Exclusive: Nakasone on exploding pagers, life after the NSA and another possible government job

Avatar

Last week, we published the first part of an interview with retired Gen. Paul Nakasone focusing on election security. The Click Here podcast sat down with the former head of NSA and U.S. Cyber Command for a wide-ranging conversation about everything from North Korean troops in Ukraine to the prospect of possibly returning to a government job. Our discussion came just a week before Americans went to the polls and we knew that President Donald Trump won the election. 

The second part of our conversation has been lightly edited for length and clarity.

CLICK HERE: I wanted to start with pagers, specifically the exploding pagers we saw in Syria and Lebanon back in September. Is this a harbinger of things to come?

PAUL NAKASONE: It reminds us that, you know, the supply chain means everything. We saw this during the COVID-19 pandemic. We understood that perhaps not everything that we thought was going to be part of, you know, our national inventory was produced here. We have to be able to understand that. 

CH: Is this going to become the new normal, the next wave of non-traditional warfare, or do you think this was more of a singular event?

PN: I think that there will be a number of different adversaries that take a look at this and say, ‘How do we utilize this for the future?’ I think it’s a piece that gives us pause and says, ‘Okay, how do we make sure that this does not happen to us? ‘

CH: You’ve talked about the Axis of Authoritarianism… Can you explain what you mean? 

PN: When I came into the Army, there were two pacts, right? [Editor’s Note: Nakasone was commissioned in 1986.] It was the Warsaw Pact, and of course there was NATO. And we thought about the world as this is what the free world was doing, this is what the Soviet Bloc was doing. Now we have an Axis of Authoritarianism that has a number of different members. China, Russia, North Korea, Iran — and their goal is to impede the United States from being able to execute its responsibilities in this global world order. 

This is focused on the United States. So, being able to cause us harm, being able to distract our attention — this is what the Axis is looking to do.

CH: So when you see North Korean troops showing up in Russia to fight in Ukraine, I assume you see this as a big escalation in the Axis’ efforts? 

PN: I see this as the redefinition of national security. And I would say that this is totally different than what we thought about 10 years ago, even 10 months ago.

So we’ve got to think what’s our national security strategy going to be in response to that? How are we going to deal with that? 

How are we going to look at Iran providing drones to Russians to be able to fly into Ukraine? How are we going to look at the provision of capabilities to Iran, to the Houthis, and Hamas, and Hezbollah, in a manner that strikes at our interests in the Middle East? These are new national security challenges that require new thinking.

CH: Just to push you a little bit on that, what’s the reasonable response to North Korean soldiers joining the Russians to fight in Ukraine?

PN: I think the question becomes: what’s the provision that we’re going to provide to the Ukrainians that will be demonstrably impactful for them? It could very well be intelligence. I mean, this is a competitive advantage of what we do — being able to spot where troops are going to be, being able to provide the intelligence about where they’re moving to being able to provide the weaponry upon which Ukraine is going to be able to defend themselves. These are competitive advantages to the United States. 

CH: Or how Ukraine can use particular weapons, for example.

PN: Right, those are all policy decisions that could be one of many different, uh, solutions.

CH: Did the introduction of North Korean troops into the fight surprise you?

PN: North Korea never really surprises me. They’re always surprising, right? I mean, they’re doing a number of different things that are always within their self interest that provide a challenge to us — whether it’s in the demilitarized zone, whether it’s providing support to a number of different adversaries. 

CH: One of the things that we heard both from Ukrainians and researchers more generally was that when North Korea began providing arms to the Russians, it provided Pyongyang with an opportunity to test their weapons against what are essentially Western defenses and then tweak them accordingly. Are you concerned that by sending troops, North Korea is testing them — taking soldiers who basically haven’t been on the battlefield for two generations and helping them get better? 

PN: It’s a fact. When your armed forces operate in combat, you get better. You understand the problems that come. You’re able to develop solutions that get after these problems. There’s no doubt about it. Just like your weapons, being able to utilize them and in conflict, conflict engagements provides them a degree of data and a degree of testworthiness that you can’t necessarily gather any other place.

CH: The war is almost three years old now… what are the lessons that the U.S. and the West can take from the conflict?

PN: I think in the beginning we learned this lesson about the power of intelligence and being able to share intelligence publicly and that the transparency provided challenges to President Putin and the Russian Federation.

Then we learned all about the fact that being able to conduct combined armed operations isn’t necessarily one of the strengths of the Russian army. 

CH: Do you mean on the ground and cyber together…

PN: Not only that, but I would say just combined arms being able to shoot, move and communicate the fact that they had trouble driving a convoy from Russia into Ukraine, it stalled for 40 miles. I mean, these are simple things that the United States Army does every single day. 

The next thing I think we learned is the fact that being able to pair developers and operators is tremendously powerful. Here’s just one example: there are zero ships in the Ukrainian Navy, but yet over this time frame, they have sunk well over 20 Russian vessels of the Black Sea fleet with a laptop, a STARLINK connection and a semi-submersible platform. 

CH: Are you surprised by how quickly they’ve innovated?

PN: I admire the way that they’ve innovated. I’m surprised to a degree, but I would say that necessity is the mother of invention here, and they really have gotten after this.

CH: What does their innovation cycle say about our own bureaucracy in getting weapons systems to battle?

PN: This agility is the piece that we all want running very large organizations. How do you become more agile? You have better partners, you have better leaders, you have better intelligence or information. Those are three things that I think that Ukraine has been able to capitalize on. And we have to at different points. 

CH: What would be an example of the way we’ve been able to do this?

PN: Well, I would say that just being able to look at the situation early on in the war and saying, ‘Hey, if we can protect our sources and methods, why don’t we go ahead and release this information to take the wind out of the sails of some type of influence operation that we know the Russians are going to conduct?’ That’s a really good way — I think it’s a fantastic way of looking at the future.

CH: You’re not talking about just naming and shaming Russia… you’re talking about actually exposing Russia’s military plans in advance, in order to roil them… with both public and private information? 

PN: There was a really good match between the private sector and the public sector [in Ukraine]. A number of different private sector companies working through the United States government with the government of Ukraine to bring capabilities to be able to not only spot, but provide defensive operations.

And the last piece is, let’s give great credit to the Ukrainians. They moved their data out of their country. They had a number of different elements upon which they set up to be able to defend their networks much more robustly. And that credit goes to them. 

CH: We spoke to the Hunt Teams that traveled to Ukraine before the war to look for Russian malicious code in their critical networks… The Ukrainians told us that the U.S.-Ukrainian teams found over 90 pieces of malware in the months before the invasion… How much did that contribute to the cyber operations in the beginning of the war being rather muted?

PN: I think that has a cumulative impact. I think that any time you operate with really good forces, you become better. You also gain a degree of confidence that I think is really important as you’re facing a very sophisticated adversary in the Russians.

CH: I think the public tends to think Russian hackers aren’t just sophisticated in cyberspace, but kind of 10 feet tall when it comes to cyber. Did we find out they’re closer to 6’2”? 

PN: They’re not 10 feet tall. Are they the most effective influence operators in the world right now? Yes. And they’ve done this for many, many years. Do they have very, very good cyber operators? Yes, they have very good cyber operators, but we find them just in the same way that we found SolarWinds in the close of 2020. You know, the worst thing to happen if you’re the director of an intelligence organization is to be found. They were found. 

And as soon as you’re found, then you can take actions against those folks that are in your networks. So they’re good. They’re not great. They’re not as good as us, but they’re obviously an adversary we have to continue to watch all the time.

CH: We went to Ukraine this time last year for a couple weeks, and one of the things we heard from them is that they felt that the Russians are really good at making very long-term plans, but if something happens that they weren’t expecting, it’s hard for them to pivot. Have you seen that?

PN: I think so. I mean, again, I come back to the start of the war with the convoy that just seemingly was not able to go anywhere. It was stopped. Something had happened in terms of what was going on that prevented them from moving forward. So there were no junior leaders that were saying, ‘Hey, let’s go left. Let’s go right.’ This is the strength of the U. S. military, of our joint force. It’s the young, well-trained, well-led and really well-motivated NCOs that make our forces go.

CH: China seems to be becoming increasingly aggressive in the cyber realm. The Volt Typhoon hacking group dropped malware on U.S. critical infrastructure… Salt Typhoon, another China-linked group, broke into telecoms. Did we underestimate them?

PN: I think we always knew that China had the one capability that provides them a unique spot in the world, which is scale, and we’re seeing that scale. So we’ve got to think about how we’re going to defend against that scale, whether or not it’s Volt Typhoon or Salt Typhoon. What is it that we’re able to do to be able to get after that scale? 

And so we’re going to have to be able to work this. We have to be thinking about an adversary that is many times our size in quantity, but not necessarily in quality. 

CH: We always talk about tactics and techniques when we talk about cyber. Are China’s cyber operations different from Russia’s in terms of tactics and techniques? Or is there sort of a basket that everybody pulls from?

PN: Given the fact that we’re in the midst of, you know, the final days of an electoral campaign here, you see a very, very definite pattern in terms of what Russia does. Being able to go after a series of messages, develop those messages, broadcast those messages widely, have a number of different spokespeople that do this. 

China is much more focused on a very, very small point in terms of what they want to go after, not necessarily the broad spectrum of things. And when they do go after that, they bring a sufficient quality and quantity of what they need to do. The challenge, however, is the Chinese actors really don’t necessarily have the background in terms of the way that we operate or the way that we communicate and it makes them stick out relatively easy.

CH: Because their influence operations are clumsy or easy to see?

PN: Because they just don’t understand — the way that we have our thought patterns, the development of our conversations, and it looks contrived.

CH: What role do you see AI playing in future cyber defense?

PN: Think about all the different areas you have to monitor — it becomes much more possible with AI to rapidly identify anything that’s different in the environment. I think we move from that then onto this idea of how rapidly can we allow machines necessarily to improve themselves? Self-healing networks is one of the things we always talked about at U.S. Cyber Command. This may become possible with AI. What’s the level of comfort that we have with being able to make these changes, or machines making these changes, that will allow us to be able to rapidly react to something that might be an intrusion early on?

CH: Or if there’s a vulnerability.

PN: In a degree of time that’s so important, right? Gathering information on an intrusion — it takes time. And during that timeframe, they’ve established a beachhead. They’ve been able to move laterally. They understand what’s in your network, and they start to move things out of it.

Being able to immediately identify there’s a problem gives you an advantage.

CH: So it’s instant patching.

PN: Instant patching.

CH: Back in June, OpenAI appointed you to its board and said you’d help protect them from “increasingly sophisticated bad actors.” Why OpenAI?

PN: I believe that the most disruptive technology of the near present and future is artificial intelligence. It is the most disruptive technology that we must remain the leaders in. To be able to do that, we have to be able to ensure both its security and its safety.

I’m bringing the ideas of what we were able to do with the National Security Agency and U. S. Cyber Command to bear, hopefully, in securing this incredibly important intellectual property.

CH: And you feel like Open AI is the one that’s going to strike that balance better than others?

PN: Well, certainly, I’m very, very committed to working with Sam Altman and the, and the members of OpenAI to make sure that we continue to advance. In November of 2022, many of us saw, for the first time, ChatGPT. The fastest growing app on the Internet. Over 300 million weekly users. Now, in November 2022, it was a very, very mediocre high school student. Today, it’s passing the bar, medical exams, all advanced placement tests. This is advancing very rapidly. And the idea of being able to now reason with a number of different tools and artificial intelligence. I think this portends exactly how fast we’re moving and the importance of being able to protect this intellectual property.

CH: And had you had that in mind, that you would try and help develop AI when you left the NSA, or did the phone call kind of come out of nowhere?

PN: I think that I would say that I knew leaving, uh, NSA and U.S. Cyber Command that I did want to make sure that, this competitive advantage of the United States, which is our innovation, which is right now demonstrating artificial intelligence, needed to continue.

And so OpenAI just happened to be the vehicle upon which we were able to move that forward.

CH: If AI is going to remake a society, which I think in some ways most people think it will, will it be a force for good… or what worries you about it?

PN: So it’ll always be beneficial as we continue to be the leaders in AI. If we become second place, then our adversaries will use this to monitor us, to develop cyber weaponry, to utilize it in a manner that will be really, you know, vastly harmful to our national security. 

We can figure out the areas that are challenges right now with AI, whether or not that’s job displacement, whether or not that’s autonomous weaponry, all these things that are tremendously challenging as we think about this development of this capability are able to be done as long as we’re the leader. And so I do believe that that will be the case.

CH: I want to talk a little bit about the NSA and Cybercom… 

PN: Life after the United States Army began on the 1st of April 2024 as I retired. It has been a tremendous journey. I spent nearly six years leading United States Cyber Command, the National Security Agency and as I concluded that portion of my life, the next phase starts. And the next phase really was this idea of, first of all, being able to give back.

So the idea of perhaps going back to education, in this sense, Vanderbilt University, opening up the Institute of National Security. It’s also bringing my talents in terms of what I’ve been able to do over the past 10 years, which is really cybersecurity, bringing that to a number of different companies that I think need to have that information.

And the last part is just enjoying the next part of what life is like. It doesn’t begin at four o’clock in the morning, there’s no one that calls me at two o’clock in the morning anymore. It’s a much different way of the way I conduct myself.

CH: So tell me about the Institute of National Security at Vanderbilt.

PN: What I realized over my time in six years leading both the agency in the command is that the national security environment had changed — the fact that we were no longer just focused on traditional threats, but we had a series of borderless challenges, whether or not it was ransomware or terrorism or climate change or global pandemics.

We had to think differently about what’s going on. We’ve got to attack these problems with a series of radical partnerships. This is what I learned as I thought about Hunt Forward operations. What made Hunt Forward operations successful was the fact that we paired both the government and the private sector.

We have to do that with problems that we’re facing in the near, mid and far term for our national security. Here’s the other piece. 

At the same time, we’re trying to do that, we have the largest demographic change ongoing in the United States government since really the 1980s. We have a whole generation of young people that we need to come be leaders and leadership for them as we move forward and being able to do that they have to have the knowledge, skills and ability that are probably much different than predecessors had. Whether or not it’s artificial intelligence, whether or not it’s quantum mechanics, whether or not it’s just leadership in general or strategic communication. These are the things that we’ve got to be able to bring.

So hard problems, demographic change, with new knowledge, skills and ability. That’s what we’re trying to do at Vanderbilt University. 

CH: And how do you do that?

PN: I think first of all, you begin with excitement. Then internships, then bringing a number of thought leaders to Nashville to say, ‘Hey, this is what’s being done.’

Last week, we had retired General Frank McKenzie come and talk to the students. He had just written a book called The Melting Point. And I was thinking, you know, being an economics major in my undergraduate level, that’d be like having the Fed chair come talk to my class and that was the really neat thing, Dina, about bringing people that have done this type of work.

This provides excitement, this provides ideas, this provides motivation for the future.

CH: So we wanted to have a bit of a lightning round… okay?

PN: Okay. 

CH: Would you consider a job as the DNI?

PN: Uh, I would consider a job coming back into the government. You know, if the president had asked and I thought it was best for my skills, whether or not it’s, you know, the Director of National Intelligence or other positions within the government, uh, I would certainly consider it. 

CH: Okay. Right away? 

PN: Probably not.

CH: What’s the biggest lesson that you learned as the head of NSA and Cybercom? 

PN: The trust and confidence of the American people. I realized that early on that I was the person that had to ensure the trust and confidence in our agency with the American people and how I did that, whether or not it was through interviews or whether or not it was talking to the public or whether or not it was demonstrating what we did was really important.

CH: What was the thing that you wanted to do at the NSA that you couldn’t do?

PN: I wanted to finish the leadership development that we had started. I talked about the demographic changes that are happening right now in the government workforce. The challenge of bringing a whole new generation on is you lose a whole body of leadership.

I wanted to make sure that young folks have the leadership lessons that are going to make them be successful. The most important, critical element within an organization, leadership. 

CH: And then if you were going to give us a big scoop… what would it be?

PN: Big scoop. Wow. Uh, big scoop is the fact that, uh, uh, I am nearly undefeated in my fantasy football I don’t brag about that much… Only two losses…

CH: Who’s your quarterback? 

PN: My quarterback last night was Russell Wilson.

ChinaCybercrimeElectionsGovernmentLeadershipInterviewsNation-stateNewsPeople
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Dina Temple-Raston

is the Host and Managing Editor of the Click Here podcast as well as a senior correspondent at Recorded Future News. She previously served on NPR’s Investigations team focusing on breaking news stories and national security, technology, and social justice and hosted and created the award-winning Audible Podcast “What Were You Thinking.”

 

Total
0
Shares
Previous Post

Controversial UN cybercrime treaty clears final hurdle before full vote as US defends support

Next Post

How Italy became an unexpected spyware hub

Related Posts

Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

Cybersecurity researchers are warning that a command-and-control (C&C) framework called Winos is being distributed within gaming-related applications like installation tools, speed boosters, and optimization utilities. "Winos 4.0 is an advanced malicious framework that offers comprehensive functionality, a stable architecture, and efficient control over numerous online endpoints to execute
Avatar
Read More