Retired Gen. Paul Nakasone is one of America’s first cyberwarriors. He was the architect of Cyber Command and created a strategy that fundamentally changed the way the world viewed cyber operations in the modern age.
The operators under his command mounted assaults on ISIS, Iranian air defense systems and armies of zombie computers known as botnets. His “hunt forward” teams traveled around the world helping allies look for malware in their networks, including a months-long operation in Ukraine just ahead of the invasion that rid the nation’s critical infrastructure of more than 90 pre-planted pieces of Russian malicious code.
Nakasone left his dual post atop Cyber Command and the NSA as a four-star Army general back in February, and he sat down last week for an interview with Click Here on the sidelines of a supply chain conference in Washington, D.C. He began by asking if I remembered the time we met inside the NSA building at Fort Meade in 2018. We were in the conference room “with a number of National Security Agency employees very, very nervous that I was actually having a reporter come in and do a taped podcast,” Nakasone said.
In fact, when we walked into the lobby of the conference room with our microphones out they started running toward us, shouting “no recording, no recording.”
Nakasone said that particular interview changed a lot of things. “One is that there was a degree of transparency that was set that day that our agency, our command had to talk and really tell America what we were doing,” he said. “And the second piece was this idea that we’ve changed, right? And the way that we have to tackle very, very difficult problem sets is through a series of partnerships, private sector, government, academia.”
Our latest conversation touched on everything from life since retirement to his roles at OpenAI and Vanderbilt University and his possible return to government. We’re publishing his comments about the election ahead of Tuesday’s vote as the first of a two-part series — come back for part two next week.
Our conversation has been lightly edited for length and clarity.
CLICK HERE: Can you talk about the election — is it going to be safe and secure? There is such a tidal wave of information trying to suggest it might not be.
PAUL NAKASONE: If you take a look at the election history of what we’ve been able to do as a government really since 2018, it’s a series of safe and secure elections. We began in 2018 with this idea of ensuring that we understand our adversaries. We share the information and we take action if we see adversaries operating outside the United States.
This has been the pattern 2018, 2020, 2022. What’s different this year is the fact that we’re hearing so much about so many adversaries at different times. I see this as success. This is exactly what we want to be doing. [In 2016] we knew all this information and didn’t share it. [Now] when we see it, we say something about it.
CH: And is what we’re doing now in 2024, is that radically different from what we were doing, say, four years ago?
PN: Not radically different, but I would say more informed and better. Why do I say that? Because we believe that we have greater security through a number of different partnerships. We began with a very, very small set of partners. NSA, Cybercom, FBI, DHS. Now it’s the interagency. Now it’s the private sector. Now it’s international partners.
And the other thing I would say is that in 2018, when we thought about being able to impact our adversaries, or go after them when they try to conduct influence or interference, we do this now in a much more sophisticated way. It’s DOD. It’s the DOJ. It’s the private sector. We have become much better at it.
CH: This has been the year of China’s Typhoon hacking groups: Volt Typhoon in critical networks earlier this year, and now we hear Salt Typhoon, another PRC hacking group, appears to have hacked into telecoms and vacuumed up phone data … including that of former President Trump, potentially JD Vance, potentially Vice President Harris or her staff. Can you talk a little bit about that?
PN: I think we need to also think about this in the greater context of China as really our pacing challenge. In May of 2023, we talked about a series of actors, which we termed Volt Typhoon, that were//In our critical infrastructure, whether or not that was in the Pacific or in the United States. And now, just most recently, we’ve discovered that there is a series of actors called, uh, Salt Typhoon, that appears to have been deeply embedded within our American telecommunications companies.
[Salt Typhoon’s hack] is about scope and scale. This is intelligence gathering. This is not what we saw with Volt Typhoon, which was clearly designed to create some type of outcome in a crisis or conflict. This is to gather intelligence. Should we be surprised? That unencrypted communications are being intercepted by an adversary? No, we shouldn’t. Uh, but the scale of it is what is concerning.
CH: The scale of the Salt Typhoon intrusion?
PN: Right. The scale of being in American telecommunications companies. So this portends, what are we going to do now that we’ve discovered them? And this is really the next step that our government, the private sector, needs to come together to be able to act on.
CH: So what should the response be?
PN: I think you begin with, how did they get in? Once they begin, let’s patch that vulnerability. Let’s ensure that we have a better understanding of some type of anomalous behavior that alerts us to an adversary trying to do this. Do we need to go to greater encryption? You bet. Do we need to be much more sophisticated in the way that we communicate? Certainly. But it begins by discovering. We’ve done that. Now it’s the action.
CH: And it seems to me that Salt Typhoon seems more like from the old China playbook, the one that was putting espionage first … like the 2015 Office of Personnel Management hack when China grabbed a bunch of information from background checks …
PN: So I’ve seen this picture show for well over a decade. Remember, we begin with this idea of gathering intelligence, and then it moves to intellectual property. Then, as you indicated, personal identifiable information, then it moves to our critical infrastructure. Yes, this is a rheostat of what the options are and what our adversaries are trying to do to us.
CH: Has anything you’ve seen in the lead up to the election surprised you, or is this basically what you expected?
PN: I think the piece that has surprised me and perhaps pleasantly so, is that our artificial intelligence platforms have been really good at defense. Whether or not it’s been OpenAI, whether or not it’s been Anthropic [another AI company], there have been a number of different initiatives that have really paid, I think, dividends in being able to identify adversaries. We always were concerned about artificial intelligence being used in the offensive sense. I think right now what we’re seeing is that it’s also pretty effectively defensive too.
CH: You mean that AI has been really good at spotting other AI?
PN: It is. And it’s spotting the type of behaviors that we can immediately pinpoint to say, Hey, that looks like influence or interference. Let’s make sure that, you know, we cancel their account.
CH: We spoke with Sen. Mark Warner of Virginia last month, and he said he was most worried about the 48 hours before the election and the 48 hours after … Is that the timeline that worries you the most?
PN: I’m concerned most about the lead up to the election and then the certification of the votes. It’s not necessarily, it could be 48 hours, it could be 48 days, but we have to get the votes certified. This is what completes the entire election process, so we want to ensure that our defenses don’t just end on the 5th of November. That it goes to, as I said, towards the certification process [in January].
CH: CISA and other agencies have been releasing information related to Russian disinformation campaigns and specifically what they’re seeing in terms of trying to sow discord around the election. How do you respond to something like that?
PN: I think the proper way is exactly what this is doing, which is to identify it, show it, talk about it. This is where it’s coming from. And then to have our leaders talk about it, to see leaders in the United States say, Hey, that is disinformation. That’s particularly powerful. I think that the piece on the election that really is, um, Important to all Americans is this fact that we have come so far in terms of ensuring the safety and security of what’s being done, particularly against foreign adversaries.
This is a much different field. And in 2016, we do not see that today. And so I think the confidence as we go to the polls … really is warranted. So there has been an inflection point with regards to how we look at offensive cyberspace operations, and it begins in 2018 with this idea of we’re going to have a safe and secure election. And one of the ways that we’re going to ensure we have a safe and secure election is if any adversary tries to interfere or influence our election, we’re going to operate outside the United States to take them on.
And we had both the authorities and the policies that came with that in 2018. That’s matured. There has become a greater degree of experience, and I think know-how on how to do these operations. I think it has become, to the point, more accepted, correct. And I think this is one of many options that the president’s going to need in the future.
CH: So do you think we’ve evolved in our thinking about offensive cyber … it is more accepted now … and NSA is more open about it now, than say, five years ago?
PN: Certainly. And I think that the policy and the authorities have changed dramatically: National Security Policy Memorandum 13, which was signed in 2018. The ability for us to look at traditional military activities — cyberspace being part of that — was a congressional part of the [annual defense policy bill] In 2019. Those things ensured that we could do our operations.
CH: Do you think NSA is going to be more forthcoming and open about offensive cyber operations when they happen?
PN: I think that we will be as transparent as we can be, right? And there will be things that we will talk about, and there are things that we won’t be able to talk about. But I think that, yes, it won’t be as obtuse as perhaps it was 10 years ago.