WASHINGTON, Sept. 13, 2016 — The Defense Department supports strong encryption to protect military capabilities and commercial encryption technology that is critical to U.S. economic security, senior DoD officials said here today.
Marcel Lettre, undersecretary of defense for intelligence, and Navy Adm. Mike Rogers, commander of U.S. Cyber Command and director of the National Security Agency, testified before the Senate Armed Services Committee during a hearing on encryption and cyber matters.
In his remarks to the panel, Lettre said the department seeks robust encryption standards and technology vital to protecting warfighting capabilities and insuring that key data systems stay secure and impenetrable to adversaries today and into the future.
“The department's support for the use of strong encryption goes well beyond its obvious military value,” the undersecretary added.
For example, he said, commercial encryption technology is essential to U.S. economic security and competitiveness, and the department depends on commercial partners and contractors to help protect national security systems, research and development data related to weapon systems, classified and sensitive information about service members and department civilians, and personally identifiable information and health records.
The department also is concerned about adversaries, particularly terrorist actors, using technology innovation — including ubiquitous encryption — to do harm to Americans, Lettre said.
DoD cybersecurity challenges are compounded by the pace and scope of change in the threat environment and in associated technologies, he added, noting that adversaries constantly adopt new and widely available encryption capabilities.
“Terrorist groups such as the Islamic State of Iraq and the Levant, [or] ISIL, leverage such technology to recruit, plan and conduct operations,” he said, and concern grows as some parts of the communication-technology industry move toward encryption systems that providers themselves sometimes can’t unencrypt even when they receive lawful government requests to do so based on law enforcement or national security needs.
“This presents a unique policy challenge,” Lettre said, “one [requiring] that we carefully review how we manage the tradeoffs inherent in protecting our values, which include individual privacy as well as our support of U.S. companies’ ability to innovate and compete in the global economy, and protecting our citizens from those who mean to do us grave harm.”
The department is working now with other parts of the government and the private sector to seek solutions to these issues, he said, and DoD must strengthen its partnership with the private sector to find ways to protect its systems against cyberattacks.
DoD also must find innovative and broadly acceptable ways to address nefarious actors’ adoption of new technologies, the undersecretary added, including encryption, while avoiding introducing unintentional weaknesses into its security systems or hurting U.S. global economic competitiveness.
“An ongoing dialogue with Congress … other departments and agencies and the private sector is absolutely critical as we work together to confront and overcome the security challenges associated with encryption,” Lettre said.
Encryption is Fundamental
In his remarks to the committee, Rogers explained that when he uses the term encryption he is referring to a means of protecting data from access except by those who are authorized to have it.
“Encryption is usually done by combining random data with the data you want to protect. The random data is generated by a mathematical algorithm and uses some secret information, normally called a key, in the generation. Without the key,” the admiral said, “you can't undo the encryption.”
NSA supports the use of encryption, Rogers said, noting that encryption “is fundamental to the protection of everyone's data as it travels across the global network.”
Through its information assurance mission, NSA sets the encryption standard for DoD, he added.
“We understand encryption. We rely on it ourselves and set the standards for others in the U.S. government to use it properly to protect national security systems. At the same time we acknowledge that encryption presents an ever-increasing challenge to the foreign intelligence mission of NSA,” he said.
The easy availability of strong encryption by those who wish to harm U.S. citizens, the government and U.S. allies is a threat to national security, and the threat environment in cyberspace and in the physical world is constantly evolving, Rogers added, and NSA must keep pace to provide policymakers and warfighters the foreign intelligence they need to help keep the nation safe.
The tactics, techniques and procedures used by terrorists and other adversaries continue to evolve, Rogers said.
“Those who would seek to harm us, whether terrorists or criminals, use the same internet, the same mobile communication devices, the same software and applications and the same social media platforms that law-abiding citizens around the world use. The trend is clear. The adversaries continue to get better at protecting their communications, including through the use of strong encryption,” he said.
Investing in Progress
“I want to take this opportunity to assure you and the American people that the NSA has not stood still in response to this changing threat environment,” Rogers told the panel. “We are making investments in technologies and capabilities designed to help us address this challenge.”
Last year NSA began a process to better position itself to face such challenges. It is premised on the idea that, as good as NSA is at foreign intelligence and its information assurance mission, the world will continue to change so the goals also must change to insure that the agency will be as effective tomorrow as it is today, the admiral said.
“The nation counts on NSA to achieve insights into what is happening in the world around us, which could be a concern to our nation's security, the safety and well-being of our citizens and of our friends and allies,” Rogers said.
“We have a challenge before us,” he added. “We're watching sophisticated adversaries change their communication profiles in ways that enable them to hide information relating to their involvement in things such as criminal behavior, terrorist planning, militia cyber intrusions and even cyberattacks.”
Today technology lets adversaries communicate in a way that makes it increasingly problematic for NSA and others to acquire the critical foreign intelligence needed to protect the nation, or for law enforcement individuals to defend the nation against criminal activity, the admiral said.
Encryption is foundational to the future, he added, so the challenge is to find the best way to ensure the protection of information, the privacy and civil liberties of citizens, and the production of foreign intelligence needed to assure the protection and safety of those citizens.
“All three are incredibly important to us as a nation,” Rogers said.