LAS VEGAS — Presidential election interference, a once-in-a-generation pandemic, the SolarWinds Orion hack and Russia’s invasion of Ukraine are just a small sampling of what Gen. Paul Nakasone witnessed during his time leading the National Security Agency and U.S. Cyber Command.
In taking the position in 2018, he set “wake-up conditions” for when an on-duty officer would call him during an emergency that would require attention from the president or secretary of defense. In his first year, he got 3 calls. In his final month on the job, he was phoned over 10 times.
“It’s for you. It’s them. Good luck,” he recalled his wife telling him whenever a call came through. His description of what became a routine habit for the Nakasone family elicited laughs from an audience of hackers and security practitioners at the DEF CON hacking conference here.
“We matched the fires on the ground with fires on net,” he said onstage, telling stories about when U.S. cyber warriors teamed up with on-ground infantry to take on Islamic State forces in Syria and Iraq nearly a decade ago, a sign that cyberspace had fully emerged as a tangible asset in conflict zones.
A few years after that, Cyber Command began deploying its cyber warriors to allied nations in “hunt forward” operations that root out enemy hackers and slow adversaries’ cyber operations while gaining important defensive insights for future cyberwar. The agencies’ analysts suggested sharing digital hunting data not just with U.S. intelligence officials, but with the private sector, too.
That new dynamic first surfaced in 2020, when the NSA was tasked with overseeing how adversaries were looking for information about private companies’ vaccine development, Nakasone said, recalling when the U.S. was pushing to develop a viable COVID-19 vaccine in mere months. Such public-private partnerships have now become commonplace, especially in the wake of Russia’s 2022 invasion of Ukraine.
Nakasone donned a relaxed outfit consisting of a striped shirt and black jeans at DEF CON instead of his military uniform, but his attitude about the state of national security hasn’t changed.
He’s now on a new mission: Protecting borders, having allies and possessing the military capabilities to deal with adversaries is part of the current national security equation, but a new series of different borderless threats challenge nations today, and that goes well beyond the higher rate of phone calls he received later in his tenure.
“The scope, scale, sophistication and speed of what we’re facing is tremendously different” versus five years ago, he said.
To Nakasone, it means that younger people need to have a seat at the national security table, he told reporters on the sidelines of DEF CON. “Gen Z will be the No. 1 sector within our workforce. Okay, that’s great. But it also requires that knowledge and skills and ability that have just left us — whether or not they’re baby boomers like myself or millennials — you’ve got to be able to pass that information on,” he said.
Officials in 2024 have frequently said the global threat environment has reached an all-time high. It’s been signaled in public testimony from officials who have called out Chinese hackers embedding into U.S. critical infrastructure, as well as an increased buildup of military assets in must-pass congressional funding bills. A record number of people voting in elections around the world has only catalyzed these threats, as endless concerns about AI-driven disinformation have come to life.
He hopes to begin addressing the issue through a new Vanderbilt University national security research institute launching next month. “We’re talking 25 for 2025,” he said, as part of an effort to put 25 Vanderbilt interns into governmental national-security roles to help kickstart the effort.
He wants the institute to also research emerging security risks at the speed and scale he’e become used to in his time in service. “The question is, how do you think differently about national security?” he said, arguing that schools are now central for addressing national-security challenges. “[Vanderbilt] has the ability to move at a much quicker [research] pace,” he said.
Nakasone, in essence, wants to add a new intersection point between public and private partnerships, enhancing the relationship with academic research.
“Our intelligence is really good. But I would tell you: the bottom line is we’re not keeping up,” he said. “We need a new strategy.”
In a way, this enhanced relationship is a callback to the September 11 attacks that kickstarted many of the societal discussions over warfare, armaments, surveillance laws and intelligence gathering, he said. “If you see something, say something,” was a regular phrase that came in the wake of the terrorist attacks, where officials argued that, with the benefit of hindsight, intelligence agencies and private firms were too stovepiped to pick up patterns that would have enabled proper information-sharing to stop the plane hijackings.
Part of the recruitment process for engagement with the institute began at DEF CON. Nakasone made it a point to discuss the Vanderbilt initiative at the end of his presentation, which brought in hundreds of viewers. “The appeal to DEF CON here is, these are the people that work in cyberspace every single day,” Nakasone said to reporters. “So guess what? They’re probably the first people that are going to see something.”
Some 15 times more people over the age of 50 work in national security than under the age of 30, he said, arguing it’s time for a new generation of national-security workers to help the U.S. shore up its defenses.
“We want policymakers who can code, and coders who understand policy,” he said. “I think we have to reflect the generational change and the tenor of our times.”
