FROM: U.S. DEFENSE DEPARTMENT
Cybercom Chief Discusses Importance of Cyber Operations
By Jim Garamone
DoD News, Defense Media Activity
NATIONAL HARBOR, Md., April 14, 2015 – Cyber is an operational domain, and military leaders are going to have to understand its importance and the opportunities and challenges of operating in the domain, Navy Adm. Michael S. Rogers said here today.
Rogers, the commander of U.S. Cyber Command, director of the National Security Agency, and chief of the Central Security Service, spoke at the Navy League’s 50th annual Sea-Air-Space Exposition. The admiral participated in a panel entitled, “Cyber, Electromagnetic War and Information Dominance.”
Rogers commented on the speed and growth of the cyber domain.
“The world around us is changing,” he said. “The spectrum and the network are converging. That represents vulnerability and opportunity. How do we set ourselves up to take advantage that opportunity while addressing that vulnerability?”
Cyber is an operational domain in which the U.S. military conducts many operations, “many of them like we do in any other operational domain,” Rogers said.
Understanding Cyber Culture
Getting traditional warfighters to understand the importance of cyber operations -- both defense and offense -- requires an understanding of culture and ethos that is more important than just technology, Rogers said.
“We have got to get beyond focusing just on the technical piece here,” Rogers said. “It’s about ethos. It’s about culture. It’s about warfighting. It’s about how do you operationalize a network on a warfighting platform, and what does that mean?”
He added, “It ain’t just a bumper sticker and it’s not just a slogan.”
In the cyber domain, the emphasis on operations will drive how to man, train and equip organizations, the admiral said. It also drives how the organization is structured, he added, and what operational concepts are deployed.
“It’s about how we are going to fight,” he said.
Capitalizing on Information Dominance
The Navy and the other services must put themselves in a position to capitalize on information dominance, the admiral said.
In June, the Navy will mark the 73rd anniversary of the Battle of Midway, said Rogers, noting that Midway changed the tide of World War II in the Pacific. An overmatched U.S. fleet sank four Imperial Japanese Navy aircraft carriers in a desperate battle off the strategic island of Midway.
It was through signals intelligence, code-breaking and communications that then-Navy Adm. Chester Nimitz knew where to position the few U.S. aircraft carriers he had in the region to win the battle.
“As an information warfare officer, as an information dominance officer, I take great pride in the role and capability that our predecessors brought to really make a critical difference in an operational outcome,” Rogers said.
Looking forward, cyber warriors must be able to provide the intelligence to win those battles and more, Rogers said.
How much better it would be in the future, he posited, “if we could not only provide those operational commanders great situational and environmental awareness, but what if we could provide commanders the ability to attempt to bring non-kinetic fires to bear, to give commanders assured command and control, because opponents are going to be contesting our command and control?”
Rogers said he’s pleased with the progress the maritime services have made in regard to cyber and the spectrum. But more needs to be done, he added.
The services, he said, need to factor cyber into every decision.
“Now we are in a totally different operational world,” he said.
A PUBLICATION OF RANDOM U.S.GOVERNMENT PRESS RELEASES AND ARTICLES
Showing posts with label NSA. Show all posts
Showing posts with label NSA. Show all posts
Tuesday, April 14, 2015
Saturday, March 14, 2015
SECRETARY CARTER'S REMARKS TO CYBER COMMAND WORKFORCE
Above: SECDEF Discusses 'Cyber Force' at USCYBERCOM Troop Event
FROM: U.S. DEFENSE DEPARTMENT
Remarks by Secretary Carter to U.S. Cyber Command Workforce at Fort Meade, Maryland
Presenter: Secretary of Defense Ash Carter
March 13, 2015
SECRETARY OF DEFENSE ASH CARTER: Thank you all. It's -- first of all, thank you, Admiral Rogers. We count ourselves very lucky to have you in charge here, and we count ourselves very, very lucky to have each and every one of you I see in front of me.
I've been learning some today about getting really updated on the development of CYBERCOM and also NSA, the two magnificent institutions represented here and that you all serve, and that we're so grateful that you serve.
This is, in fact, the first troop event I've done as secretary of defense in the United States. And there's a reason for that. And that is the importance of what you're doing to our department and our country. That should tell you something about how vital the mission is that you all have taken on, how important it is for the security of our country and, for that matter, the security of our economy and our people in their individual lives, because cyber touches all aspects of their lives.
So, if you do nothing else and get nothing else out of this encounter today, I want you to do one thing, which is to go home tonight or make a call or tweet at your family, or do whatever you people do -- (Laughter) -- but in whatever medium you use, please tell them that you were thanked today by the leadership of the department, and through us, the entire country, for what you do.
We don't take it for granted. You're what we wake up for every morning. Your service, your sacrifice, your professionalism and your welfare and that of your families is all we do. That's all we care about. And we're so, so grateful for it.
And with all that's going on in the world, from Iraq to Ukraine to the Asia-Pacific, the domain that you protect, cyberspace, is presenting us with some of the most profound challenges, both from a security perspective and from an economic perspective. The president had a cybersecurity summit a few weeks ago, in which you can see that our national leadership at every level is really seized with the need to get on top of this problem.
So cyber, which is what you do, is a marriage of the best people and the newest technology. And that being the case, and it being the case that there's a high demand for both of those things -- the best people and the newest technology across the country -- means that we, and I know this, we as a government and a department and a military need to be open to that -- those sources of good people and new technology. We need to be open in order to be good in this field.
And that means we need to build bridges to society, bridges that aren't as necessary in other fields of warfare that don't have a civilian or a commercial counterpart to the extent that this field does. So we have to build bridges and rebuild bridges to the rest of our society.
And that means we need to be open. And of course, we can't be open, given what you do, in the traditional sense. But we need to be open to new ideas. We need to be open to people we can't always tell them what we're doing, but we need to be open enough with our government so that it knows what it's doing, so that its officials can in turn turn to our people and say, "I'm sorry I can't tell you everything; you wouldn't want me to tell you everything that is being done to protect you because that would undermine our ability to protect you."
But you should trust that your senior officials and your elected officials and so forth are acting on your behalf. And I think we do have that trust and that people do understand that what you're doing for them is necessary and being done in an appropriate manner.
We need to be open generationally. We need to be open to a new generation because we need the young to be attracted to our mission. We need people who grew up with technology that was not available when I was growing up, and therefore have a sixth sense about it, which I can never have.
And that will be true when even those of you who are now the young people in front of me who are so smugly nodding your head. (Laughter) You, too, will be overcome by new technology at some point. And then also we'll need a new generation.
So our institution in general has to be an open one because we're an open society. But in order to be really good at anything, but especially good at what you do, we need to be open to a younger generation. That's incredibly (inaudible) your leaders know that. I've talked to them about that. And we know that that's the only way we're going to continue to have an elite core of people like the ones who are sitting in front of me right now.
And, you know, I actually think that in that regard, the development of the cyber workforce, which we are working on now, can be a model for other things we do in the department. The freshness of approach, the constant effort to stay up, reinvent, that your field demands is actually something we can use everywhere in the department.
So we're looking to you in a sense as a model and a trailblazer for many other things we need in the department. One of the things that I've said I'm determined to bring to our department is openness to new ideas. That's the only way that we're going to remain what we are today, which is the greatest fighting force the world has ever known. That's the way to do it going forward. And we -- we will.
For -- for the institutions that you join, be they military services or field agencies or new -- new commands, they are trying to figure out how to welcome this new breed of warrior to their ranks. What's the right way to do that? How do you fit in?
I had lunch with some of you earlier today. We were talking about how this skill set and this professional orientation fits into the traditional armed services. And of course, it doesn't fit into the traditional armed services. We have to figure out how to get it to fit in, so that you all have a full opportunity to bring to bear on your careers the expertise that you gained here and the sense of mission that you felt here, and carry it into the future.
I know that's a challenge in front of us. And you all feel it in your individual careers. And I'm determined that we together create that fit, but that comes with doing something new and different and exciting. You're going to be pathfinders, but we'll find the path together.
You are, whether you're civilians, military, contractor, all parts of our -- our workforce. We regard you as on the frontlines in the same way that last week I was in Afghanistan, and we have people on the frontlines there. It is the front line of today's effort to protect our country. And while you may not be at risk in the way that the forces are -- physical risk in the way our -- in Afghanistan, we are requiring from you a comparable level of professionalism, excellence, dedication. And I know you show all that, but we count on it, because you really are on the frontlines.
NSA and CYBERCOM, two -- one around for a long time, another one kind of brand new. A lot of people wonder what's the relationship between the two. And we pretty much have that in our heads. But the honest truth is, it's a work in progress. We're working out that relationship.
My view is that we're doing the right thing in having the leadership of those two organizations be in the same place. And one way of thinking about that is that we just don't have enough good people like you to spread around. And we need to cluster our hits as a country. And that's one of the reasons why we're going to keep these two together, at least for now.
I want you to know that in addition to thinking through how you're organized and so forth, that a big priority of mine is going to be to make sure that you're getting the training and the equipment and the resources you need. This is a very high priority area. And, you know, if you read about sequester, which is a terrible, stupid thing that we are doing to ourselves -- I have nothing good to say about it. But I think that even in the era of sequester, we understand that this mission area is one we cannot afford not to keep investing in.
And that means that that fact, together with our determination to help you chart rewarding, lasting careers in this field, those two things together ought to tell you, also, how much we value what you do.
Let me make one last point, and this is something that you all know, but it's important to remind our fellow citizens and, for that matter, the rest of the world, and that is we are -- we build our cyber mission force, it's the kind of country we are, to defend the openness of cyber space, to keep it free.
We're the ones who stand with those who create and innovate against those who would steal and destroy. That's the kind of country we are, and that's the kind of cyber force we are.
We're going to execute our mission while being as transparent as possible, because that's also who we are. And that's why I wanted my remarks to you to be public, which they are, if you see them being filmed here. That's an unusual thing for you, and I know that some of you can't be seen on television because of the nature of your work. And it's rare that media come into the premises of this organization.
But I wanted not only you to know how important we know what you do is for the country, but everyone else to hear that as well. So what that means, I suppose, is that even if you forget or are too lazy or for some other reason don't tell your family that you were thanked today, they're going to learn anyway.
(Laughter) So I suggest that you beat the media to the punch and, once again, go home, call home, call a friend and say, today I was thanked by the leadership of my department and through them by the country for what I do.
Tell them that. Thank you very much. We'll have some questions?
So, there are two microphones here, which in NSA fashion are only connected by wires to the floor. So, have at it. Any subject at all. Any question or comment.
Q: Mr. Secretary, in a budget-constrained environment, what are your top priorities?
SEC. CARTER: So, the question was, in a budget-constrained environment, what are my top priorities. And that's -- first and foremost, our people. That's got to be number one, because that's what makes our military the greatest in the world. It's people. It's also technology, it's also lots of other things, but it's principally -- it's first and foremost our people, and that's something we need to keep investing in.
Now, I know that that's not the only investment we make, and we do have to have a balanced approach to defense spending, because each of you wants not only to be adequately compensated, but you want to have other people to your left and right, as you do what you do. You want to have the best equipment. And you want to -- and you don't want to go into action without the best training.
So each of us wants to see some balance in how we spend the defense dollar.
But it's not just a matter of money. It's a matter of caring about our people, making sure that the safety and dignity of all of our people is respected, and all those things that we have responsibility for.
So, number one, for me, is people.
And the second thing I would say is we need to be an open institution. Open to the rest of -- because the way we're going to stay excellent is to be the most excellent part of society. And to do that, you have to be pulling from society the very best and the very best people.
And you guys are superb. And this is why people want to hire veterans so much, because you're all so good. That's why you're such good people to hire. And I know that's another problem, and I don't want you being hired away either. (Laughter) And I can't stop you.
But the reason that people want to hire you away is you're so darn good.
Q: Sir, you spoke of military needing to find a way to fit in within their respective branches. What are the possibilities of establishing a cyber branch of service, much like the Army Air Corps became the Air Force?
SEC. CARTER: It's a very good question. And we have asked ourselves that over time. And there may come a time when that makes sense. I think that for now we're trying to build upon our strengths. We're trying to draw from where we already are strong and not to take too many jumps, organizationally, at once.
So, you know, we're trying -- why has cyber come here at Fort Meade? Well, you know, because we didn't want to start all over again somewhere else. Because we didn't feel like we could afford to do that.
And, as I said, maybe there'll come a day when these two things will each be so strong and different, that they won't need to be in the same place. But that's not now.
There was some question initially about why we used so many uniformed people in the first place. Maybe we should be using more civilians or contractors.
We started where we thought we had strength. And I think you have to look at this as the first step in a journey that may, over time, lead to the decision to break out cyber the way that you said the Army Air Corps became the U.S. Air Force, the way Special Operations Command was created, and with a somewhat separate thing, although that still has service parts to it.
And so, we're trying to get the best of both. You know, our armed services give us hundreds of years of proud tradition, a whole system of recruiting, training and so forth. So it's a pretty -- it's not something you walk away from lightly and said, well, I'm going to start all over again.
So, it may come to that, and I think it's an excellent question. It's a very thoughtful question. And we have given some thought to that. And for right now, we're walking before we run.
But it may -- that's one of the futures that cyber might have.
Q: Good afternoon, Mr. Secretary. My question, sir, is in regard to cyber and authorities. Going forward, sir, a vast amount of our work is done with network administrators across the DoDIN [DoD Information Network]. Currently, sir, most of the products we report are recommendations, if you will, sir.
What is your vision, going forward, to make those recommendations more of a requirement for those network administrators?
SEC. CARTER: That's a very insightful question also. It is -- it gets down to a fundamental issue here, and let's be -- let's just put it right out on the table, because that's what you're getting at.
The information networks that it is CYBERCOM's first responsibility to protect are our own DOD networks, because there's no point in my buying all these ships and planes and tanks and everything, and none of them is going to work and our kids aren't going to work, unless there are networks that stitches the whole thing together, enables the whole thing. We've got to -- got to -- got to make our networks secure.
And the protectors don't own the networks. So if you're a cyber mission team and you fall in on a network, you find, well, you know, there's a whole bunch of people who work on this network. They set it up, and they're responding to other needs than security. They're responding to people calling the help desk and driving them crazy with one little problem or another they can't figure out, people who want more, more, more; want faster, this isn't working, I want to add some people.
So they're trying to juggle lots of needs. Many of them are administering networks that are outdated and that have been around for a long time and are a little long in the tooth and so forth.
And so, there's going to be a tension between those who are called upon to protect the networks and those who own and operate the networks. And I understand that. And we think we go into this with our eyes wide open.
But the -- I mean, I'm going to stand -- I can tell you this, I'm going to stand with you on the side of requiring protection, because it's not -- it's not adequate network administration to downplay security. You are laying the warfighter open to risk.
And we can't have that. And I -- you know, you put it this way, if all the network owners and operators were good at protecting themselves, we wouldn't have to, right, have these -- these national mission force protectors.
But it's -- they're not. And it's actually not reasonable for them all to be because that's not their first area of expertise. And we -- so we're counting on this sort of extra proficient group of people to fall in on them and help them.
But there'll always be a little tension when you show up at the door, and they've got a problem. And but you've got to do what you've got to do, because they are no good to us if they're penetrated or vulnerable.
I think that's all I can take for right now.
Let me just, once again, thank you from me very much, and please pass that on.
Saturday, March 7, 2015
U.S. CYBER COMMANDER REMARKS ON "CYBERSECURITY DILEMMAS"
FROM: U.S. DEFENSE DEPARTMENT
Right: Navy Adm. Michael S. Rogers, commander of U.S. Cyber Command and director of the National Security Agency, testifies before the House Armed Services Committee improving the military cyber security posture in an uncertain threat environment, March 4, 2015. DoD photo by Cheryl Pellerin.
Cybercom Chief: Cyber Threats Blur Roles, Relationships
By Cheryl Pellerin
DoD News, Defense Media Activity
WASHINGTON, March 6, 2015 – Over five years of U.S. Cyber Command operations, global movement of threat activity through cyberspace has blurred roles and relationships among government agencies, as well as between the public and private sectors and the real and virtual worlds, the Cybercom commander told a House panel.
Navy Adm. Michael S. Rogers testified March 4 before the House Armed Services Committee on cyber operations and improving the military’s cybersecurity posture.
“There is no Department of Defense solution to our cybersecurity dilemmas,” Roger said in written testimony. “The global movement of threat activity in and through cyberspace blurs the U.S. government’s traditional understanding of how to address domestic and foreign military, criminal and intelligence activities.”
Similarly, he said, the public and private sectors need each other’s help.
Responding to Cyber Attacks
“The U.S. government, the states and the private sector can’t defend their information systems on their own against the most powerful cyber forces,” the admiral said.
“We saw in the recent hack of Sony Pictures Entertainment that we have to be prepared to respond to cyber attacks with concerted actions across the whole of government,” he added, “using our nation’s unique insights and complete range of capabilities in cooperation with the private sector.”
Cyberspace is more than a challenging environment, Rogers said.
“It is now part of virtually everything we in the U.S. military do in all domains of the battle space and each of our lines of effort,” he said. “There is hardly any meaningful distinction to be made now between events in cyberspace and events in the physical world, as they are so tightly linked.”
Cybercom is growing and operating at the same time, he said, performing many tasks across a diverse and complex mission set.
Guarding DoD Networks
Three years ago, the command lacked capacity, Rogers said. Today, new teams are guarding DoD networks and are prepared to help combatant commands deny freedom of maneuver to adversaries in cyberspace, he added.
Cybercom’s Cyber Mission Force, or CMF, was formed to turn strategy and plans into operational outcomes, the admiral said.
“With continued support from Congress, the administration and the department,” Rogers said, “Cybercom and its service cyber components are now about halfway through the force build for the CMF, [and] many of its teams are generating capability today.”
He added, “We have a target of about 6,200 personnel in 133 teams, with the majority achieving at least initial operational capability by the end of fiscal year 2016.”
Cybercom has been normalizing its operations in cyberspace, he said, to provide an operational outlook and attitude to running the department’s 7 million networked devices and 15,000 network enclaves.
Implementing the Joint Information Environment
The department’s legacy architecture, created during times when security was not a core design element, is being transitioned to a more secure and streamlined architecture that is part of what ultimately will be the Joint Information Environment, or JIE.
“While the JIE is being implemented,” Rogers said, “our concerns about our legacy architecture collectively have spurred the formation of our new Joint Force Headquarters to defend the department’s information networks.”
The Joint Force Headquarters recently achieved initial operational capability, the admiral added, working at the Defense Information Systems Agency under Rogers’ operational control at Cybercom. Its mission is to oversee the day-to-day operation of DoD networks, he added, “and mount an active defense of them, securing their key cyber terrain and being prepared to neutralize any adversary who manages to bypass their perimeter defenses.”
Managing Risk
“It gets us closer to being able to manage risk on a systemwide basis across DoD,” Rogers added, “balancing warfighter needs for access to data and capabilities while maintaining the overall security of the enterprise.”
The admiral said the new headquarters is a stopgap measure while the department migrates its systems to a cloud architecture that’s more secure and facilitates data sharing across the enterprise.
As network security has advanced, so has the maturity of the cyber force, which has gained what Rogers called priceless experience in cyberspace operations.
“That experience has given us something even more valuable -- insight into how force is and can be employed in cyberspace. We have had the equivalent of a close-in fight with an adversary that taught us how to maneuver and gain the initiative that means the difference between victory and defeat,” he explained.
Every Conflict Has a Cyber Dimension
Such insight is increasingly urgent, because every conflict in the world has a cyber dimension, the admiral said, adding that the command sees patterns in cyber hostilities that indicate four main trends:
-- Autocratic governments that view the open Internet as a lethal threat to their regimes;
-- Ongoing campaigns to steal intellectual property;
-- Disruptions by a range of actors that range from denial-of-service attacks and network traffic manipulation to the use of destructive malware; and
-- States that develop capabilities and attain system access for potential hostilities, perhaps with the idea of enhancing deterrence or as a beachhead for future cyber sabotage.
“We believe potential adversaries might be leaving cyber fingerprints on our critical infrastructure, partly to convey a message that our homeland is at risk if tensions ever escalate toward military conflict,” Rogers said.
Heartbleed and Shellshock
For instance, he told the House panel, “I can tell you in some detail how Cybercom and our military partners dealt with the Heartbleed and Shellshock vulnerabilities that emerged last year.”
The Heartbleed Bug is a serious vulnerability that allows attackers to steal information, usually encrypted, that’s used to secure the Internet for applications such as Web, e-mail and instant messaging, among others. Attackers can eavesdrop on communications, steal data directly from the services and users, and impersonate services and users.
Shellshock is a vulnerability that gives attackers the ability to run remote commands on a system.
The admiral said these serious flaws inadvertently were left in the software that millions of computers and networks in many nations depend on.
Responsible developers discovered both security holes, Rogers said. They kept their findings quiet and worked with trusted colleagues to develop software patches that system administrators could use to get a jump on those who read the same vulnerability announcements and devised ways to identify and exploit unpatched computers, he said.
Checking for Vulnerabilities
“We at Cybercom and [the National Security Agency] learned of Heartbleed and Shellshock at the same time that everyone else did,” the admiral said.
Military networks are probed for vulnerabilities thousands of times an hour, he added, so it wasn’t long before they detected new probes checking their websites and systems for vulnerabilities.
“By this point, our mission partners had devised ways to filter such probes before they touched our systems,” Rogers explained. “We were sheltered while we pushed out patches across DoD networks and monitored implementation,” directing administrators to start with the most vulnerable systems.
“Thanks to the efforts we have made in recent years, our responses … were comparatively quick, thorough and effective, and in both cases they helped inform corresponding efforts on the civilian side of the federal government,” the admiral added.
“We also know that other countries, including potential adversaries, struggled to cope with the Heartbleed and Shellshock vulnerabilities,” he noted.
Cyber Military Capabilities
Rogers said this operational approach must be built in many more places.
“The nation’s government and critical infrastructure networks are at risk as well,” he said, “and we are finding that computer security is really an enterprisewide project.”
The admiral added, “We in the U.S. government and DoD must continue learning and developing new skills and techniques … [and] the nation must continue to commit time, effort and resources to building cyber military capabilities.”
Right: Navy Adm. Michael S. Rogers, commander of U.S. Cyber Command and director of the National Security Agency, testifies before the House Armed Services Committee improving the military cyber security posture in an uncertain threat environment, March 4, 2015. DoD photo by Cheryl Pellerin.
Cybercom Chief: Cyber Threats Blur Roles, Relationships
By Cheryl Pellerin
DoD News, Defense Media Activity
WASHINGTON, March 6, 2015 – Over five years of U.S. Cyber Command operations, global movement of threat activity through cyberspace has blurred roles and relationships among government agencies, as well as between the public and private sectors and the real and virtual worlds, the Cybercom commander told a House panel.
Navy Adm. Michael S. Rogers testified March 4 before the House Armed Services Committee on cyber operations and improving the military’s cybersecurity posture.
“There is no Department of Defense solution to our cybersecurity dilemmas,” Roger said in written testimony. “The global movement of threat activity in and through cyberspace blurs the U.S. government’s traditional understanding of how to address domestic and foreign military, criminal and intelligence activities.”
Similarly, he said, the public and private sectors need each other’s help.
Responding to Cyber Attacks
“The U.S. government, the states and the private sector can’t defend their information systems on their own against the most powerful cyber forces,” the admiral said.
“We saw in the recent hack of Sony Pictures Entertainment that we have to be prepared to respond to cyber attacks with concerted actions across the whole of government,” he added, “using our nation’s unique insights and complete range of capabilities in cooperation with the private sector.”
Cyberspace is more than a challenging environment, Rogers said.
“It is now part of virtually everything we in the U.S. military do in all domains of the battle space and each of our lines of effort,” he said. “There is hardly any meaningful distinction to be made now between events in cyberspace and events in the physical world, as they are so tightly linked.”
Cybercom is growing and operating at the same time, he said, performing many tasks across a diverse and complex mission set.
Guarding DoD Networks
Three years ago, the command lacked capacity, Rogers said. Today, new teams are guarding DoD networks and are prepared to help combatant commands deny freedom of maneuver to adversaries in cyberspace, he added.
Cybercom’s Cyber Mission Force, or CMF, was formed to turn strategy and plans into operational outcomes, the admiral said.
“With continued support from Congress, the administration and the department,” Rogers said, “Cybercom and its service cyber components are now about halfway through the force build for the CMF, [and] many of its teams are generating capability today.”
He added, “We have a target of about 6,200 personnel in 133 teams, with the majority achieving at least initial operational capability by the end of fiscal year 2016.”
Cybercom has been normalizing its operations in cyberspace, he said, to provide an operational outlook and attitude to running the department’s 7 million networked devices and 15,000 network enclaves.
Implementing the Joint Information Environment
The department’s legacy architecture, created during times when security was not a core design element, is being transitioned to a more secure and streamlined architecture that is part of what ultimately will be the Joint Information Environment, or JIE.
“While the JIE is being implemented,” Rogers said, “our concerns about our legacy architecture collectively have spurred the formation of our new Joint Force Headquarters to defend the department’s information networks.”
The Joint Force Headquarters recently achieved initial operational capability, the admiral added, working at the Defense Information Systems Agency under Rogers’ operational control at Cybercom. Its mission is to oversee the day-to-day operation of DoD networks, he added, “and mount an active defense of them, securing their key cyber terrain and being prepared to neutralize any adversary who manages to bypass their perimeter defenses.”
Managing Risk
“It gets us closer to being able to manage risk on a systemwide basis across DoD,” Rogers added, “balancing warfighter needs for access to data and capabilities while maintaining the overall security of the enterprise.”
The admiral said the new headquarters is a stopgap measure while the department migrates its systems to a cloud architecture that’s more secure and facilitates data sharing across the enterprise.
As network security has advanced, so has the maturity of the cyber force, which has gained what Rogers called priceless experience in cyberspace operations.
“That experience has given us something even more valuable -- insight into how force is and can be employed in cyberspace. We have had the equivalent of a close-in fight with an adversary that taught us how to maneuver and gain the initiative that means the difference between victory and defeat,” he explained.
Every Conflict Has a Cyber Dimension
Such insight is increasingly urgent, because every conflict in the world has a cyber dimension, the admiral said, adding that the command sees patterns in cyber hostilities that indicate four main trends:
-- Autocratic governments that view the open Internet as a lethal threat to their regimes;
-- Ongoing campaigns to steal intellectual property;
-- Disruptions by a range of actors that range from denial-of-service attacks and network traffic manipulation to the use of destructive malware; and
-- States that develop capabilities and attain system access for potential hostilities, perhaps with the idea of enhancing deterrence or as a beachhead for future cyber sabotage.
“We believe potential adversaries might be leaving cyber fingerprints on our critical infrastructure, partly to convey a message that our homeland is at risk if tensions ever escalate toward military conflict,” Rogers said.
Heartbleed and Shellshock
For instance, he told the House panel, “I can tell you in some detail how Cybercom and our military partners dealt with the Heartbleed and Shellshock vulnerabilities that emerged last year.”
The Heartbleed Bug is a serious vulnerability that allows attackers to steal information, usually encrypted, that’s used to secure the Internet for applications such as Web, e-mail and instant messaging, among others. Attackers can eavesdrop on communications, steal data directly from the services and users, and impersonate services and users.
Shellshock is a vulnerability that gives attackers the ability to run remote commands on a system.
The admiral said these serious flaws inadvertently were left in the software that millions of computers and networks in many nations depend on.
Responsible developers discovered both security holes, Rogers said. They kept their findings quiet and worked with trusted colleagues to develop software patches that system administrators could use to get a jump on those who read the same vulnerability announcements and devised ways to identify and exploit unpatched computers, he said.
Checking for Vulnerabilities
“We at Cybercom and [the National Security Agency] learned of Heartbleed and Shellshock at the same time that everyone else did,” the admiral said.
Military networks are probed for vulnerabilities thousands of times an hour, he added, so it wasn’t long before they detected new probes checking their websites and systems for vulnerabilities.
“By this point, our mission partners had devised ways to filter such probes before they touched our systems,” Rogers explained. “We were sheltered while we pushed out patches across DoD networks and monitored implementation,” directing administrators to start with the most vulnerable systems.
“Thanks to the efforts we have made in recent years, our responses … were comparatively quick, thorough and effective, and in both cases they helped inform corresponding efforts on the civilian side of the federal government,” the admiral added.
“We also know that other countries, including potential adversaries, struggled to cope with the Heartbleed and Shellshock vulnerabilities,” he noted.
Cyber Military Capabilities
Rogers said this operational approach must be built in many more places.
“The nation’s government and critical infrastructure networks are at risk as well,” he said, “and we are finding that computer security is really an enterprisewide project.”
The admiral added, “We in the U.S. government and DoD must continue learning and developing new skills and techniques … [and] the nation must continue to commit time, effort and resources to building cyber military capabilities.”
Saturday, February 1, 2014
REMARKS BY SECRETARY KERRY, GERMAN FOREIGN MINISTER STEINMEIER
FROM: STATE DEPARTMENT
Remarks With German Foreign Minister Frank-Walter Steinmeier After Their Meeting
Remarks
John Kerry
Secretary of State
Berlin Tegel Airport
Berlin, Germany
January 31, 2014
Remarks With German Foreign Minister Frank-Walter Steinmeier After Their Meeting
Remarks
John Kerry
Secretary of State
Berlin Tegel Airport
Berlin, Germany
January 31, 2014
FOREIGN MINISTER STEINMEIER: (Via interpreter) Well, ladies and gentlemen, allow me to bid you a very warm welcome. And let me say that I’m delighted to have my American colleague here today, that I am able to welcome him here to Berlin. It’s more than a stopover on the road towards Munich. We’ll see each other again on the margins of the security conference there.
Dear John, I’m very pleased to have you, delighted to be able to welcome you. The favorable winds across the Atlantic brought you here a little bit earlier than could be expected yesterday night, so this is why our talk here today was a little bit more extensive than we could have hoped for, which is a very good thing. And it’s very important, because as long as politics are made by people, and hopefully this is going to be the case for a very long time, personal contacts among those who are in political responsibility is of the utmost importance. And I think that this was a very good beginning.
We meet at an airport in Berlin. It’s not Tempelhof. Had we met in Tempelhof, we would be able to see the monument that was erected in memory of the airlift, and it would remind of those times. It would remind us of the very close links and bonds that have existed between Germany and the United States of America. We are very much aware here in Germany that a development towards a stable democracy in Germany would not have been possible without the assistance of Americans as well.
And we know that the suffering of the German people, particularly here in Berlin, would have been immeasurable had not America stepped in at the time, recognized clearly, seen its responsibility, and alleviate the suffering of the people who were enclosed.
And well, in a nutshell, ladies and gentlemen, German-American friendship is a reality. That doesn’t exclude that, from time to time, we may see things differently. That became very clear over the last few weeks and months when we were debating the surveillance activities of the NSA. But let me also state quite clearly such a debate, differences of opinion, if they are there and when they are there, must not be allowed to destroy a friendship that has grown over so many decades. And I am sure it won’t destroy this friendship.
It is true we all have to face challenges, but I am absolutely confident that we will be able to weather those challenges, because the debates that we have to make with each other we are able to have on a very firm foundation, on a very firm base as well.
Trust has been lost. I’m confident we will be able to rebuild it, to restore it. We talked about this today in our meeting, how we can actually get again into a bilateral dialogue where we look at those different assessments where we are trying to discuss about how we strike an equitable balance between freedom and security, which is sometimes difficult. We also addressed a number of bilateral issues, as I said. But we also looked a little bit beyond our two nations. The international agenda that will keep us busy also over this weekend in Munich was at the very top of our agenda.
We have just now come back from the Syrian conference. A small step was made in order to prepare to pave the way for an end to the civil strife in Syria and the civil war. Obviously, we are not completely satisfied, cannot be completely satisfied with the state of the negotiations. The only thing that we can safely say and that is positive is that those parties that for three years have been waging war against each other at least agreed at last to be at one at the same negotiating table and one in the same room. Sitting there together today, the first stage of negotiations at working level will end, and I think both of us hope that the delegations from Syria, after an appropriate time, will meet again in order to continue those negotiations.
The incredible suffering in Syria on the ground – death, expulsion, flight – all of that requires a solution where local cessation of hostilities, humanitarian corridors can be established at least as a next step. The crisis in Syria is one where my American colleague is very much engaged on, and I would like to issue a word of respect. It is a very strong attempt of the American Government to bring about also in the vicinity a solution to the Middle East peace – to the Middle East conflict, to find and establish a two-state solution, find a breakthrough there in the negotiations.
We talked about that as well just now, about the ongoing negotiations with the Israelis and the Palestinians. And dear John, I hope that your very good efforts will, in the end, be crowned by success. Wherever we see these attempts, these efforts to finally come to a peaceful solution to the Middle East conflict, wherever we can support that, we will gladly do so. And the same goes for those talks that we’ve had for quite some time already with Iran. It shows how long it may well take until conflicts that have – that are protracted, that have lasted for decades can again be calmed down. More than 30 years of conflict, more than 10 years of negotiations with Iran. Now a first step has been made that seems to be a fairly encouraging one, at least one that encourages us to test whether the Iranians, in that first step of negotiations, have been serious – whether that will be followed up in the next few weeks and months to come so that the long, ongoing dispute over the nuclear ambitions of Iran can be brought to a successful and peaceful settlement.
Tonight and tomorrow, over the weekend, we shall have an opportunity to address the situation in Ukraine repeatedly. The good news is that the last nights were more calm than the previous ones. We did not receive any news of casualties, but we’re far away from a political solution. That is true, too, there have been offers also from Yanukovych. Until this moment, we don’t know whether these offers are actually ones that one can build on that are reliable. In Munich, representatives of the opposition and of the government will be there on the ground. We shall have an opportunity to talk to the representatives of Ukraine, but we will also have an opportunity to talk to other foreign ministers present and try to explore, try to sound out what one can do not only to calm down the situation in Ukraine, but to also lend a helping hand towards enabling this country, Ukraine, to have a free and democratic future.
Thank you very much. Dear John, you have the floor.
SECRETARY KERRY: Well, thank you. You guys alright? (Laughter.)
Thank you, Frank-Walter. (Via interpreter) I am delighted to be back in Germany.
(In English) I’m really happy to be back here in Berlin, where I spent some formative years as a child. I remember Tempelhof. Obviously, we all remember the history of those events. But usually, when I came into Berlin back then, I came on a special military train from Frankfurt, which was an all-night trip. And for a young kid of 11, 12 years-old, it was a great adventure, I can assure you.
It’s special for me to be back here, and I thank my friend, Frank-Walter, for his hospitality and for being willing to meet us here at the airport like this because he has to rush off to open the Munich conference. I get to spend a little more time, and then I will join him in Munich this afternoon for the rest of that conference over the next several days. And we are grateful to Germany for its longtime hosting of this important security gathering.
Almost a year ago, I came here on my first trip as Secretary of State. And I came here – I think this was one of my first stops – because of the value, of the longstanding relationship between the United States and Germany, and particularly, I want to say, with the German people. It’s no secret, and my friend Frank-Walter referred to it, that we’ve been through a rough period in the last months. But I’m pleased to be here to help direct our focus – my focus, that of the United States and of Germany – to the future and to strengthen the trust and the confidence that has always characterized this relationship. A strong U.S.-German partnership is crucial to the long list of global issues that we face. The United States, I want you to know, welcomes Germany’s growing and important role on the world stage.
I was grateful to see Foreign Minister Steinmeier at the Geneva II conference where we had a chance to talk just a couple of weeks ago. And there we reiterated the need for a Syrian-led political solution on the brutal civil war. We’re also working very closely – again, as he discussed – on the P5+1 negotiations with respect to Iran. The international community has expressed its concerns over Iran’s nuclear program through several United Nations resolutions, and obviously, they have been – those concerns have been reinforced through the sanctions regime that has been put in place by the global community – not by one country, but with the support and ratification and affirmation of the United Nations Security Council.
So we are working together, Germany and the United States, on this critical security challenge. We are also working hand-in-hand with respect to Afghanistan, and we are very mindful of the challenges that lie ahead, but also of the deep commitment that exists between us and our important leadership with respect to the other countries involved, so that we can have a successful conclusion to this significant effort and hopefully build a prosperous future for the Afghan people.
We also discussed briefly our ongoing economic relationship. Germany and the United States – Germany is the United States’ largest single European trading partner. And this is a relationship that has meant more jobs, investment, and growth in both of our countries. We believe that much more exciting opportunities lie ahead, and this must be one of the primary areas of focus for both of us.
We are working on the Transatlantic Trade and Investment Partnership – the TTIP, as it is called. And this is a trade arrangement that could result in one of the world’s largest markets being created – the combined market of Europe and the United States – Europe the largest market in the world, the United States the largest single economy in the world. And if we can raise the standards, what we do is help the citizens of both of our countries, and indeed, of the rest of the world to see that the global community is responding in a way that provides opportunity for everybody and helps to raise the standards – the living standards, the labor standards, the trade standards, the product standards – all of the things that benefit our people. So that’s what we’re working for.
When I was here in Berlin last year – and I look forward to coming back here and being able to do this again – I had a really enjoyable, fun session with a group of young people. And we met in a cafe in the city and had a question-and-answer session, an opportunity for me to listen to them, them to listen to me, and just talk. And it was a great opportunity for me to understand better the hopes and aspirations of the next generation, and also to reconnect on a people-to-people level. It really was clear to me that young Germans and young Americans of any persuasion, walk of life, religion, belief all share the same goals, the same aspirations, and the same concerns. They share the same dreams and they share most of the same values.
So it’s our hope that those aspirations for opportunity, for democracy, for liberty, freedom, which have been at the heart of our bilateral relationship, will continue to be the centerpiece of what defines German-American relations. Those values are why both Germany and the United States find the recent events in Ukraine so concerning. We have worked shoulder-to-shoulder. Foreign Minister Steinmeier has talked to the opposition. I have talked to the opposition. We will meet with the opposition and with other leaders in Munich, and we will have an opportunity to be able to press forward in the months ahead to support democracy, freedom, freedom of association, and to support the European aspirations of the Ukrainian people. And together, we join firmly to reject violence. We are encouraging and supporting political dialogue. We hope that together, we can remain committed to helping the Ukrainians end the human rights abuses, get political prisoners released, and see their dignity restored.
So we look forward to continuing to work with Germany very, very closely to make progress on all of these issues, and frankly, just to build on the strength of the relationship that has defined United States-German relations for many decades now. And I look forward to my further meetings on that subject, but most importantly, I look forward to turning a page and getting us focused on the larger, most critical issues that we face together. Thank you.
MODERATOR: (Via interpreter) Questions from the American side, please.
QUESTION: A question for both ministers, please: What can you do to force Syria to meet its chemical weapons obligations on the deadlines that have been laid out? And on Ukraine, President Yanukovych says his government has met its obligations to resolve the crisis. Do you believe that’s true? And what is your message for the Ukrainian opposition leaders that you’ll be meeting in Munich? Thank you.
SECRETARY KERRY: Well – go ahead.
FOREIGN MINISTER STEINMEIER: No.
SECRETARY KERRY: Well, with respect to Ukraine, no. The offers of President Yanukovych have not yet reached an adequate level of reform and an adequate level of sharing of the future so that the opposition can, in fact, feel that it could legitimately come to the table and form some kind of a unity government.
Now, we believe unity is important. And we believe that moving towards that is critical. So our message to the Ukraine opposition – that is certainly my message to them that we meet with today – will be the full support of President Obama and the American people for their efforts. We will reinforce their courage and their need to continue to be unified as they press for an adequate level of a reform agenda. But we will also say to them: If you get that reform agenda, if you are able to secure genuine participation and a genuine ability to bring the country together, then we would urge them to engage in that, because further standoff and further violence – or violence that becomes uncontrollable – is not in anybody’s interest.
We also would say to our friends in Russia: This does not have to be a zero-sum game. This is not something where Ukraine should become a proxy and trapped in some kind of larger ambition for Russia or the United States. That’s not what this is about. This is about the freedom of choice for the people of Ukraine, and their ability to be able to define their future without coercion from outside forces. And that’s what we hope to achieve.
With respect to Syria, let me make it clear that Bashar al-Assad needs to understand that he agreed to an international United Nations Security Council Resolution which has reinforced a requirement that he remove all of those weapons and that he do so in a specific period of time. That was passed by unanimity within the United Nations Security Council. Russia is a partner in this effort. And Russia obviously plays a critical role in helping the Syrians to understand their obligation of compliance.
Now, Bashar al-Assad is not, in our judgment, fully in compliance because of the timing and the delays that have taken place contrary to the OPCW’s judgment that this could move faster. So the options are all the options that originally existed. No option has been taken off the table. We made that clear at the time of the passage of the UN resolution, and I restate that now today. We want the Syrian regime to live up to its obligations. And it is critical that very rapidly all of those chemical weapons be moved from once – from their 12 or so sites to the one site in the port and be prepared for shipment out of Syria all together.
Every indication we have is there is no legitimate reason that that is not happening now. And therefore we call on Bashar al-Assad to live up to his obligations or we will join together with our friends and talk about which, if any, of the options we deem necessary at this point to proceed forward.
FOREIGN MINISTER STEINMEIER: (Via interpreter) Allow me to complement that briefly. I think the importance of this agreement on the destruction of chemical weapons cannot be overestimated. After three years of civil war in Syria, this was the first agreement that allowed at least to prevent a further escalation of the violence. So it is so important therefore that these agreements are abided by. And to complement what Secretary Kerry just said, I think the Syrians and Assad need to be well aware of the fact that they’re not only toying with their own credibility but after the first talks with the Americans, the Russian side was also in on this, so they’re also toying with the credibility of the Russian side. So I very much hope that this is not the end of the debate, but that there will be pressure and adequate pressure on the Syrian side to stand by their commitments. And this is an element also that is part and parcel of how we got to Geneva II in the first place. So the agreement on the destruction of chemical weapons is very important, and if it is not kept, that would have a negative impact on Geneva II.
To complement this even further, we – and I’m saying this for the German side, as the German journalists know – only a few days ago we adopted a decision about correct – the position that we have taken up until now. We have said if the negotiations towards a political solution in Syria are to be injected with at least a glimmer of hope, then we too need to step in and give our contribution to making this possible. And this is why we have decided to be part of the destruction of chemical weapons, and those chemical weapons that are transported out of Syria. And together with American assistance, they are diluted on the Mediterranean and the residual components will then have to be removed. We have the technical possibilities to help with this process in Germany, and we are glad to be of help. So should those chemical weapons be transported from Syria, out of Syria, then about two-thirds of those weapons will be destroyed in Northern Germany.
As to Ukraine, I don’t need to add to what the Secretary has said. My impression is that Yanukovych, up until now, still has not fully understood how serious the situation is, as can clearly be seen by the nature of the offers that have been made. They have been made contingent on a number of conditions. So up until now, we have not – we do not see yet that those offers that have been made to the opposition in the end will really make a crucial difference, politically speaking, on the ground in Ukraine. And we still are not able actually to say to what extent the president is willing and ready to accept a change of his – remit of his competences according to the constitution. And that’s going to be crucial in order to come to an agreement with the opposition.
QUESTION: (Via interpreter) (Inaudible) from the German Press Agency. I have two questions directed to Secretary Kerry. You will soon – you will now also meet Chancellor Merkel, who has apparently been surveyed – eavesdropped on by the secret intelligence service of your country. I would like to know whether you are ready – whether the American side is ready to come to a contractual basis that, in the future, bans such spying – we call it, which is a bit curious, a no-spy agreement? And there are quite a number of people here in Germany who think that actually the United States ought to issue an apology. Would you be ready to do that?
SECRETARY KERRY: Well, look, the United States and Germany enjoy a really long friendship, as we have described here today, and a long history, a long history of great cooperation, and particularly on complicated issues like counterterrorism and national security and defense. As part of our deep relationship, we cooperate very, very significantly on all of the collective security issues of our countries and our citizens. As the foreign minister knows, because he’s been here before, and he’s also been involved in security issues for a long time, none of this is simple. None of this is easy.
And since 9/11, when we were attacked out of nowhere and more lives were lost than at any time since Pearl Harbor, we responded, we think carefully, but in ways that tried to deal with the protection of not just the American people, but of everybody against acts of terrorism. Madrid saw a terrible act of terrorism, London has seen acts of terrorism – Athens, various other places. And we are living in a world where unfortunately some people are willing to strap a pack on their back and walk into a crowded theater or a sports event and just blow people up. So we are trying to respond as intelligently and responsibly of all that.
Now, Chancellor Merkel and President Obama, at their mutual direction – and they’ve had several conversations – we have undertaken a extensive, close consultation with Germany, which we are engaged in on the subject of cooperation and how we move beyond this particular challenge. We now have a better understanding, I think, of the requirements and the concerns of both sides.
So what I can tell you is the consultations will continue between our intelligence services. And we absolutely share a commitment to trying to put this behind us in the appropriate way and to strengthen our practical cooperation going forward. Our consultations right now reflect our close relationship, they reflect the shared threats that we face, and the technical – very complicated technical environment in which we live where the threats to us have changed and become, in many ways, more lethal and harder to discover.
So we will continue to work to protect the privacy interests of all of our citizens. When I was in the United States Senate, John McCain and I are the original authors of the privacy laws and rules for the internet. So we are committed to privacy, and I assure our friends in Germany this will get worked through in the proper channels in the proper way, but most importantly Germany and the United States have very significant issues to continue to work on together and none of us want to let this get in the way of our ability to be able to continue to build our friendship and our cooperation.
Thank you all.
FOREIGN MINISTER STEINMEIER: Thank you.
Friday, January 17, 2014
NSA REMARKS BY PRESIDENT OBAMA
FROM: THE WHITE HOUSE
Remarks by the President on Review of Signals Intelligence
Department of Justice
Washington, D.C.
11:15 A.M. EST
THE PRESIDENT: At the dawn of our Republic, a small, secret surveillance committee borne out of the “The Sons of Liberty” was established in Boston. And the group’s members included Paul Revere. At night, they would patrol the streets, reporting back any signs that the British were preparing raids against America’s early Patriots.
Throughout American history, intelligence has helped secure our country and our freedoms. In the Civil War, Union balloon reconnaissance tracked the size of Confederate armies by counting the number of campfires. In World War II, code-breakers gave us insights into Japanese war plans, and when Patton marched across Europe, intercepted communications helped save the lives of his troops. After the war, the rise of the Iron Curtain and nuclear weapons only increased the need for sustained intelligence gathering. And so, in the early days of the Cold War, President Truman created the National Security Agency, or NSA, to give us insights into the Soviet bloc, and provide our leaders with information they needed to confront aggression and avert catastrophe.
Throughout this evolution, we benefited from both our Constitution and our traditions of limited government. U.S. intelligence agencies were anchored in a system of checks and balances -- with oversight from elected leaders, and protections for ordinary citizens. Meanwhile, totalitarian states like East Germany offered a cautionary tale of what could happen when vast, unchecked surveillance turned citizens into informers, and persecuted people for what they said in the privacy of their own homes.
In fact, even the United States proved not to be immune to the abuse of surveillance. And in the 1960s, government spied on civil rights leaders and critics of the Vietnam War. And partly in response to these revelations, additional laws were established in the 1970s to ensure that our intelligence capabilities could not be misused against our citizens. In the long, twilight struggle against Communism, we had been reminded that the very liberties that we sought to preserve could not be sacrificed at the altar of national security.
If the fall of the Soviet Union left America without a competing superpower, emerging threats from terrorist groups, and the proliferation of weapons of mass destruction placed new and in some ways more complicated demands on our intelligence agencies. Globalization and the Internet made these threats more acute, as technology erased borders and empowered individuals to project great violence, as well as great good. Moreover, these new threats raised new legal and new policy questions. For while few doubted the legitimacy of spying on hostile states, our framework of laws was not fully adapted to prevent terrorist attacks by individuals acting on their own, or acting in small, ideologically driven groups on behalf of a foreign power.
The horror of September 11th brought all these issues to the fore. Across the political spectrum, Americans recognized that we had to adapt to a world in which a bomb could be built in a basement, and our electric grid could be shut down by operators an ocean away. We were shaken by the signs we had missed leading up to the attacks -- how the hijackers had made phone calls to known extremists and traveled to suspicious places. So we demanded that our intelligence community improve its capabilities, and that law enforcement change practices to focus more on preventing attacks before they happen than prosecuting terrorists after an attack.
It is hard to overstate the transformation America’s intelligence community had to go through after 9/11. Our agencies suddenly needed to do far more than the traditional mission of monitoring hostile powers and gathering information for policymakers. Instead, they were now asked to identify and target plotters in some of the most remote parts of the world, and to anticipate the actions of networks that, by their very nature, cannot be easily penetrated with spies or informants.
And it is a testimony to the hard work and dedication of the men and women of our intelligence community that over the past decade we’ve made enormous strides in fulfilling this mission. Today, new capabilities allow intelligence agencies to track who a terrorist is in contact with, and follow the trail of his travel or his funding. New laws allow information to be collected and shared more quickly and effectively between federal agencies, and state and local law enforcement. Relationships with foreign intelligence services have expanded, and our capacity to repel cyber-attacks have been strengthened. And taken together, these efforts have prevented multiple attacks and saved innocent lives -- not just here in the United States, but around the globe.
And yet, in our rush to respond to a very real and novel set of threats, the risk of government overreach -- the possibility that we lose some of our core liberties in pursuit of security -- also became more pronounced. We saw, in the immediate aftermath of 9/11, our government engaged in enhanced interrogation techniques that contradicted our values. As a Senator, I was critical of several practices, such as warrantless wiretaps. And all too often new authorities were instituted without adequate public debate.
Through a combination of action by the courts, increased congressional oversight, and adjustments by the previous administration, some of the worst excesses that emerged after 9/11 were curbed by the time I took office. But a variety of factors have continued to complicate America’s efforts to both defend our nation and uphold our civil liberties.
First, the same technological advances that allow U.S. intelligence agencies to pinpoint an al Qaeda cell in Yemen or an email between two terrorists in the Sahel also mean that many routine communications around the world are within our reach. And at a time when more and more of our lives are digital, that prospect is disquieting for all of us.
Second, the combination of increased digital information and powerful supercomputers offers intelligence agencies the possibility of sifting through massive amounts of bulk data to identify patterns or pursue leads that may thwart impending threats. It’s a powerful tool. But the government collection and storage of such bulk data also creates a potential for abuse.
Third, the legal safeguards that restrict surveillance against U.S. persons without a warrant do not apply to foreign persons overseas. This is not unique to America; few, if any, spy agencies around the world constrain their activities beyond their own borders. And the whole point of intelligence is to obtain information that is not publicly available. But America’s capabilities are unique, and the power of new technologies means that there are fewer and fewer technical constraints on what we can do. That places a special obligation on us to ask tough questions about what we should do.
And finally, intelligence agencies cannot function without secrecy, which makes their work less subject to public debate. Yet there is an inevitable bias not only within the intelligence community, but among all of us who are responsible for national security, to collect more information about the world, not less. So in the absence of institutional requirements for regular debate -- and oversight that is public, as well as private or classified -- the danger of government overreach becomes more acute. And this is particularly true when surveillance technology and our reliance on digital information is evolving much faster than our laws.
For all these reasons, I maintained a healthy skepticism toward our surveillance programs after I became President. I ordered that our programs be reviewed by my national security team and our lawyers, and in some cases I ordered changes in how we did business. We increased oversight and auditing, including new structures aimed at compliance. Improved rules were proposed by the government and approved by the Foreign Intelligence Surveillance Court. And we sought to keep Congress continually updated on these activities.
What I did not do is stop these programs wholesale -- not only because I felt that they made us more secure, but also because nothing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens.
To the contrary, in an extraordinarily difficult job -- one in which actions are second-guessed, success is unreported, and failure can be catastrophic -- the men and women of the intelligence community, including the NSA, consistently follow protocols designed to protect the privacy of ordinary people. They’re not abusing authorities in order to listen to your private phone calls or read your emails. When mistakes are made -- which is inevitable in any large and complicated human enterprise -- they correct those mistakes. Laboring in obscurity, often unable to discuss their work even with family and friends, the men and women at the NSA know that if another 9/11 or massive cyber-attack occurs, they will be asked, by Congress and the media, why they failed to connect the dots. What sustains those who work at NSA and our other intelligence agencies through all these pressures is the knowledge that their professionalism and dedication play a central role in the defense of our nation.
Now, to say that our intelligence community follows the law, and is staffed by patriots, is not to suggest that I or others in my administration felt complacent about the potential impact of these programs. Those of us who hold office in America have a responsibility to our Constitution, and while I was confident in the integrity of those who lead our intelligence community, it was clear to me in observing our intelligence operations on a regular basis that changes in our technological capabilities were raising new questions about the privacy safeguards currently in place.
Moreover, after an extended review of our use of drones in the fight against terrorist networks, I believed a fresh examination of our surveillance programs was a necessary next step in our effort to get off the open-ended war footing that we’ve maintained since 9/11. And for these reasons, I indicated in a speech at the National Defense University last May that we needed a more robust public discussion about the balance between security and liberty. Of course, what I did not know at the time is that within weeks of my speech, an avalanche of unauthorized disclosures would spark controversies at home and abroad that have continued to this day.
And given the fact of an open investigation, I’m not going to dwell on Mr. Snowden’s actions or his motivations; I will say that our nation’s defense depends in part on the fidelity of those entrusted with our nation’s secrets. If any individual who objects to government policy can take it into their own hands to publicly disclose classified information, then we will not be able to keep our people safe, or conduct foreign policy. Moreover, the sensational way in which these disclosures have come out has often shed more heat than light, while revealing methods to our adversaries that could impact our operations in ways that we may not fully understand for years to come.
Regardless of how we got here, though, the task before us now is greater than simply repairing the damage done to our operations or preventing more disclosures from taking place in the future. Instead, we have to make some important decisions about how to protect ourselves and sustain our leadership in the world, while upholding the civil liberties and privacy protections that our ideals and our Constitution require. We need to do so not only because it is right, but because the challenges posed by threats like terrorism and proliferation and cyber-attacks are not going away any time soon. They are going to continue to be a major problem. And for our intelligence community to be effective over the long haul, we must maintain the trust of the American people, and people around the world.
This effort will not be completed overnight, and given the pace of technological change, we shouldn’t expect this to be the last time America has this debate. But I want the American people to know that the work has begun. Over the last six months, I created an outside Review Group on Intelligence and Communications Technologies to make recommendations for reform. I consulted with the Privacy and Civil Liberties Oversight Board, created by Congress. I’ve listened to foreign partners, privacy advocates, and industry leaders. My administration has spent countless hours considering how to approach intelligence in this era of diffuse threats and technological revolution. So before outlining specific changes that I’ve ordered, let me make a few broad observations that have emerged from this process.
First, everyone who has looked at these problems, including skeptics of existing programs, recognizes that we have real enemies and threats, and that intelligence serves a vital role in confronting them. We cannot prevent terrorist attacks or cyber threats without some capability to penetrate digital communications -- whether it’s to unravel a terrorist plot; to intercept malware that targets a stock exchange; to make sure air traffic control systems are not compromised; or to ensure that hackers do not empty your bank accounts. We are expected to protect the American people; that requires us to have capabilities in this field.
Moreover, we cannot unilaterally disarm our intelligence agencies. There is a reason why BlackBerrys and iPhones are not allowed in the White House Situation Room. We know that the intelligence services of other countries -- including some who feign surprise over the Snowden disclosures -- are constantly probing our government and private sector networks, and accelerating programs to listen to our conversations, and intercept our emails, and compromise our systems. We know that.
Meanwhile, a number of countries, including some who have loudly criticized the NSA, privately acknowledge that America has special responsibilities as the world’s only superpower; that our intelligence capabilities are critical to meeting these responsibilities, and that they themselves have relied on the information we obtain to protect their own people.
Second, just as ardent civil libertarians recognize the need for robust intelligence capabilities, those with responsibilities for our national security readily acknowledge the potential for abuse as intelligence capabilities advance and more and more private information is digitized. After all, the folks at NSA and other intelligence agencies are our neighbors. They're our friends and family. They’ve got electronic bank and medical records like everybody else. They have kids on Facebook and Instagram, and they know, more than most of us, the vulnerabilities to privacy that exist in a world where transactions are recorded, and emails and text and messages are stored, and even our movements can increasingly be tracked through the GPS on our phones.
Third, there was a recognition by all who participated in these reviews that the challenges to our privacy do not come from government alone. Corporations of all shapes and sizes track what you buy, store and analyze our data, and use it for commercial purposes; that’s how those targeted ads pop up on your computer and your smartphone periodically. But all of us understand that the standards for government surveillance must be higher. Given the unique power of the state, it is not enough for leaders to say: Trust us, we won’t abuse the data we collect. For history has too many examples when that trust has been breached. Our system of government is built on the premise that our liberty cannot depend on the good intentions of those in power; it depends on the law to constrain those in power.
I make these observations to underscore that the basic values of most Americans when it comes to questions of surveillance and privacy converge a lot more than the crude characterizations that have emerged over the last several months. Those who are troubled by our existing programs are not interested in repeating the tragedy of 9/11, and those who defend these programs are not dismissive of civil liberties.
The challenge is getting the details right, and that is not simple. In fact, during the course of our review, I have often reminded myself I would not be where I am today were it not for the courage of dissidents like Dr. King, who were spied upon by their own government. And as President, a President who looks at intelligence every morning, I also can’t help but be reminded that America must be vigilant in the face of threats.
Fortunately, by focusing on facts and specifics rather than speculation and hypotheticals, this review process has given me -- and hopefully the American people -- some clear direction for change. And today, I can announce a series of concrete and substantial reforms that my administration intends to adopt administratively or will seek to codify with Congress.
First, I have approved a new presidential directive for our signals intelligence activities both at home and abroad. This guidance will strengthen executive branch oversight of our intelligence activities. It will ensure that we take into account our security requirements, but also our alliances; our trade and investment relationships, including the concerns of American companies; and our commitment to privacy and basic liberties. And we will review decisions about intelligence priorities and sensitive targets on an annual basis so that our actions are regularly scrutinized by my senior national security team.
Second, we will reform programs and procedures in place to provide greater transparency to our surveillance activities, and fortify the safeguards that protect the privacy of U.S. persons. Since we began this review, including information being released today, we have declassified over 40 opinions and orders of the Foreign Intelligence Surveillance Court, which provides judicial review of some of our most sensitive intelligence activities -- including the Section 702 program targeting foreign individuals overseas, and the Section 215 telephone metadata program.
And going forward, I’m directing the Director of National Intelligence, in consultation with the Attorney General, to annually review for the purposes of declassification any future opinions of the court with broad privacy implications, and to report to me and to Congress on these efforts. To ensure that the court hears a broader range of privacy perspectives, I am also calling on Congress to authorize the establishment of a panel of advocates from outside government to provide an independent voice in significant cases before the Foreign Intelligence Surveillance Court.
Third, we will provide additional protections for activities conducted under Section 702, which allows the government to intercept the communications of foreign targets overseas who have information that’s important for our national security. Specifically, I am asking the Attorney General and DNI to institute reforms that place additional restrictions on government’s ability to retain, search, and use in criminal cases communications between Americans and foreign citizens incidentally collected under Section 702.
Fourth, in investigating threats, the FBI also relies on what's called national security letters, which can require companies to provide specific and limited information to the government without disclosing the orders to the subject of the investigation. These are cases in which it's important that the subject of the investigation, such as a possible terrorist or spy, isn’t tipped off. But we can and should be more transparent in how government uses this authority.
I have therefore directed the Attorney General to amend how we use national security letters so that this secrecy will not be indefinite, so that it will terminate within a fixed time unless the government demonstrates a real need for further secrecy. We will also enable communications providers to make public more information than ever before about the orders that they have received to provide data to the government.
This brings me to the program that has generated the most controversy these past few months -- the bulk collection of telephone records under Section 215. Let me repeat what I said when this story first broke: This program does not involve the content of phone calls, or the names of people making calls. Instead, it provides a record of phone numbers and the times and lengths of calls -- metadata that can be queried if and when we have a reasonable suspicion that a particular number is linked to a terrorist organization.
Why is this necessary? The program grew out of a desire to address a gap identified after 9/11. One of the 9/11 hijackers -- Khalid al-Mihdhar -- made a phone call from San Diego to a known al Qaeda safe-house in Yemen. NSA saw that call, but it could not see that the call was coming from an individual already in the United States. The telephone metadata program under Section 215 was designed to map the communications of terrorists so we can see who they may be in contact with as quickly as possible. And this capability could also prove valuable in a crisis. For example, if a bomb goes off in one of our cities and law enforcement is racing to determine whether a network is poised to conduct additional attacks, time is of the essence. Being able to quickly review phone connections to assess whether a network exists is critical to that effort.
In sum, the program does not involve the NSA examining the phone records of ordinary Americans. Rather, it consolidates these records into a database that the government can query if it has a specific lead -- a consolidation of phone records that the companies already retained for business purposes. The review group turned up no indication that this database has been intentionally abused. And I believe it is important that the capability that this program is designed to meet is preserved.
Having said that, I believe critics are right to point out that without proper safeguards, this type of program could be used to yield more information about our private lives, and open the door to more intrusive bulk collection programs in the future. They’re also right to point out that although the telephone bulk collection program was subject to oversight by the Foreign Intelligence Surveillance Court and has been reauthorized repeatedly by Congress, it has never been subject to vigorous public debate.
For all these reasons, I believe we need a new approach. I am therefore ordering a transition that will end the Section 215 bulk metadata program as it currently exists, and establish a mechanism that preserves the capabilities we need without the government holding this bulk metadata.
This will not be simple. The review group recommended that our current approach be replaced by one in which the providers or a third party retain the bulk records, with government accessing information as needed. Both of these options pose difficult problems. Relying solely on the records of multiple providers, for example, could require companies to alter their procedures in ways that raise new privacy concerns. On the other hand, any third party maintaining a single, consolidated database would be carrying out what is essentially a government function but with more expense, more legal ambiguity, potentially less accountability -- all of which would have a doubtful impact on increasing public confidence that their privacy is being protected.
During the review process, some suggested that we may also be able to preserve the capabilities we need through a combination of existing authorities, better information sharing, and recent technological advances. But more work needs to be done to determine exactly how this system might work.
Because of the challenges involved, I’ve ordered that the transition away from the existing program will proceed in two steps. Effective immediately, we will only pursue phone calls that are two steps removed from a number associated with a terrorist organization instead of the current three. And I have directed the Attorney General to work with the Foreign Intelligence Surveillance Court so that during this transition period, the database can be queried only after a judicial finding or in the case of a true emergency.
Next, step two, I have instructed the intelligence community and the Attorney General to use this transition period to develop options for a new approach that can match the capabilities and fill the gaps that the Section 215 program was designed to address without the government holding this metadata itself. They will report back to me with options for alternative approaches before the program comes up for reauthorization on March 28th. And during this period, I will consult with the relevant committees in Congress to seek their views, and then seek congressional authorization for the new program as needed.
Now, the reforms I’m proposing today should give the American people greater confidence that their rights are being protected, even as our intelligence and law enforcement agencies maintain the tools they need to keep us safe. And I recognize that there are additional issues that require further debate. For example, some who participated in our review, as well as some members of Congress, would like to see more sweeping reforms to the use of national security letters so that we have to go to a judge each time before issuing these requests. Here, I have concerns that we should not set a standard for terrorism investigations that is higher than those involved in investigating an ordinary crime. But I agree that greater oversight on the use of these letters may be appropriate, and I’m prepared to work with Congress on this issue.
There are also those who would like to see different changes to the FISA Court than the ones I’ve proposed. On all these issues, I am open to working with Congress to ensure that we build a broad consensus for how to move forward, and I’m confident that we can shape an approach that meets our security needs while upholding the civil liberties of every American.
Let me now turn to the separate set of concerns that have been raised overseas, and focus on America’s approach to intelligence collection abroad. As I’ve indicated, the United States has unique responsibilities when it comes to intelligence collection. Our capabilities help protect not only our nation, but our friends and our allies, as well. But our efforts will only be effective if ordinary citizens in other countries have confidence that the United States respects their privacy, too. And the leaders of our close friends and allies deserve to know that if I want to know what they think about an issue, I’ll pick up the phone and call them, rather than turning to surveillance. In other words, just as we balance security and privacy at home, our global leadership demands that we balance our security requirements against our need to maintain the trust and cooperation among people and leaders around the world.
For that reason, the new presidential directive that I’ve issued today will clearly prescribe what we do, and do not do, when it comes to our overseas surveillance. To begin with, the directive makes clear that the United States only uses signals intelligence for legitimate national security purposes, and not for the purpose of indiscriminately reviewing the emails or phone calls of ordinary folks. I’ve also made it clear that the United States does not collect intelligence to suppress criticism or dissent, nor do we collect intelligence to disadvantage people on the basis of their ethnicity, or race, or gender, or sexual orientation, or religious beliefs. We do not collect intelligence to provide a competitive advantage to U.S. companies or U.S. commercial sectors.
And in terms of our bulk collection of signals intelligence, U.S. intelligence agencies will only use such data to meet specific security requirements: counterintelligence, counterterrorism, counter-proliferation, cybersecurity, force protection for our troops and our allies, and combating transnational crime, including sanctions evasion.
In this directive, I have taken the unprecedented step of extending certain protections that we have for the American people to people overseas. I’ve directed the DNI, in consultation with the Attorney General, to develop these safeguards, which will limit the duration that we can hold personal information, while also restricting the use of this information.
The bottom line is that people around the world, regardless of their nationality, should know that the United States is not spying on ordinary people who don’t threaten our national security, and that we take their privacy concerns into account in our policies and procedures. This applies to foreign leaders as well. Given the understandable attention that this issue has received, I have made clear to the intelligence community that unless there is a compelling national security purpose, we will not monitor the communications of heads of state and government of our close friends and allies. And I’ve instructed my national security team, as well as the intelligence community, to work with foreign counterparts to deepen our coordination and cooperation in ways that rebuild trust going forward.
Now let me be clear: Our intelligence agencies will continue to gather information about the intentions of governments -- as opposed to ordinary citizens -- around the world, in the same way that the intelligence services of every other nation does. We will not apologize simply because our services may be more effective. But heads of state and government with whom we work closely, and on whose cooperation we depend, should feel confident that we are treating them as real partners. And the changes I’ve ordered do just that.
Finally, to make sure that we follow through on all these reforms, I am making some important changes to how our government is organized. The State Department will designate a senior officer to coordinate our diplomacy on issues related to technology and signals intelligence. We will appoint a senior official at the White House to implement the new privacy safeguards that I have announced today. I will devote the resources to centralize and improve the process we use to handle foreign requests for legal assistance, keeping our high standards for privacy while helping foreign partners fight crime and terrorism.
I have also asked my counselor, John Podesta, to lead a comprehensive review of big data and privacy. And this group will consist of government officials who, along with the President’s Council of Advisors on Science and Technology, will reach out to privacy experts, technologists and business leaders, and look how the challenges inherent in big data are being confronted by both the public and private sectors; whether we can forge international norms on how to manage this data; and how we can continue to promote the free flow of information in ways that are consistent with both privacy and security.
For ultimately, what’s at stake in this debate goes far beyond a few months of headlines, or passing tensions in our foreign policy. When you cut through the noise, what’s really at stake is how we remain true to who we are in a world that is remaking itself at dizzying speed. Whether it’s the ability of individuals to communicate ideas; to access information that would have once filled every great library in every country in the world; or to forge bonds with people on other sides of the globe, technology is remaking what is possible for individuals, and for institutions, and for the international order. So while the reforms that I have announced will point us in a new direction, I am mindful that more work will be needed in the future.
One thing I’m certain of: This debate will make us stronger. And I also know that in this time of change, the United States of America will have to lead. It may seem sometimes that America is being held to a different standard. And I'll admit the readiness of some to assume the worst motives by our government can be frustrating. No one expects China to have an open debate about their surveillance programs, or Russia to take privacy concerns of citizens in other places into account. But let’s remember: We are held to a different standard precisely because we have been at the forefront of defending personal privacy and human dignity.
As the nation that developed the Internet, the world expects us to ensure that the digital revolution works as a tool for individual empowerment, not government control. Having faced down the dangers of totalitarianism and fascism and communism, the world expects us to stand up for the principle that every person has the right to think and write and form relationships freely -- because individual freedom is the wellspring of human progress.
Those values make us who we are. And because of the strength of our own democracy, we should not shy away from high expectations. For more than two centuries, our Constitution has weathered every type of change because we have been willing to defend it, and because we have been willing to question the actions that have been taken in its defense. Today is no different. I believe we can meet high expectations. Together, let us chart a way forward that secures the life of our nation while preserving the liberties that make our nation worth fighting for.
Thank you. God bless you. May God bless the United States of America. (Applause.)
END
Remarks by the President on Review of Signals Intelligence
Department of Justice
Washington, D.C.
11:15 A.M. EST
THE PRESIDENT: At the dawn of our Republic, a small, secret surveillance committee borne out of the “The Sons of Liberty” was established in Boston. And the group’s members included Paul Revere. At night, they would patrol the streets, reporting back any signs that the British were preparing raids against America’s early Patriots.
Throughout American history, intelligence has helped secure our country and our freedoms. In the Civil War, Union balloon reconnaissance tracked the size of Confederate armies by counting the number of campfires. In World War II, code-breakers gave us insights into Japanese war plans, and when Patton marched across Europe, intercepted communications helped save the lives of his troops. After the war, the rise of the Iron Curtain and nuclear weapons only increased the need for sustained intelligence gathering. And so, in the early days of the Cold War, President Truman created the National Security Agency, or NSA, to give us insights into the Soviet bloc, and provide our leaders with information they needed to confront aggression and avert catastrophe.
Throughout this evolution, we benefited from both our Constitution and our traditions of limited government. U.S. intelligence agencies were anchored in a system of checks and balances -- with oversight from elected leaders, and protections for ordinary citizens. Meanwhile, totalitarian states like East Germany offered a cautionary tale of what could happen when vast, unchecked surveillance turned citizens into informers, and persecuted people for what they said in the privacy of their own homes.
In fact, even the United States proved not to be immune to the abuse of surveillance. And in the 1960s, government spied on civil rights leaders and critics of the Vietnam War. And partly in response to these revelations, additional laws were established in the 1970s to ensure that our intelligence capabilities could not be misused against our citizens. In the long, twilight struggle against Communism, we had been reminded that the very liberties that we sought to preserve could not be sacrificed at the altar of national security.
If the fall of the Soviet Union left America without a competing superpower, emerging threats from terrorist groups, and the proliferation of weapons of mass destruction placed new and in some ways more complicated demands on our intelligence agencies. Globalization and the Internet made these threats more acute, as technology erased borders and empowered individuals to project great violence, as well as great good. Moreover, these new threats raised new legal and new policy questions. For while few doubted the legitimacy of spying on hostile states, our framework of laws was not fully adapted to prevent terrorist attacks by individuals acting on their own, or acting in small, ideologically driven groups on behalf of a foreign power.
The horror of September 11th brought all these issues to the fore. Across the political spectrum, Americans recognized that we had to adapt to a world in which a bomb could be built in a basement, and our electric grid could be shut down by operators an ocean away. We were shaken by the signs we had missed leading up to the attacks -- how the hijackers had made phone calls to known extremists and traveled to suspicious places. So we demanded that our intelligence community improve its capabilities, and that law enforcement change practices to focus more on preventing attacks before they happen than prosecuting terrorists after an attack.
It is hard to overstate the transformation America’s intelligence community had to go through after 9/11. Our agencies suddenly needed to do far more than the traditional mission of monitoring hostile powers and gathering information for policymakers. Instead, they were now asked to identify and target plotters in some of the most remote parts of the world, and to anticipate the actions of networks that, by their very nature, cannot be easily penetrated with spies or informants.
And it is a testimony to the hard work and dedication of the men and women of our intelligence community that over the past decade we’ve made enormous strides in fulfilling this mission. Today, new capabilities allow intelligence agencies to track who a terrorist is in contact with, and follow the trail of his travel or his funding. New laws allow information to be collected and shared more quickly and effectively between federal agencies, and state and local law enforcement. Relationships with foreign intelligence services have expanded, and our capacity to repel cyber-attacks have been strengthened. And taken together, these efforts have prevented multiple attacks and saved innocent lives -- not just here in the United States, but around the globe.
And yet, in our rush to respond to a very real and novel set of threats, the risk of government overreach -- the possibility that we lose some of our core liberties in pursuit of security -- also became more pronounced. We saw, in the immediate aftermath of 9/11, our government engaged in enhanced interrogation techniques that contradicted our values. As a Senator, I was critical of several practices, such as warrantless wiretaps. And all too often new authorities were instituted without adequate public debate.
Through a combination of action by the courts, increased congressional oversight, and adjustments by the previous administration, some of the worst excesses that emerged after 9/11 were curbed by the time I took office. But a variety of factors have continued to complicate America’s efforts to both defend our nation and uphold our civil liberties.
First, the same technological advances that allow U.S. intelligence agencies to pinpoint an al Qaeda cell in Yemen or an email between two terrorists in the Sahel also mean that many routine communications around the world are within our reach. And at a time when more and more of our lives are digital, that prospect is disquieting for all of us.
Second, the combination of increased digital information and powerful supercomputers offers intelligence agencies the possibility of sifting through massive amounts of bulk data to identify patterns or pursue leads that may thwart impending threats. It’s a powerful tool. But the government collection and storage of such bulk data also creates a potential for abuse.
Third, the legal safeguards that restrict surveillance against U.S. persons without a warrant do not apply to foreign persons overseas. This is not unique to America; few, if any, spy agencies around the world constrain their activities beyond their own borders. And the whole point of intelligence is to obtain information that is not publicly available. But America’s capabilities are unique, and the power of new technologies means that there are fewer and fewer technical constraints on what we can do. That places a special obligation on us to ask tough questions about what we should do.
And finally, intelligence agencies cannot function without secrecy, which makes their work less subject to public debate. Yet there is an inevitable bias not only within the intelligence community, but among all of us who are responsible for national security, to collect more information about the world, not less. So in the absence of institutional requirements for regular debate -- and oversight that is public, as well as private or classified -- the danger of government overreach becomes more acute. And this is particularly true when surveillance technology and our reliance on digital information is evolving much faster than our laws.
For all these reasons, I maintained a healthy skepticism toward our surveillance programs after I became President. I ordered that our programs be reviewed by my national security team and our lawyers, and in some cases I ordered changes in how we did business. We increased oversight and auditing, including new structures aimed at compliance. Improved rules were proposed by the government and approved by the Foreign Intelligence Surveillance Court. And we sought to keep Congress continually updated on these activities.
What I did not do is stop these programs wholesale -- not only because I felt that they made us more secure, but also because nothing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens.
To the contrary, in an extraordinarily difficult job -- one in which actions are second-guessed, success is unreported, and failure can be catastrophic -- the men and women of the intelligence community, including the NSA, consistently follow protocols designed to protect the privacy of ordinary people. They’re not abusing authorities in order to listen to your private phone calls or read your emails. When mistakes are made -- which is inevitable in any large and complicated human enterprise -- they correct those mistakes. Laboring in obscurity, often unable to discuss their work even with family and friends, the men and women at the NSA know that if another 9/11 or massive cyber-attack occurs, they will be asked, by Congress and the media, why they failed to connect the dots. What sustains those who work at NSA and our other intelligence agencies through all these pressures is the knowledge that their professionalism and dedication play a central role in the defense of our nation.
Now, to say that our intelligence community follows the law, and is staffed by patriots, is not to suggest that I or others in my administration felt complacent about the potential impact of these programs. Those of us who hold office in America have a responsibility to our Constitution, and while I was confident in the integrity of those who lead our intelligence community, it was clear to me in observing our intelligence operations on a regular basis that changes in our technological capabilities were raising new questions about the privacy safeguards currently in place.
Moreover, after an extended review of our use of drones in the fight against terrorist networks, I believed a fresh examination of our surveillance programs was a necessary next step in our effort to get off the open-ended war footing that we’ve maintained since 9/11. And for these reasons, I indicated in a speech at the National Defense University last May that we needed a more robust public discussion about the balance between security and liberty. Of course, what I did not know at the time is that within weeks of my speech, an avalanche of unauthorized disclosures would spark controversies at home and abroad that have continued to this day.
And given the fact of an open investigation, I’m not going to dwell on Mr. Snowden’s actions or his motivations; I will say that our nation’s defense depends in part on the fidelity of those entrusted with our nation’s secrets. If any individual who objects to government policy can take it into their own hands to publicly disclose classified information, then we will not be able to keep our people safe, or conduct foreign policy. Moreover, the sensational way in which these disclosures have come out has often shed more heat than light, while revealing methods to our adversaries that could impact our operations in ways that we may not fully understand for years to come.
Regardless of how we got here, though, the task before us now is greater than simply repairing the damage done to our operations or preventing more disclosures from taking place in the future. Instead, we have to make some important decisions about how to protect ourselves and sustain our leadership in the world, while upholding the civil liberties and privacy protections that our ideals and our Constitution require. We need to do so not only because it is right, but because the challenges posed by threats like terrorism and proliferation and cyber-attacks are not going away any time soon. They are going to continue to be a major problem. And for our intelligence community to be effective over the long haul, we must maintain the trust of the American people, and people around the world.
This effort will not be completed overnight, and given the pace of technological change, we shouldn’t expect this to be the last time America has this debate. But I want the American people to know that the work has begun. Over the last six months, I created an outside Review Group on Intelligence and Communications Technologies to make recommendations for reform. I consulted with the Privacy and Civil Liberties Oversight Board, created by Congress. I’ve listened to foreign partners, privacy advocates, and industry leaders. My administration has spent countless hours considering how to approach intelligence in this era of diffuse threats and technological revolution. So before outlining specific changes that I’ve ordered, let me make a few broad observations that have emerged from this process.
First, everyone who has looked at these problems, including skeptics of existing programs, recognizes that we have real enemies and threats, and that intelligence serves a vital role in confronting them. We cannot prevent terrorist attacks or cyber threats without some capability to penetrate digital communications -- whether it’s to unravel a terrorist plot; to intercept malware that targets a stock exchange; to make sure air traffic control systems are not compromised; or to ensure that hackers do not empty your bank accounts. We are expected to protect the American people; that requires us to have capabilities in this field.
Moreover, we cannot unilaterally disarm our intelligence agencies. There is a reason why BlackBerrys and iPhones are not allowed in the White House Situation Room. We know that the intelligence services of other countries -- including some who feign surprise over the Snowden disclosures -- are constantly probing our government and private sector networks, and accelerating programs to listen to our conversations, and intercept our emails, and compromise our systems. We know that.
Meanwhile, a number of countries, including some who have loudly criticized the NSA, privately acknowledge that America has special responsibilities as the world’s only superpower; that our intelligence capabilities are critical to meeting these responsibilities, and that they themselves have relied on the information we obtain to protect their own people.
Second, just as ardent civil libertarians recognize the need for robust intelligence capabilities, those with responsibilities for our national security readily acknowledge the potential for abuse as intelligence capabilities advance and more and more private information is digitized. After all, the folks at NSA and other intelligence agencies are our neighbors. They're our friends and family. They’ve got electronic bank and medical records like everybody else. They have kids on Facebook and Instagram, and they know, more than most of us, the vulnerabilities to privacy that exist in a world where transactions are recorded, and emails and text and messages are stored, and even our movements can increasingly be tracked through the GPS on our phones.
Third, there was a recognition by all who participated in these reviews that the challenges to our privacy do not come from government alone. Corporations of all shapes and sizes track what you buy, store and analyze our data, and use it for commercial purposes; that’s how those targeted ads pop up on your computer and your smartphone periodically. But all of us understand that the standards for government surveillance must be higher. Given the unique power of the state, it is not enough for leaders to say: Trust us, we won’t abuse the data we collect. For history has too many examples when that trust has been breached. Our system of government is built on the premise that our liberty cannot depend on the good intentions of those in power; it depends on the law to constrain those in power.
I make these observations to underscore that the basic values of most Americans when it comes to questions of surveillance and privacy converge a lot more than the crude characterizations that have emerged over the last several months. Those who are troubled by our existing programs are not interested in repeating the tragedy of 9/11, and those who defend these programs are not dismissive of civil liberties.
The challenge is getting the details right, and that is not simple. In fact, during the course of our review, I have often reminded myself I would not be where I am today were it not for the courage of dissidents like Dr. King, who were spied upon by their own government. And as President, a President who looks at intelligence every morning, I also can’t help but be reminded that America must be vigilant in the face of threats.
Fortunately, by focusing on facts and specifics rather than speculation and hypotheticals, this review process has given me -- and hopefully the American people -- some clear direction for change. And today, I can announce a series of concrete and substantial reforms that my administration intends to adopt administratively or will seek to codify with Congress.
First, I have approved a new presidential directive for our signals intelligence activities both at home and abroad. This guidance will strengthen executive branch oversight of our intelligence activities. It will ensure that we take into account our security requirements, but also our alliances; our trade and investment relationships, including the concerns of American companies; and our commitment to privacy and basic liberties. And we will review decisions about intelligence priorities and sensitive targets on an annual basis so that our actions are regularly scrutinized by my senior national security team.
Second, we will reform programs and procedures in place to provide greater transparency to our surveillance activities, and fortify the safeguards that protect the privacy of U.S. persons. Since we began this review, including information being released today, we have declassified over 40 opinions and orders of the Foreign Intelligence Surveillance Court, which provides judicial review of some of our most sensitive intelligence activities -- including the Section 702 program targeting foreign individuals overseas, and the Section 215 telephone metadata program.
And going forward, I’m directing the Director of National Intelligence, in consultation with the Attorney General, to annually review for the purposes of declassification any future opinions of the court with broad privacy implications, and to report to me and to Congress on these efforts. To ensure that the court hears a broader range of privacy perspectives, I am also calling on Congress to authorize the establishment of a panel of advocates from outside government to provide an independent voice in significant cases before the Foreign Intelligence Surveillance Court.
Third, we will provide additional protections for activities conducted under Section 702, which allows the government to intercept the communications of foreign targets overseas who have information that’s important for our national security. Specifically, I am asking the Attorney General and DNI to institute reforms that place additional restrictions on government’s ability to retain, search, and use in criminal cases communications between Americans and foreign citizens incidentally collected under Section 702.
Fourth, in investigating threats, the FBI also relies on what's called national security letters, which can require companies to provide specific and limited information to the government without disclosing the orders to the subject of the investigation. These are cases in which it's important that the subject of the investigation, such as a possible terrorist or spy, isn’t tipped off. But we can and should be more transparent in how government uses this authority.
I have therefore directed the Attorney General to amend how we use national security letters so that this secrecy will not be indefinite, so that it will terminate within a fixed time unless the government demonstrates a real need for further secrecy. We will also enable communications providers to make public more information than ever before about the orders that they have received to provide data to the government.
This brings me to the program that has generated the most controversy these past few months -- the bulk collection of telephone records under Section 215. Let me repeat what I said when this story first broke: This program does not involve the content of phone calls, or the names of people making calls. Instead, it provides a record of phone numbers and the times and lengths of calls -- metadata that can be queried if and when we have a reasonable suspicion that a particular number is linked to a terrorist organization.
Why is this necessary? The program grew out of a desire to address a gap identified after 9/11. One of the 9/11 hijackers -- Khalid al-Mihdhar -- made a phone call from San Diego to a known al Qaeda safe-house in Yemen. NSA saw that call, but it could not see that the call was coming from an individual already in the United States. The telephone metadata program under Section 215 was designed to map the communications of terrorists so we can see who they may be in contact with as quickly as possible. And this capability could also prove valuable in a crisis. For example, if a bomb goes off in one of our cities and law enforcement is racing to determine whether a network is poised to conduct additional attacks, time is of the essence. Being able to quickly review phone connections to assess whether a network exists is critical to that effort.
In sum, the program does not involve the NSA examining the phone records of ordinary Americans. Rather, it consolidates these records into a database that the government can query if it has a specific lead -- a consolidation of phone records that the companies already retained for business purposes. The review group turned up no indication that this database has been intentionally abused. And I believe it is important that the capability that this program is designed to meet is preserved.
Having said that, I believe critics are right to point out that without proper safeguards, this type of program could be used to yield more information about our private lives, and open the door to more intrusive bulk collection programs in the future. They’re also right to point out that although the telephone bulk collection program was subject to oversight by the Foreign Intelligence Surveillance Court and has been reauthorized repeatedly by Congress, it has never been subject to vigorous public debate.
For all these reasons, I believe we need a new approach. I am therefore ordering a transition that will end the Section 215 bulk metadata program as it currently exists, and establish a mechanism that preserves the capabilities we need without the government holding this bulk metadata.
This will not be simple. The review group recommended that our current approach be replaced by one in which the providers or a third party retain the bulk records, with government accessing information as needed. Both of these options pose difficult problems. Relying solely on the records of multiple providers, for example, could require companies to alter their procedures in ways that raise new privacy concerns. On the other hand, any third party maintaining a single, consolidated database would be carrying out what is essentially a government function but with more expense, more legal ambiguity, potentially less accountability -- all of which would have a doubtful impact on increasing public confidence that their privacy is being protected.
During the review process, some suggested that we may also be able to preserve the capabilities we need through a combination of existing authorities, better information sharing, and recent technological advances. But more work needs to be done to determine exactly how this system might work.
Because of the challenges involved, I’ve ordered that the transition away from the existing program will proceed in two steps. Effective immediately, we will only pursue phone calls that are two steps removed from a number associated with a terrorist organization instead of the current three. And I have directed the Attorney General to work with the Foreign Intelligence Surveillance Court so that during this transition period, the database can be queried only after a judicial finding or in the case of a true emergency.
Next, step two, I have instructed the intelligence community and the Attorney General to use this transition period to develop options for a new approach that can match the capabilities and fill the gaps that the Section 215 program was designed to address without the government holding this metadata itself. They will report back to me with options for alternative approaches before the program comes up for reauthorization on March 28th. And during this period, I will consult with the relevant committees in Congress to seek their views, and then seek congressional authorization for the new program as needed.
Now, the reforms I’m proposing today should give the American people greater confidence that their rights are being protected, even as our intelligence and law enforcement agencies maintain the tools they need to keep us safe. And I recognize that there are additional issues that require further debate. For example, some who participated in our review, as well as some members of Congress, would like to see more sweeping reforms to the use of national security letters so that we have to go to a judge each time before issuing these requests. Here, I have concerns that we should not set a standard for terrorism investigations that is higher than those involved in investigating an ordinary crime. But I agree that greater oversight on the use of these letters may be appropriate, and I’m prepared to work with Congress on this issue.
There are also those who would like to see different changes to the FISA Court than the ones I’ve proposed. On all these issues, I am open to working with Congress to ensure that we build a broad consensus for how to move forward, and I’m confident that we can shape an approach that meets our security needs while upholding the civil liberties of every American.
Let me now turn to the separate set of concerns that have been raised overseas, and focus on America’s approach to intelligence collection abroad. As I’ve indicated, the United States has unique responsibilities when it comes to intelligence collection. Our capabilities help protect not only our nation, but our friends and our allies, as well. But our efforts will only be effective if ordinary citizens in other countries have confidence that the United States respects their privacy, too. And the leaders of our close friends and allies deserve to know that if I want to know what they think about an issue, I’ll pick up the phone and call them, rather than turning to surveillance. In other words, just as we balance security and privacy at home, our global leadership demands that we balance our security requirements against our need to maintain the trust and cooperation among people and leaders around the world.
For that reason, the new presidential directive that I’ve issued today will clearly prescribe what we do, and do not do, when it comes to our overseas surveillance. To begin with, the directive makes clear that the United States only uses signals intelligence for legitimate national security purposes, and not for the purpose of indiscriminately reviewing the emails or phone calls of ordinary folks. I’ve also made it clear that the United States does not collect intelligence to suppress criticism or dissent, nor do we collect intelligence to disadvantage people on the basis of their ethnicity, or race, or gender, or sexual orientation, or religious beliefs. We do not collect intelligence to provide a competitive advantage to U.S. companies or U.S. commercial sectors.
And in terms of our bulk collection of signals intelligence, U.S. intelligence agencies will only use such data to meet specific security requirements: counterintelligence, counterterrorism, counter-proliferation, cybersecurity, force protection for our troops and our allies, and combating transnational crime, including sanctions evasion.
In this directive, I have taken the unprecedented step of extending certain protections that we have for the American people to people overseas. I’ve directed the DNI, in consultation with the Attorney General, to develop these safeguards, which will limit the duration that we can hold personal information, while also restricting the use of this information.
The bottom line is that people around the world, regardless of their nationality, should know that the United States is not spying on ordinary people who don’t threaten our national security, and that we take their privacy concerns into account in our policies and procedures. This applies to foreign leaders as well. Given the understandable attention that this issue has received, I have made clear to the intelligence community that unless there is a compelling national security purpose, we will not monitor the communications of heads of state and government of our close friends and allies. And I’ve instructed my national security team, as well as the intelligence community, to work with foreign counterparts to deepen our coordination and cooperation in ways that rebuild trust going forward.
Now let me be clear: Our intelligence agencies will continue to gather information about the intentions of governments -- as opposed to ordinary citizens -- around the world, in the same way that the intelligence services of every other nation does. We will not apologize simply because our services may be more effective. But heads of state and government with whom we work closely, and on whose cooperation we depend, should feel confident that we are treating them as real partners. And the changes I’ve ordered do just that.
Finally, to make sure that we follow through on all these reforms, I am making some important changes to how our government is organized. The State Department will designate a senior officer to coordinate our diplomacy on issues related to technology and signals intelligence. We will appoint a senior official at the White House to implement the new privacy safeguards that I have announced today. I will devote the resources to centralize and improve the process we use to handle foreign requests for legal assistance, keeping our high standards for privacy while helping foreign partners fight crime and terrorism.
I have also asked my counselor, John Podesta, to lead a comprehensive review of big data and privacy. And this group will consist of government officials who, along with the President’s Council of Advisors on Science and Technology, will reach out to privacy experts, technologists and business leaders, and look how the challenges inherent in big data are being confronted by both the public and private sectors; whether we can forge international norms on how to manage this data; and how we can continue to promote the free flow of information in ways that are consistent with both privacy and security.
For ultimately, what’s at stake in this debate goes far beyond a few months of headlines, or passing tensions in our foreign policy. When you cut through the noise, what’s really at stake is how we remain true to who we are in a world that is remaking itself at dizzying speed. Whether it’s the ability of individuals to communicate ideas; to access information that would have once filled every great library in every country in the world; or to forge bonds with people on other sides of the globe, technology is remaking what is possible for individuals, and for institutions, and for the international order. So while the reforms that I have announced will point us in a new direction, I am mindful that more work will be needed in the future.
One thing I’m certain of: This debate will make us stronger. And I also know that in this time of change, the United States of America will have to lead. It may seem sometimes that America is being held to a different standard. And I'll admit the readiness of some to assume the worst motives by our government can be frustrating. No one expects China to have an open debate about their surveillance programs, or Russia to take privacy concerns of citizens in other places into account. But let’s remember: We are held to a different standard precisely because we have been at the forefront of defending personal privacy and human dignity.
As the nation that developed the Internet, the world expects us to ensure that the digital revolution works as a tool for individual empowerment, not government control. Having faced down the dangers of totalitarianism and fascism and communism, the world expects us to stand up for the principle that every person has the right to think and write and form relationships freely -- because individual freedom is the wellspring of human progress.
Those values make us who we are. And because of the strength of our own democracy, we should not shy away from high expectations. For more than two centuries, our Constitution has weathered every type of change because we have been willing to defend it, and because we have been willing to question the actions that have been taken in its defense. Today is no different. I believe we can meet high expectations. Together, let us chart a way forward that secures the life of our nation while preserving the liberties that make our nation worth fighting for.
Thank you. God bless you. May God bless the United States of America. (Applause.)
END
Subscribe to:
Posts (Atom)