road with you. the other item i would highlight with the national security agency we highlighted in the introduction, the foreign intelligence mission. the use of signals intelligence in the foreign environment to gain insights as to what nations, states, groups and actors are doing that are of significant concern to our nation, friends and allies. and that is much broader than just cyber. the second mission for nsa, and one that is growing in increasing importance is information asurns. we had always been responsible for developing the crypt to graphic standards and the security standards for classify systems within the department of

defense. but over the course of the last decade or so, increasingly nsa in its information assurance mission is being called upon to provide defensive insight sbo how you stop penetrations. once a network is penetrated, how do you drive the opponent out and then how to configure the structure so they can't get back in. this is a huge growth for nsa over the last few years. in some ways i often somewhat internally joke with the team, we find ourselves becoming with fema of the cyber world. for others. because we're being told upon, hey, you have technical capability, you have capacity, you have expertise, how can you apply it as we're helping to defend both systems in the government. but i have previously talked about, we were called upon to assist in the sony response, for example. if you had told me as a military leader as the director of the n

srn sa that i was going to be involved in supporting a motion picture agency in how it was going to deal with a significant penetration, i'll be honest and say i don't think that's going to come up during my time as a director. opm, we were part of a broader team that provided expertise within the government in response to the aftermath of that. what i thought i would do then a just highlight where i think we are in both of those mission sets, iffy will. and then i'll be glad to take any questions on any topics from you. united states cyber command. the senior of the two jobs. where the fourth star comes from. not the nsa job. the cyber command job is considered within the military structure. as the commander of the u.s. cyber command i find myself as a traditional commander. i'm at a slightly different level but we all realize what the impact of cyber is and will

be across our department. we're working hard as an organization, as many other organizations are, as many other almosts within the government are, to ensure that as a department we have the capacity and capability to continue to operate within the face of adversaries who are determined to use vulnerabilities inherent within the cyber framework weapons networks platforms. and to exploit those vulnerabilities, to negate our ability to execute our mission as a broader department. that's priority number one, to ensure that our networks and our data and our key platforms and capabilities are fully capable of operating in the face of an adversary or adversaries who want to take away those capabilities. that's mission number one for us. to do that, as well as the other two missions you heard me outline, we are generating within the department of defense a dedicated what we call the cyber mission force. a force of dedicated focus, trained and organized cyber

professionals designed to provide the department a high end of capacity and capability. there's 6,200 people within that force. we're halfway through the build. i have to have -- 6,200 individuals are divided into 133 teams. the teams are specialized. some are defensive. some are offensive. and that capability i have to deliver at what we call a fully operational capability by 30 september 2018. so just over two years. we're going to reach the -- the goal is to reach initial operating capability of the initial force by 30 september 2016. i'm focused on making that we meet the timeline. the team is fully started and ready to go. it's an example in some ways of how cyber is different than some areas because demand at the

moment exceeds capacity. this is the one mission set that i've been involved in as a military professional for 35 years. we're not waiting until a team is fully constructed. we're putting teams on targets. think about what that means. you will not find in dod, we don't take a fighter squad rant. you've got five of your 22 aircraft. we're sending you to afghanistan. we don't say we've got a brand-new carrier coming out, you've done your builder acceptance trials but not your workup, we're fordeploying you to the gulf. the reality is we need to apply capacity as soon as we're generating it. we find ourselves in a situation a little unusual in the military arena. as soon as we get a basic framework, we're deploying the teams. it's an interesting leadership chal ledge at how you do that at the same time you're trying to build the team. but in the end it's the only option we have. we can't wait until 30 september

2018 and say now that everything is 100% fully trained, perfectly acliend, now hold us accountable for exercising the mission. it's not going to work that way. too many demands, too many requirements. it's very different for nus the culture of the department. i'm comfortable that we're going to meet the milemilestones. it's a lot of work. the department is very committed to this. sieb ser just one significant challenge within a breadth of challenges that the department is trying to deal with. i'm grateful and fortunate that the department leadership has acknowledged the challenges associated with cyber in a declining resource environment is willing to invest in those challenges, even as i acknowledge it never goes as fast as you want and you're never where you want to be. i never had a job before where i literally every day am thinking how do i make sure we're staying ahead of the adversary. we're in a race to make sure

we're generating capacity and capability and we're doing it faster than those who would attempt to do harm to us. and you get -- when you do this, as you watch what opponents are doing, as i watch behaviors out on the net, it's almost visceral. i just feel like every day we're in a race to generate capacity and capability before the adversary. that's invigorating, don't get me wrong. but i isn't without its challenges. every day in the cyber arena you find yourself in contact against a wides range of adversarieadve. nations who want to generate insights as to how our networks are constructed, adversaries attempting to penetrate our networks because they're interested in taking information, data, insight and knowledge out of our data network, asking how to apply that to get advantage over us or attempting to negate the capabilities that we have. so i would be the first to admit

you always get that sense of the challenge. on the nsa side, i try to remind people much like the department side, you know, one of our challenges is requirements continue to grow, the expectations of the knowledge and insight that the intelligence community is going to develop for our nation and our friends of allies, it continues to get larger. and yet at the same time budget is declining and you're trying to work. so how do you prioritize. how can you do things smarter, more efficiently. that's one of the reasons some of you may have heard about nsa 21 which is what we created out at nsa with the idea being how do we make sure that we're ever bit as good five, ten years from now as we have been for the last five, ten years. the nation is counting on us to be able to sustained these capabilities, to generate these insights to do it in a lawful way, to do it in a way that

generating confidence within the citizens that we defend. the nation is counting on us to generate the insights. so we've got to ask ourselves how do you do that in a world in which resources are declining and in a world with which the technical challenges that you're dealing with are getting more and more complex. the positive side i would tell the nation is you've got a great bunch of motivated men and women at the national security agency in united states cyber command. they believe in their missions. they believe in doing the right thing the right way. and they are committed to doing it within the legal framework. and that is the commitment that i've made since day one in my role as director of nsa and the commander of cyber command. we'll do the right thing the right way in accordance with the laws of the nation. and when we get it wrong, we will stand up and acknowledge that we got it wrong. i remind people, look. even with the great technology that we have, at its heart cyber command and nsa are two enterprises powered by motivated

men and women. men and women sometimes make mistakes. we're going to be organizations that stand up, own those mistakes and holds itself accountable. because that's what the nation is counting on from us. i think that i have no issue with that at all. that's fair. that's the way it ought to work. another challenge for us at nsa, as i said, so we've got these two missions, foreign information assurance requirements growing in both segments. resources not keeping up. again, that's another reason behind nsa 21. how can we do things smafrter, more efficiently, more effective lip. realizing the department is not going to change. if that's the case, what are we going to do. you can't keep doing the same thing the same way over and over again and always expect to get the same results. the world around us is changing and we have to change with it. technology is changing. the expectations of our citizens. the fact that we're competing

for the same workforce that the private sector is. how do you recruit, retain, ensure that you create a workforce that's adapted that can change with technology, that changes with mission. it's one of the reasons why i spend a fair amount of time out on the west coast in the valley and other places where i try to talk to my industry counter parts, so tell me how you recruit your workforce, tell me how you retain them, how you train them. what's effective for you. we have got to create -- one of the biggest things i'm interested in is the model within the military and nsa traditionally has been once we get you in the door you tend to stay with us a long time. i'm not sure that's a model that's optimized for the future. if you look at the rate of change that's out there. i'm interested in a model where how can you potentially for example start with us but then go work in the private sector for a while and then come back. how can you make us smart esh

about the world out there and how can we make the world out there smarter about us. one of the challenges that i found in the -- coming up oun two and a half years i've been in these jobs. i'm watching two cultures at times talk past each other. i'm watching the culture i'm a part of think they understand the outside world. oh, it's about money. and i go, stop. if you're out in the valley, your view is you are harnessing the value of technology to change the world for the better. what's wrong with that as an objective? that's every bit as a value to our nation and the world around it as those in government who say my mission so to help defend and provide for the security of our citizens and our friends and allies around the worl. wear not about money. we're about services something bigger than ourselves. and i watch these two cultures at times just talk past each other, each thinking they understand the other. and my experience is boy, we

don't. so these one of the reasons why i'm interested in, can we come up with a more permeable membrane where we can move people back and forth to have a broader dialogue that's based on facts. take the emotion out of this and let's deal with facts. and then we'll make a decision collectively as a nation. what are we comfortable with, what are we not comfortable with. the imperative for us i've always believed as a nation is both to ensure the security of our citizens, but to never ever forget that we've got to do it in a framework that empowers the fundamental rights of those citizens. the governing document for our nation doesn't start talking about the power of the state. it starts talking about the rights of every one of us as citizens. but that same document also talks about the role of the government in ensuring the safety, security and prosperity of its citizens. so we've got to figure out how are we going to meet both of

those incredibly foundational and important premises and tenan tenants. it can't be one or the other. we've got to do both. and i spent a lot of time as the director of nsa in particular asking myself how do we do both. how do we do the mission in a way that engenders confidence and trust in a world in which competence and trust is not easy to come by. don't worry about the issue associated with nsa. i think we've got to deal with the reality, as a nation we've got to be honest with ourselves. we have increasingly low confidence in many of the structures that we've created over time to govern ourselves and to help ensure our capabilities. and so what's happening, you know, in my little slice of the world is happening in a much broader dialogue. and the sad part is, it isn't anywhere near as much as a dialogue as it needs to be.

angry people yelling and screaming at each other generally doesn't generate better outcomes or solutions. you can argue about this, a whole lot of other issues. we've got to figure out how are we going to have a dialogue ap how are we going to figure out how we're going to keep moving ahead and how are we going to do it in a way that engenders confidence. at the same time it's ensuring our security and our basic rights. so collectively as a nation we'll work our way through the challenges. as i said, the foundational point for me is, i always remind n srk nsa, the touch stones for us, we always obey the rule of law, if we make a mistake we acknowledge the mistake and we own it. we don't take shortcuts. that will get you in trouble. you don't take shortcuts. so you keep those three things in mind we're going to be exactly where we need to be. on the u.s. cyber command side, as i've done this for a while

now in multiple jobs, what the u.s. cyber command team hears me talk about is if you want success in cyber, if you want to generate cybersecurity cape abo aboutabili capability, we've got to be fast. in the world of cyber the time factor is so compressed compared to many other things. i mean i can remember early in my career worried about, as a cold war worrier, i'm that old, we would talk about depending on the scenario in a weapon was launched off a land mass or a submarine, we would have anywhere, if my memory is right, 12 to 25 minutes to try to decide how we're going to respond. 12 to 25 minutes in the world of cyber, boy, it's already happened now anywhere in the world. that was the intended target. so speed gets to be really

important. agility. we're working against adaptive adversaries constantly changing their targets and they're changing the way they go after the target. responding the same way every time is not going to work over time. adversaries get smart and they learn. that's what we do. we study opponents, study their behavior, how they work and we try to anticipate bated on that knowledge what they're going to do. i don't pretend we have perfect knowledge or insight. part of this is getting to a mind-set that says, how can we be agile. how can we change and adapt. it's not unique to cyber. you know one of the maxims you learn is no plan demands contact. once you're in the purr ball, doesn't matter if you in an air-to-air engagement, on the ground in a tactical environment. boy, once you enter the fight, the plan is a point of deviation and you try to use your training

and knowledge to adapt to the environment that you find yourself in right now. it's no different for us. and then precision. it isn't enough to be 99.9% accurate. you've got to be 100% accurate. you get one digit wrong in an 11-digit ip address and you're in a totally different place. you've got to get precision. it's interesting to watch an organization bring those together, speed, agility and precision. let me understand it, sir. you want me to be fast, you want me to be able to change but you're telling me to be precise. and i'm going, you have grasped the concepts. that's what we've got to do. it isn't easy. i'm the first to admit. but i think it really is the key to success for us in the future as we try to look at so how are we going to defend the dod networks, how are we going to generate capability that provides operational commander es and policymakers a broader range of options. and with that rather than me

talk at you, i look guard to the dialog dialogue. thank you for being here today. if there's one thing you learn in the cyber mission, and this is true for government, it's true within our specific department, true more broadly, true in the private sector, this is the ultimate team activity. i have never been involved in a mission set in 35 years -- i had 35 years at commission service next month. i've never been involved in a set of activities where your success is so predicated on the behaviors and choices of other organizations. you have got to create strong partnerships. and you have got to exercise those partnerships before you get into contact with an opponent. if there es ooh one thing life in the military teaches you, discovery learning when you' moving into contact with an opponent is an incredibly bad way to learn. it generates higher rates of casualties and loss. it's more resource intensive. and it really lowers probability of successful mission outcomes.

cyber is no different in that regard. we've got to train, we've got to exercise, simulate to the maximum extent that we are. what do we think of the encount are before we encounter it. so probability of success, we start at a much higher point. and that's as much about culture. let me kond colluconclude with . i apologize. i always tell both hats, cyber command and nsa, don't ever forget that at the end we're dealing with a choice that some human made on a keyboard somewhere else in the world. there was a man or woman at the other end of this. secondly, remember this is the one mission set that i can think of where every single user out there is both a potential point of advantage and a potential point of vulnerability. we don't give weapons to everyone in the dod. we give a keyboard to everyone

in the dod. literally everybody has got access to an unclassified system, higher level classified systems and suddenly now you find yourself in a scenario where, if you're not careful with you could have the greater process and yet bad user behavior, bad choices start to make your defensive abilities really challenging, really difficult. and so a big part of this is hey, even as we focus on the technology piece, making sure we have sound networks and that our platforms reflect redundancy, resiliency as core design characteristics. i also remind people never ever forget the human dynamic in this. it's about making sure that our individual users understand that they will be making choices that have broader impact. at the same time it's using strong leadership, good organizational skills, how do you create that high end cyber mission force that's optimized to deal with these challenges.

that's one of those missions at cyber command. you, as i said, if you could see the men and women that are doing that work -- i just had this -- we do a major exercise series every year. we just finished last month, at the end of june. and as i was bringing some people through -- in fact a couple of people from the hill, as a matter of fact. they were asking -- and i had never -- this was not prestaged. i had never met this individual before. we're getting a brief from the team, happens to be a navy guy in this case. a young petty officer. and i turned to the senator who i was escorting and said, senator why don't you ask him why -- about the journey that brought him to this job. and ask why he is doing this. and i did that honestly, not knowing the answer. but i thought well, this guy seems really motivated. seems to really like what he's doing. sure enough, i thought he was pretty typical. he joined the navy not to do

cyber initially. he was an operation specialist. the skill set we have in the navy in a dark room on the ship where all of the radars and the tactical picture comes together, the weapons system, we call it the combat information center on most ships, he used to operate that equipment. he said hey look, i really wanted a different challenge. so he walked the senator here's the training i got, here's the two tours of duty i've had now as a cyber professional and the senator said why are you still with the dod? why didn't you consider leaving? you could have made a whole lot more money on the outside. he didn't miss a beat. he turned to him and says, because i can do things here that can't do outside. because i can make a difference and serve something bigger than myself and because they let me do some really neat stuff. then he says, let me show you. the next thing i know he's at a touch screen, let me show you this.

and i'm watching, wow this guy. thank god we have men and women look this. he loves his job. he considers himself a warrior of the 21st century. he's dedicated to being the best he can be and he'll willing to work hard to generate more insight to apply it. even as he acknowledges sure i could do some other things on the outside. we're lucky to have men and women look that. with that i look forward to your questions. [ applause ] >> thank you admiral. you started off by saying, i believe -- i believe you started off by saying you don't want to take any questions about siisil but this being the national press club i'm going to make that my first question. we're journalists after all. without getting into methods, how successful has the campaign been against isil?

>> i'm not, i'm just not going to get into specifics. you can keep asking but i'm just not going to get into specifics. >> my second question -- i'm kidding. >> let me rephrase, your. i have this friend who -- >> asking for a friend as well. all right. i'll change gears a little bit. admiral this week you testified about the challenges of encryption before the senate arms services committee in a closed session. without getting into anything classified, can you talk about some of the challenges that the nsa is working with them on? >> so, i was testifying before the senate arms services committee predominantly in my role as u.s. cyber command. one of the things the committee wanted to talk about was, so what are you views of encryption, what are some of the challenges that you're working your way through. and i always start out by telling people, look, i don't know what the answer is. i don't come to this with oh, i know what the solution is. i'm struck by several things. we're a nation of can do. you go out in silicon valley and

you see motivated men and women ha harnessing technology and created a civilization that's the envy of most of the other world. created capabilities that have empowered a level of knowledge sharing that this planet has never seen before. think about that. our ability to access information in the format, in the medium of our choice laterally anytime, anywhere, none of our previous generations had that advantage. that has done some amazing things. generated unparalleled economic growth, learning, insight, those are great things for us. that same team, i say, you're all about the power of possibility. so can we start talking about what's the power of possibility here?

because right now we're spending a lot of time talking about what we can't do. and i'm just struck by look, we're a nation of possibilities. let's talk about what we can do and then let's have a dying log about what we should do. because those are not the same thing. just because you can do something doesn't mean you should do something. i'd be the first to admit both as cyber command and the director of nsa, we're one small part of a much broader dialogue. so oftentimes i get asked what is the impact of encryption on your missions. this is really on the nsa side. and i remind people we're watching a world where many actors of concern to this nation and those of your friends and allies are hamanner necessaryin the same in addition. they're using that same capability, the same technology to generate money, to coordinate

attacks and to generate violence against us and other nations around the world. we got to ask ourselves, how are we going to deal with this. encryption is a positive thing. it's fundamental to the future. i don't see a solution where we go, we don't need encryption. it's bad. i reject that idea. i don't know what the answer is but again it goes back to my comment about could we really have a dialogue about this and start the talk about what's in the realm of the possible and then let's facilitate a broader dialogue about what we should do. this is something collectively as a nation i would argue you don't want the intelligence world telling you what the answer is here. i don't -- likewise i don't want a company necessarily telling me what the answer is here. i don't want a government agency necessarily telling me that. what i want is for mike rogers, could we engender a broader dialogue as a society about what are we comfortable with here? and what makes sense for us.

realizing there isn't a single answer here. but this problem is not going to go away. and it isn't just about insights about what's going on for foreign adversaries. you're watching criminals exploit our youth, guns, drugs, die violence using these same capabilities. we've got to figure out how we're going to deal with it and how we're going to deal with it in a way that ensures that our rights are adequately protected. the answer is not, well, just let the government do what it wants. i don't think you're going to hear that from the government. i think we realize that's not what we're about. that's in what we should do. >> that leads to the next question, actually. have americans given up some privacy in order to bolster national security. should they have to give up that privacy and security coexist? >> i would argue step back, think for broadly than national security. i would tell you in the digital world we live in, the idea of an

himty is extremely difficult to execute. forget about the executions of the national security. just more broadly. i think every one of our in our personal lives deal with this challenge all of the time. you know, what does anonymity mean. what does privacy mean in the 21st century. i'm not sure it's exactly the same thing as the analog world of the 20th century. and we're trying to figure -- i don't know what the answer is. but i'm just struck by, wow, the world around us is really changed and there's a lot of itch occasions for this that i'm not sure we all collect tiffly fully understand. but we've got to put our mind to this and think about that. questions like this are incredibly foundational for us as a nation. >> do you think a cyber pearl harbor is inevitable and what form might that come in, an attack on the power grid? the financial sector? >> i generally don't use the phrase pearl harbor was the

analogy is that pearl harbor was a bolt out of the blue. i don't think anybody is surprised by the amount of cybersecurity that we're seeing. the positive side is we generally have broad recognition and acknowledgment that we have an issue here. that wasn't the case five, ten years ago. we were still in the come on, how big could this be. really? that's not realistic. you look at what happened in the ukraine in december with the power grid, you look at sony, there's plenty of instances out there now. hey, this is something real. and i don't see it stopping. as you said in your opening remarks, i said that in my testimony when i appeared before the senate for my confirmation hearing. it's the when not the. and we've got to figure out how to deal with this. back to my comments in any introduction, i don't want to start dealing with this for the

first time when we're in the middle of a major sigher event. that's a bad time to start learning. u would much rather start now. we're doing that. that exercise sequence we do every year, there's two parts to it. the second part we use as a tool to certify and train within the dod. the first part we simulate how the dod would partner with the department of homeland security, the private sector, fbi and otherments to protect critical inf infrastructure. we bring in both active guard and reserve, we bring dhs, the fbi together, other elements within the government. we actually create realistic networks that simulate real configurations out in the private sector and we ask ourselves, how do we defend it, how do we respond, wha are the lanes in the road, what's the best approach to solving the problem. we're working or way through it. but the size of the

infrastructure that we have as a nation, we're the most advanced, the most dij nally driven nation in the world, certainly on the scale that we are. that's a whole lot of turf to make sure that is sound and defensible. that's a lot of work. it's work that's going to take au all of us. as i remind my dod teammates, if you think rogers and a 6200 high end warriors are the answer to the total problem set, we don't get it. it's how to apply the 6200 as part of a broader team that's spread across our services and our forces, how do we tie that all together? an integrated cohesive way that's focused on a common strategy and got a common vision on how to defend our key platfor platforms. and i would argue it's the same thing in the private sector. >> what does cyber war really

mean. when i ask the question i'm trying to get to the point of when would more of the traditional response, bombing of the nation or something like that respond to a cyberattack against the united states? >> look, the response to an event is driven by many factors. how would you characterize the event, what was the intent of theed a very ra ed a veadversar. what was the impact. you wouldn't respond to a minor event the same way would wouyou something major. so i always try to remind people, my experience leads me to believe you don't have a one size fits all. that we've got to think about in a very nuanced way on how to do this. the second point is much is true that i've found in the kinetic world in the traditional do mains. just because somebody comes at

you one way doesn't mean you've got to respond in the same way right back at them. if you look at the way we as a nation opted to respond to the sony penetration, we used the economic lever in the form of same-sexes as the initial response by design. i'm just part of the dialogue. we need to think about what are the full range of capabilities and advantages that we enjoy as a nation and how do we appellee those in a very focused specific way. and the response idea. not well you just default to whatever they did to you, you got to do to them the exact same way. i'm not a big fan of that approach personally. >> thank you, sir. we talked about edward snowden in the introduction. have we been able to assess the damage done by snowden and bradley manning? >> do we continue to see impacts from all of this? yes. will the impact continue to unfold over time, i believe it

was. >> how big was the impact? >> i have publicly characterized it before previously as significant. i'm watching targets of concern to this nation, our friends and allies change their behaviors, change what they're doing especially because of the insights that they've gained as a result of the disclosures. and again i try to remind people, take the emotion out of it. we all need to deal with facts and then we'll collectively decide. so what are the implications to that. >> there was no internal mechanisms required by law or executive order such as whistle-blower protections that allowed far contractor to bring concerns to a superiors or a third party. has that been reconciled? >> i disagree with the premise. >> there are protections right now. >> i disagree with the premise. what's the next question? [ laughter ] you'll find i'm a very direct individual. >> that's good. i have a lot of questions about snowden. so we can get to some of these. it's been three years since the

snowden leak. americans now know as much as snowden did. given the many americans and majority of representatives in congress agreed that the nsa practices needed to be reformed, should edward snowden still be prosecuted for espionage? >> that's a topic way beyond my role. [ laughter ] i hope you realize, this is not a line of conversation that's going to be particularly productive for you or for me or all of you. but i'm willing to continue this way if you would like. >> that's okay. we would like to ask them anyway. in retrospect, what should the nsa have done differently in the aftermath from 9/11 to the snowden leaks. >> clearly we went to generate more insight, helping to defend our nation and protect our allies. at the same time i think one of the takeaways -- i think about this so what does it mean to be a leader in the intelligence

world in the 21st century and how is that different from when i started my journey in this profession decades ago now. i can remember the culture that spawned me was focus on the mission, you don't talk about what we do, don't talk about how we do it, don't even acknowledge what we do. you do the mission. do it lawfully and do it the right way but don't ever talk about it. you don't want to camp mize what we do. you don't want to give an adversary insight that thaw can turn against you. now i find myself as a leader acknowledging, hey, look, we've got the engender confidence in the nation we defend. and one of the way to engender that confidence, we've got to have a more open dialogue. for me, what i try to do, i'm willing to talk in broad terms about what we do. but to how we do it, that's kind of for me at least where i draw the line and just say look, if we're starting to get into the how, now i'm going to compromise capability and that's a bad

thing for us as a nation. and so for me that's how i try to balance those things. and so i think to myself, you've seen it in the way nsa has declassified documents, you've seen anytime the way we're trying to interact more with the public. you've seen anytime the way we're trying to create partnerships in the academic world as we're trying to build a workforce for the future. how do you have a dialogue that tries to strike that balance. hey broadly, here's what we do and that you as a nation should feel comfortable that there's a level of oversight and yol in what we do. and that we're just not acting in a capricious manner arbitrarily doing whatever we do. it doesn't work that way, guys. nsa is one executive order and four laws, four laws that drive everything we do for our foreign intelligence mission. >> don't you find that is more of a challenge though because

americans hearing generalities and vagueness and trust us guys -- >> you didn't hear me say trust us. i think one of the challenges is again step back tony comment about the broader context. so if you -- i'm a fan of history. if you go back to the 1970s when many of the mechanisms that are in place today were actually created, the committee in the late 1970s in the senate, the committee said, you know, we need to create a framework that strikes that balance where we can't publicly broadly talk about the specifics of what we do but we want there to be a level of oversight about what we do and how we do it and we need to do it in a way that our citizens should have a measure of confidence. the mechanism that was created then was the idea of congressional oversight. as the dually elected representatives of each and every one of us who is a u.s. citizen in this room, we gave complete openness to those individuals. and so if you look at the aftermath of the disclosures,

what did you get initially. for both of those committees on both the chair and the ranking member, in the immediate aftermath you got we have full knowledge and awareness of what nsa is doing, we're fully briefed, it is fully compliant with the law and we believe it generates value for the nation. and yet collectively what was our response? hey were i'm not so sure i have that same level of trust. why. i remind people all of this is happening in a broader context. our belief in many of those government governmental structures that we put in place is not the same as it was 40 years ago. likewise we created a court. hey, how do we create a legal framework where for many of its action bs, nsa and other elements within the intelligence world have to go to an independent entity in the form of a judge and make a case on a legal basis for why they should be allowed to do what they're doing.

let's use a judge. let's create a court. thus was born the pfizer court. 40 years later you have people asking, got it, court, but look at the way you structured it. it hears the government's argument. it doesn't have an adversarial viewpoint, for example. 40 years ago we thought that was perfect construct. now we find ourselves in a different environment with a different view of the world around us and we say to ourselves, maybe i'm not so sure about that. so i only highlight to people to say step back, remember the context when all of this is happening. the very mechanisms that we put in place to engender the trust now in many ways have very different view from the citizens that they're supposed to generate that for. they just look at the mechanisms differently and say, i'm not so sure i get that same level. so one other thing that i think we're going to be working our way through is what is the appropriate mechanism to provide that oversight and that level of trust. and again, that's something that broadly as citizens you need to

be comfortable with. i shouldn't be determining that. >> thank you, admiral. we're going to be like best friends after this. right? all these tough questions. >> could you ask me acybercomma in this dialogue? >> i'll get to it. sticking with one as is the president's prerogative, a local question. let's talk about the nsa's utah data center which has become a symbol of the agency's larger digital reach to our world. it's a large facility. is it fully operational? have you experienced any problems getting up online? and with the growth of data needs, how quickly we have to expand it or look for other locations. >> the utah data center someone of several data centers that we have constructed that are designed to enable us to how do you deal with this digital age, where increasingly data sizes are growing. so we consciously step back. and this is a decision about ten years ago. we need to create a framework that is going to enable us safely store, secure and access

that data. so the facility in utah is one of those. where we've tried to take all that we've learned about how you secure data, how you control it, how do you put it in an environment where it stays safe, where it's in the right climate. you put a lot of servers together, simple things you probably don't care about. but heat generated. if you design data centers for the digital age of today versus the past, i never thought i would get into studies of how you provide cooling and electricity. and yet we've done that we've tried to do that. in fact one of the reasons for the location in utah quite frankly was some of the power aspects. and the facilities in place. i've been out there once in my time as the director. we're in the midst of fully outfitting it right now. >> how quickly will you need to expand or have other data centers? >> boy, i don't know.

the only thing i can think of is full motion video and isr airborne intelligence surveillance requirements. you look what we've done in the wars in the last decade, 15 years. we're operating with a level of airborne isr today that 15 years ago we never, ever thought, envisioned. and at the time we said to ourselves boy, you're never going to need anywhere near this. yet now we say to ourselves, wow. the future has changed in ways we didn't anticipate. so i'm comfortable with capacity. for right now. it's something we continue to watch. and if we feel we need more capacity, we'll go to the congress, to the department and we'll request it. >> let's talk about cyberfor a second. do you see cyberas a first strike weapon that we could use as a first strike or we could use to incapacitate enemies. and should we work in cyber? >> first question is a policy

question. that's not my role. >> could it be? could it be used -- >> you got to come up with a better question than that. could it be? so that's a broader policy piece. what was the second part of it again? i apologize. that i thought hey, that's really in my wheel house. i can answer that part. >> should we integrate this into military policy. >> yes, we should. i believe. our view within the department is cyber is a tool that we should make available to commanders. it is a tool much like any other capability in our department. should it be used in a coherent, legal framework in which proportionality and the directives of response is very specifically assessed and measured and is a primary criteria in the decision to apply it. and that any application of this capability in an offensive framework should be done fully within the law of armed conflict.

the same criteria that we use when we ask ourselves should we drop a piece of kinetic ordnance on a spot on the earth? we need to be asking ourselves those same kinds of questions. we need to make sure we use this in a proportional and appropriate manner. no different than any other piece. i'm not arguing it's exactly the same. but the thought process very similar. >> do you believe congress has been responsive in effectively crafting a national cyberpolicy? and what else could congress, the obama administration do that would help your direction to what you need -- >> way to put that that would put that at the very end. very good. so first of all, policy in broad terms is generally an executive branch responsibility. congress provides specific insight and direction based on their perspective. as a department, we have outlined a comprehensive dod cyber strategy.

the current version we signed out in april of 2015. you can see how that strategy has evolved over time. if you read the first strategy that we published in an unclassified way, i think it's the 2010, i think it's approximately 2010, very generic. didn't talk about specifics much. then if you read the strategy we just published now, the current strategy in april of 2015, we built on what we did initially. and for the fist time, we start talking about concept of deterrents. we public acknowledge in an unclassified document that the department is generating offensive capability since that strategy was released, as i said, we publicly acknowledge that we're using it in an area of hostilities against the particular adversary. you can see how this played out over time. you'll see it continue to do that, i believe. but i'm the first to acknowledge, and quite frankly,

it's one of the reasons i'm here today, and try to do things like this. we've got to get ourselves to a point where we can have a broader dialogue about some of these implications in cyber, both defensively and offensively as a nation. and what are we going to be comfortable with. we've got to try to change the current dynamic. now, we're all victims of the culture that spawned us. so i am a military guy. so that's the culture that i am from. that culture teaches me you want to get ahead of problem sets. you want to shape adversaries actions, choices and behaviors. you want to drive adversaries to behaviors and choices that facilitate advantage for you if possible, not for them. and yet many in some ways in the cyber arena, as we're trying to work our way through those questions, you know, day to day, you feel like we're just responding. we're just reacting. that is both a resource

intensive approach to doing business. it tends to put you always in a response and an anticipatory set of actions, and it's a whole lot harder and it takes a lot longer. so i think over time, we've got to change the dynamic where we create concepts of deterrents, norms of behavior where actors in this space understand what is acceptable, what is not acceptable. what will elicit a response. we've done that in many other areas. we will over time i believe in cyber. it's just that cyber is newer than some of these other areas. so collectively we all are still trying to work our way through lat of things. >> oh, sorry. >> you're fine. i'm going to ask two final questions just for fun, admiral. before i ask those last questions, quick announcements. the national press club is the world's leading professional organization for journalists, and we fight for free press worldwide. for more information about the

club, please visit www.press.org. i would also like to remind you about upcoming practice. august 1, jonathan jarvis will address the club. and on august 14, the award winning actor michael york will speak from this podium. also, i would please ask the audience to remain seated until admiral rogers has exited. i would like to present our guest with the national press club mug. i promise you it's not bugged. >> thank you. thanks very much. [ applause ] >> so i'll ask you two final questions. first question. do you play pokemon go? second question, as a chicago native, do you think the cubs will win the series? and is there anything the nsa can do to get them out of that 100-year drought? >> so i am a north -- no, i do not play pokemon go. i do not. although i'll watch net utilization jack up with this thing.

secondly, i'm from chicago. lived there my whole life before i left to college and then joined the navy and got my commission. i'm a northside guy. so i'm cubs all the way. boy, i sure hope we're going to win the world series. it would be interesting coming out of the all-star break. so we'll see if we get a little at the pitching rotation where it needs to be. keep driving on. if you're a chicagoan, this is the first time i can remember in my entire life what it means to be favored to win the division, let alone the pennant and the world series. i mean, i can still rattle off, i can tell you the starting lineup for the 1969 collapse where the mets overtook us in september. such is the world that i live in as a chicagoan on the north side. thanks. >> well, thank you, admiral for being here and trying to answer some of my questions. i'd like to thank the national press club staff, staff for the journalism institute.

thank you, and we are adjourned. [ applause ] next, attorney general loretta lynch testifies about the decision to not prosecute hillary clinton's use of a private e-mail server while secretary of state. then a discussion on the future of unemployment insurance. and later, president obama talks about community policing and criminal justice. attorney general loretta lynch testified