Dick Schaeffer, The Role of NSA in Cyber, Part 1

Former Senior Executive with the National Security Bureau (NSA), Richard (Dick) Schaeffer joins us to discuss the role of NSA in the future of Cyber, what Cyber looks like in 2030 and Commercial vs. Authorities leadership in cyberspace.

Episode Tabular array of Contents

• [0:35] Introducing Our Guest, Dick Schaeffer
• [1:41] The Journeying to Marine Corps
• [half dozen:53] Spending 37 Years in NSA
• [10:l] The Possibility of Going Up Against United States
• About Our Guest

Introducing Our Guest, Dick Schaeffer

Arika:
We have a great guest, someone who is very well known in the industry. We take Dick Schaeffer who was the onetime IAD at NSA, which is an data balls managing director. Howdy Dick. How you doing?

Richard:
Skilful morning time. Doing very well.

Eric:
And Erica, in that location are a couple of directors in there so I merely desire to clarify. Dick was the director of the information assurance director directorate at NSA. Dick, how many years did you do that?

Richard:
So I was the information assurance managing director from 2006 until I retired in 2010. A little over four years under Keith Alexander, who was the managing director at the fourth dimension.

Eric:
Okay. And you were a Marine early in your career, correct?

Richard:
Early on life, I joined the Marine Corps out of high schoolhouse. Sort of at the pinnacle of the Vietnam War and served in the Marine Corps from 1966 to 1970.

Eric:
Those are some busy years in Vietnam back and then.

Eric:
Aye. What makes you join the Marine Corps out of high school?

Arika:
That was my question.

The Journeying to Marine Corps

Eric:
I did the same thing with the army. We weren’t in an agile conflict like the Vietnam War. Only what makes you lot exercise something like that?

Richard:
Well, so I come from a Marine family. At the fourth dimension that I graduated from high school, I knew I wanted to exist an engineer. I just wasn’t fix for the side by side stage of teaching. And and so I felt compelled. I actually joined the Marine Corps before I graduated, which enabled me to sort of pick what I wanted to practise. I had hopes of beingness a Marine aviator.

And so I went into the aviation field of the Marine Corps. And then joining early immune me to do that. It just didn’t work out relative to existence a Marine aviator when I was in Vietnam, and I was there from 1968 through 1970, and 1970 the Marine Corps began to sort of air current down their movement of folks. They had a program at a academy where you could go and get your degree, graduate and then get on to flight school from there. And the program wound down. So I exited the Marine Corps and went to college and ultimately did become the engineer that I wanted to in the showtime.

Eric:
You know, it’s interesting. That’due south almost the same story that I had. I signed up for the delayed entry plan in loftier schoolhouse, left correct after loftier schoolhouse, went through the army. At that place was a green to golden program that just didn’t employ to me. So I got out and finished off my college and as well the technical background. Interesting parallel there.

How Dick Schaeffer Got Into NSA

Richard:
Yep, information technology was interesting. I didn’t know NSA from any other agency. And one day a recruiter comes to campus and nosotros’re talking and I said, oh, you are the guys that congenital that lousy crypto that nosotros had to employ in Vietnam. He said no, nosotros don’t build lousy crypto. And I said, well, it-

Eric:
It’s heavy.

Richard:
It didn’t work operationally for us. He said, well, why don’t you lot come help us set up that? And that was the beginning of, I ended up at NSA in 1975 and had no idea how long I’d stay, and 2010 I walked out of there with 36, 37 years behind me, never knowing how long I was going to stay. Information technology went by very quickly.

Eric:
Did y’all brand crypto better?

Richard:
I’m sure yous saw a lot of… Oh, adept question Eric.

Eric:
Pitiful. I had to carry some of that [inaudible 00:04:41] infantryman in the army and information technology was very heavy Arika, jumping it and simply humping it through the bush-league. It was quite heavy. And then I didn’t care about its power to encrypt as much as I did the weight of the batteries and the device itself.

Dick’s Experience Flying an Assail Aircraft

Richard:
So I ended up in an A4 squadron, a small-scale attack aircraft, and we were flying KY-28s in the aircraft, and at the aforementioned time, that wasn’t, by today’due south standards it wasn’t a Mach one plane. It was nigh a 600-knot maximum plane, but when it takes more than a couple of seconds for two systems to sync up, yous’ve moved a long manner at 400 plus knots, which was kind of typical. So it wasn’t as if it worked very well. And so there, of course, there was compatible hardware for the ground, and in the same kind of situation, if y’all’re calling in close air back up and information technology takes a while for systems to sync up, you’ve probably passed over the target or you lot’re in a panic mode and calling in the support.

Richard:
And then it just didn’t work very well for united states. So most of the systems never got turned on. Everything was operated in the clear. And and so that’s what I went to NSA to, I didn’t know COMSEC from communication security from annihilation else. I didn’t know NSA from anything else. I just knew I was a immature electrical engineer who wanted to get practice heady stuff. So information technology seemed similar a good opportunity. And in retrospect information technology certainly was. I was never bored a day in my life at NSA and worked with some of the smartest people in the globe.

Arika:
Well and Dick, I imagined, did you say you spent, was it 37 years at that place at NSA?

Spending 37 Years in NSA

Richard:
Yes, I got at that place in 1975, and I left in 2010, and as it works out in the timing, information technology was about 36 years. And then I had time, as I was in college, I was working at Harry Diamond Laboratories designing proximity fuses for the army and others. So it was sort of a co-op program and that helped pay for the education along with the GI bill and gave me some design feel which carried well when I went to NSA.

Arika:
Well, and I’m sure you only saw and so many changes in terms of the areas of focus and evolution and just, I can just imagine. That’due south a long time to spend at such a critical agency like an NSA. What, especially in the space of the threat and attacks we’ve seen from adversaries, especially in the cyberspace world, what types of changes did you encounter throughout that, those 37 years. I’m sure it was quite different from when you started in what you lot were focused on to when you left, especially being the IAD director.

Richard:
Well, if I interruption my career up into chunks at NSA, I spent the starting time 15 years of my career in the overhead business working high-speed encryption systems for some of the, what I refer to equally the battle stars, some of the big intelligence platforms. And then I did tactical comms.

An Exciting Time: Running the National Security Operation Center from 2003 to 2006

Richard:
I did nuclear command and control. I led the inquiry organization for a while and also just prior to going back to the defensive side of the operation, I ran the National Security Operation Center from 2003 to 2006. And it was a peachy fourth dimension. I helped integrate NSOC, the National Security Operation Eye with, the NSA, CSS Threat Operations Center, NTOC and our counter terrorism heart into a single coherent operational platform.

Richard:
So an exciting time. But with respect to cyber, if y’all look at the big adversaries, nation states, those that nosotros always considered to be the elevation threats, what I saw over the years were tools and techniques that were adult past the high-cease actors, notice their way downward the concatenation to the lower level players. I spent some time on a defense science board where nosotros created a half-dozen-tier adversarial threat model with tiers five and vi beingness nation state actors, high capability adversaries, and so at tier six, those who could really do information technology at scale.

And so it’s not doing a single operation. Those that would run multiple operations at a time. That threat model withal in use today. Only the tools and techniques used by those top tier players discover their way down to the lower level. Think virtually the criminals and so the general hacker community.

The Possibility of Going Up Against United States

Richard:
Anyone tin can get on the net today and download a gear up of tools that will be remarkably effective confronting a very broad range of targets today, and targets whether that’south a capital T, a loftier-value asset, or whether it’southward a small t, it could be ransomware used against a small town or a hospital or 1 of the entities where people are extorting funds from those entities using those ransomware tools today that are publicly available.

Eric:
Dick, over the course of your career, I remember, mayhap confirm or deny here, merely we’ve seen the enablement of those second, third, fourth tier adversaries where with cyber and globalization and Information technology communications coming online, is it not easier for a North Korea or a small country in Africa, really doesn’t matter I guess, to actually assault our infrastructure or the United states or any land than it used to be in the old, more concrete world?

Richard:
Oh, absolutely. I don’t think in that location’s a nation in the world that would go upwardly against the U.s.a. essentially mano a mano. From a kinetic standpoint, there isn’t a more powerful military in the globe. You don’t need that today. Sort of the disproportionate threat environment that we talk about, you can use cyber to condition the battlefield, however ane wants to ascertain the battleground, y’all tin use cyber capabilities to condition the battlefield. That can exist done by a teenager with a laptop or it can be washed by a nation state adversary across the cyberspace. And in some cases information technology’s very difficult to tell i from the other.

A Highway for Malicious Behavior

Richard:
No, I was just going to say I happened to exist in the Pentagon in 1998 when two teenagers from California tied up the Department of Defense for six weeks. If you Google Solar Sunrise, yous get the groundwork on that. It looked like an attack coming from Iran, but it was ii sixteen-year-olds from Cloverdale, California. So it-

Richard:
Yes, the internet, it’s a powerful place for good. It’due south also a highway for malicious behavior by anyone with the right tools and techniques and the right access.

Eric:
Yeah. And it’s and then easy. It’s so easy to obfuscate your activities, the enablement piece is easy. I imagine in the beginning of your career, the early parts, you were focused on the Eastern cake countries primarily. And as things evolved, I can only imagine what the chore is similar trying to understand how to set on confronting all these new access points, all these new adversaries or potential adversaries, including two kids in California.

Continue to Listen Adjacent Week for Office Two of Our Interview With Dick Schaeffer

Richard:
Aye. It’southward an incredibly circuitous problem. I call back the intelligence community including NSA does a remarkable task at attribution. So is it two teenagers located somewhere? Is it a nation state that’s perpetrating an outcome that’southward maybe function of some larger performance? Just there’southward then much racket in the channel today. They use a comms illustration. There’s so much dissonance in the channel today that you accept to weed through all that stuff to get at the true adversarial information. We do a much, much better task today than we did in the early days of the practice, merely it’s still a circuitous problem, and the ability to hop from location to location essentially well-nigh creates some pretty pregnant challenges.

Arika:
Hi everyone, I hope y’all’ve been enjoying this great conversation with Dick Schaeffer. We are really going to brand this into 2 episodes considering we just could not cease talking. So please continue to mind next week for part 2 of our interview with Dick Schaeffer. Cheers so much and please continue to tune in and listen to To The Point Cybersecurity.

Near Our Invitee

Richard C. Schaeffer, Jr. is a former Senior Executive with the National Security Agency (NSA), with over twoscore years full U. South. Government service, including 15 years as a member of the Defense Intelligence Senior Executive Service. Positions held during his career include Director, Information and Infrastructure Assurance, in the Role of the Assistant Secretarial assistant of Defense (Control, Command, Communications, and Intelligence) at the Pentagon and NSA Deputy Chief of Staff.

Since retiring from the NSA in April 2010, Mr. Schaeffer has connected to pursue his passion for improving the security of U. S. interests in the Cyber domain. through his own consulting house, Riverbank Associates, LLC.