>> rose: funding for "charlie rose" has been provided by: >> and by bloomberg, a provider of multimedia news and information services worldwide. captioning sponsored by rose communications >> rose: admiral mike rogers is here, ehe's the director of the national security agency, n.s.a. he also leads the u.s. cyber command. he assumed boast posts in 2014 as n.s.a. faced fallout from edward snowden's leaks. last month the agency announced it would consolidate offensive and defensive operations. ashe carter said last week cyber command would accelerate digital attacks on i.s.i.s. networks. i am pleased to have admiral mike rogers at this table. welcome. >> thank you very much. >> rose: good to see you. it's good to see you. >> rose: what did secretary carter mean when he said he was going to accelerate the digital effort against i.s.i.s.? >> the secretary publicly acknowledged u.s. cyber command is applying cyber capabilities in an offensive way against i.s.i.l in syria and iraq. i'm not going into the details of that but we publicly ac knocked we have added cyber as another tool in the broad set of capabilities we're bringing together as the department of defense and nation in the fight against i.s.i.l. >> rose: explain to me how cyber tools can be used in fighting i.s.i.s. what are we talking about? >> so you could view cyber as a capability if you wanted to -- and we'll talk about much more broadly theoretically as opposed to specifics -- you could use cyber as a tool as how might you have an impact on social media efforts or a group to communicate. just as we for a long time have used traditional kinetic-based capabilities as a way to achieve a specific set of effects against a specific set of targets, cyber offers us similar kinds of capabilities. i'm not going to argue they're exactly the same. >> rose: it seems to me in the fight against i.s.i.s., it's an all-in situation now. >> clearly we are in a tough fight. no doubt about that. you are seeing that play out in syria and iraq. i would argue you're seeing it d global-based threat. i've seen the aftermath of the attacks in paris in november. we clearly are facing a determined opponent here whose view of the sanctity of life and the tenets of freedom and expression very different than our own and who is committed, quite frankly, to bringing violence to the united states potentially over time, clearly already there with key allies of ours around the world. >> rose: wh how would you characterize not just their use of social media but their understanding of signer? >> i would say they clearly understand the power of information and have applied that insight and knowledge as a broader strategy. there are a lot more activities than just on the battlefield in terms of the physical domain. we pay great attention watching to see how does their capability with respect to how they employ cyber capabilities, how does that change over time. that has not been a significant issue to date, but oftentimes i'm asked what are some of the things that concern you. one of the things i've said publicly that concerns me is what happens when non-state acts who generally have no interest in the status quo, whose vision of the future is tearing down much of those structures that have created stability and progress over time -- >> rose: they don't even believe in the future. >> no, they want to destroy them. so you look at that thought process and say what happens if they want to use cyber as a weapon to turn it against the west, our allies and ourselves? >> rose: that's a big fear. yes, sir. >> rose: and how do you combat that? >> a couple of ways. again, i'm not going to get into the specifics. we both try to make it more difficult for an opponent to achieve success, including things we do to harden our networks, make sure our defensive capabilities are there. we look at concepts of deterrents, try to articulate to nations, to actors out there, hey, there is a price to pay if you insist on engaging in those behaviors. you saw that in the sony situation for example where we have the north koreans engage in destructive acts against the united states in the form of the sony corporation. we responded with economic sanctions and the president articulated, if this fails to achieve the desired effect, we are prepared to take additional measures necessary at the time and place and manner of our choosing. >> rose: did the chinese government come to understand that? nversation and recognition of the seriousness of the president's commitment on this. >> right. and we have, i think clearly now, it's outside my direct lane from the military perspective, but as a nation we have been very up-front with our chinese counterparts, we want a long-term relationship with you, we want a relationship that generates positive outcomes for our chinese teammates as well as ourselves, but we are also very direct with nations around the world saying there are some things that are just unacceptable. one of the things we have highlighted with china and other nations is the idea of using the capabilities of the state to use cyber as a tool to gain economic insight, and then to turn that around to the private sector and provide that from the government to private companies to say, take advantage of this, general economic advantage. our position in the united states has been very firm, that is unacceptable. i'm the first to acknowledge as an intelligence professional and director of the n.s.a., we are trying to generate insights as to what's going on with developed weapon systems around the world. that would benefit our friends and allies. but we don't take that knowledge to pick a defense contractor and say, so here is what nation x is getting ready to build, this is what you have to compete against. we just don't do that. >> rose: your predecessor is also head of the cyber command and n.s.a. is that always a linkage? >> i think we'll see how that plays out over time. u.s. cyber command, the much younger of the two organizations. n.s.a. created in the early 1950s, 1952. so, you know, coming up on 65 years, so a much more mature organization. u.s. cyber command will celebrate our sixth birthday in may 2016. when we created u.s. cyber command, we tried to take advantage of the investment and expertise already resident at n.s.a. to try to help propel u.s. cyber command's mission. we knew when we first created this construct that the two will be closely linked and aligned. the question that will play out over time is that alignment optimized with one individual doing both jobs. we'll see how that plays out. for now, my input has been given the maturity of cyber command, the strategic choices we made when we created cyber command by making it dependent and reliant in some ways on the capacity of the abilities of n.s.a. to help it do its mission, i don't think right now is the time to separate the two. >> rose: turning to n.s.a., how has it changed since edward snowden's disclosures? >> it's certainly made the mission more difficult. you know, nation states, groups, actors now have a greater sense of our capabilities, have a greater sense of what we focus on. we've watched that play out particularly in the counterterrorism arena and i've publicly said that before, that's probably where we've seen the greatest change in terms of target behavior, and you can trace parts of that directly to the -- >> rose: so after snowden, the people who wish us no good have behaved differently? >> they have taken those insights and asked themselves, so what do i need to do to change n.s.a.'s ability to access insight into what i'm doing? >> rose: have they been able to change their behavior so it's more difficult for you to folow? >> it is more difficult in some ways. i'm not going to try to argue for one minute n.s.a. is blind or incapable of executing its mission, and part of our mission, i have been a signals intelligence professional now for 30 years, and when you do this long enough you see how it's a bit of a curve over time -- you lose access, gain access, the opponent changes their behavior, changes capabilities, you lose access, you have to work hard to regain it -- and in some ways some of the trends that we're seeing we knew were coming. the point i would make is the disclosures accelerated them, and now is not -- you look at -- you take i.s.i.l, you were talking to me about that earlier, you take a look at i.s.i.l, now is not the time where i really like seeing some of these effects where i'm arguing, boy, we have got to generate insights. we're looking at a group that is dedicated to the idea of indiscriminate use of violence at anytime and any place on a global basis as a way of breaking the will of the united states, the west and the broader coalition attempting to deal wit. i mean, their model in some ways very different than al quaida. you saw al quaida tended to focus on large-scale attacks, very focused on the target, often very large, complex, kind of 9/11-type scenarios. i.s.i.l is different. it is the brutality and level of violence we will bring into everyday life that will break the will of americans and others in their willingness to contest us. >> rose: are we winning the war against i.s.i.l? >> boy, this is always a tough question. are we making gains on the ground against i.s.i.l in syria and iraq? yes. are we comfortable that where we are is where we need to be? no. have we stopped i.s.i.l's ability to generate attacks, threats on a global basis? no. but just yesterday -- >> rose: there was announced the capture of a principal isles i.s.i.l operative in charge of chemical and gas warfare. >> so we continue to have a measure of success, but when you get into this idea of winning and losing, i'm always leery of -- i don't think that's really the way to think about this problem, because it tries to make it either/or, and i don't think -- >> rose: can you define winning, though? >> what does victory look like? we often ask what does victory look like? >> rose: right, you have to ask that of yourself. >> we're asking that all the time because that helps you decide what's your strategy, what's the end state you're trying to achieve and given that end state what's the strategy. >> rose: i'll ask both questions, what's the strategy and what's the end state? >> again, my role much narrower than the broader. the goal to dismantle and destroy i.s.i.l. so a near-term objective right now you're seeing play out if syria and iraq, even as we ac knowledge that is one part of a broader strategy, there is much more to it than that piece of geography and there is much more to it than just the military -- >> rose: but in iraq and syria, it seems to me, to retake mosul, headquarters of i.s.i.l in iraq, and then retake in syriinsyria raqqa and disconnece communication between the two. >> part of it is the strategy to articulate is strongly tied to the idea of i.s.i.l now has a physical manifestation of their ideology in the form of territory they now control. >> rose: and use it to sell new recruits. >> the argument becomes, we're not just a vision, we're a reality. the argument we would make, the reality that they attempt to sell and their ideology is not one that we would suggest is really -- >> rose: do you view i.s.i.l as the biggest national security threat today? >> you know, one of the questions i often get is, well, what's the most and least important. so a couple of points i try to make as an intelligence professional, it's not a binary. you have to be capable of looking at multiple problem sets simultaneously, and what's important today won't necessarily have the same level of priority that it does six months from now. that's a challenge as an intelligence leader, how do you develop a structure, an organization that has the agility to quickly reprioritize and deal with the depth of challenges. one of the things that strikes me in the world we're living now from when i was more junior, the number of crises ongoing simultaneously. i don't remember it this way as much in the past, the duration of the crises. when i was more junior, it seemed like problem sets lasted weeks, months. challenges now are months and years. we're about to observe the fifth year of the conflict in syria. this is not -- >> rose: because it's not just located in iraq and syria it's in libya, asia and a whole range of places where they have successfully recruited through ideology or appealed to something missing in young people's lives. >> in a way, it's difficult for those with a different perspective to understand, why would you be willing -- why would you want to do that? >> rose: if we don't understand that, we can never stop them. >> because in the end, remember, you will often hear a lot of people that this is a problem you can't kill your way out of. from my perspective, this is about so much more than just battlefield success. >> rose: it's about? the ideology, informational dynamic and the underpinnings that are generating this. because the aftermath of 9/11, al quaida was our focus. >> rose: right. we've seen i.s.i.l emerge. what's the next group? what's the next phenomenon? again, it's an intelligence -- >> rose: do you assume there always will be somebody else? >> there will always be -- >> rose: somebody else. -- challenges and threats out there. so the question gets to be what does it look like? what's next? what drives it? what shapes it? you know, i believe that, in the long run, we will generate success against i.s.i.l, but the intelligence side of me then says, so what's next? there is always a what's next. >> rose: what's the status of al quaida as we know it if because it's leadership was decimated as number two, it's now number one. >> a broad geographic dispersion on multiple continents, not quite to the same level you see i.s.i.l right now, for example, but, still, you have to acknowledge broad, physical presence. much less effective in some ways in terms of its ability to generate these large, complex plots, but having said that, we shouldn't pretend for one minute that elements of al quaida do not continue to attempt to generate effects against the u.s., our friends and allies, and that those kinds of threats have gone away. no one should think that. is it significantly reduced from levels we've seen in the past? eyes. has it been eradicated? no. is it something we still must account for and maintain focus and effort against? yes. >> rose: talk about defense, too, both cyber and in terms of terrorism. you now combine offensive and defensive within cyber command, correct? >> right. >> rose: what does that mean? so we're tasked -- u.s. cyber command, three primary missions the first is the operation of defense of networks within the department of defense. the second mission set is generating capabilities to support our operational forces around the world from the defensive to the offensive. the third mission set and, quite frankly, one of the reasons i find myself in new york over and above our discussion today, if directed by the president or the secretary of defense to apply our capabilities to help defend critical u.s. infrastructure in the private sector against acts of significant consequence in the cyber arena. so the government -- u.s. government -- has identified 16 different segments in the private infrastructure as having significant implications for our nation's security. think about power. think about water, think about financial, aviation. one of the missions for u.s. cyber command is, if directed and we find those areas under significant threat, how do we bring our capabilities to attempt to stall that activity from being successful. >> rose: do you fear a cyber attack? >> what i tell people is -- >> rose: from a nation state, right? >> so you've seen it in the sony scenario november 2014. you have seen just within the last eight weeks in the ukraine december 23, actors used cyber as a tool to create a series of effects within the ukrainian power grid. you can see the activity, we are watching nation states develop capabilities designed to achieve effect against critical infrastructure and industrial control systems, data systems. we are watching nation states engage in activity we believe is designed to generate knowledge about those infrastructures in the united states, how are they set up, what are their potential vulnerabilities. you've seen these acts of physical destruction -- sony, ukraine. you know, my concern is, at some point, this is going to move from the theoretical we're doing reconnaissance to observe to an actual event. to me it's a question of the when, not the if. >> rose: have you seen unsuccessful efforts? >> not that i would say we were watching. i wouldn't say that i have seen efforts to attempt to destroy or manipulate in any significant way. i'm trying to be very careful here, so i apologize, charlie. but i remind people, look, threat is capability and intent. i'm watching multiple actors demonstrate the capability to gain access to critical infrastructure. if the intent changes, now we've got a real problem. >> rose: why is capability and intent predicated o on opportunity? >> because what you find now is opportunity is so significant within much of our infrastructure. you go back as a nation -- and this is nothing to whether it's private secretary or government -- most, not all but much of our structure, our infrastructure, our computer systems today were not built with redundancy, resiliency and defense as core design characteristics. when we built the power grid in the last 30 to 40 years, we weren't designing it thinking that there was a high probability cyber intrusions would be a factor. in that case, we might have opted to build something that would look very different. so we're trying to overcome decades of investment made in a very different world in which this threat really wasn't perceived to be anything of significance. >> rose: you would assume the united states because of its technological lead would also have a huge lead in cyber war warfare. >> right. i don't want to paint a picture where the sky is falling. i remind people, look, this is a double-edged board. there is both vulnerability and capability there, and we have both. >> rose: what's -- what are the rules of engagement? >> so we start from -- rules of engagement is what are the sets of processes, structures, legal framework, policies that govern how we apply force, how we engage, so to speak, and we call them rules of engagement or roe. the processes we built over time for rules of engagement, for the application of force in the traditional kinetic world -- firing a gun or rifle, dropping a bomb -- are built around the idea that whatever we do must comply with the law of armed conflict, that it must meet an international legal framework, that it must be both proportional. so someone shoots at you with a small caliber weapon, you don't respond with some overwhelmingly massive, you know, response that leads to a much greater loss of life. that's this idea of portion that, if you will. the other component of it is and you must be very specific, very discreet. you cannot apply this force indiscriminately. in the cyber world we start from a premise that says we need to use the same kind of framework that we've used in the kinetic world, we need to use that same framework in the nonkinetic world. so we ask what is the target? what does it do? military, commercial, private versus public, what are the implications, what are the users, what is the potential collateral damage, we did zit and go through all of that just as if we were dropping a 2,000-pound bomb in afghanistan or iraq today, we do the same there as in the cyber arena. >> rose: do we believe the russians were responsible of the ukraine cyber attack. >> i'm not getting into the specifics. >> rose: i think general alexander said so in a podcast interview. >> general alexander is welcomed to -- >> rose: is retired, yes. (laughter) what do we know about the technique because we also know the iranians suffered a stunic attack. >> there is open source or public knowledge that's available. if you take a look at that, you will see this was a very well thought out event. it focused on attempted not only to bring the grid down by largely going after the breaker structure but was designed to anticipate how would the provider attempt to restore capability given the loss and tripping of breakers. this was very well thought out. this wasn't something casual. this wasn't something someone did over the course of a couple of hours or day. >> rose: so you're learning from the attack. >> you're always learning and generating insight. it's one of the reasons we try to study events more closely. w gain more insights to ensure they're being applied to help us defend similar kinds of things. >> rose: you said what happens when suddenly our data is manipulated and you no longer can believe what you are physically seeing. see, that's -- >> right, that concerns me. >> rose: that would concern me a lot. i mean, because you're looking at a screen and you don't know whether it's real or not. >> because if you look at, to date, most personal crime is the biggest signal activity in cyber. if you move beyond crime and even some extent in the criminal sector, if you look at nation states, most cyber has been conducted by neighbor states for purposes of espionage, attempting to generate insight, the theft of intellectual property, to steal knowledge you can apply to generate capabilities for you as a nation tore provide economic advantage to your private sector, but you have not to date seen significant manipulation of data. you've seen outright theft. what happens if the penetrations now become in part not just the theft of the data but the manipulation of the data? and so now you're calling into question the accuracy of what you're looking at. you look at the financial sector. it is fundamentally premised on the idea of trust. i can believe that the literally thousands of financial transactions that are occurring globally at any one minute across the global financial infrastructure, that you can trust that the data you're seeing reflects the accuracy and reality of the flow of currency and money. what happens if that's not the case? what happens if that trust goes away? boy, that drives you to a very different potential -- >> rose: thrown into disarray. ight. and as a military individual, i'm used to the idea that i can take a look at a visual display, use geography, color, and make decisions on how to respond and minimize risk. what happens if the picture i'm looking at doesn't reflect accuracy or ground truth and, instead, the choices i make, instead of minimizing risk and deescalating a situation potentially could in fact be doing quite the opposite? you know, as a military guy, i'm, like, that is really -- >> rose: so what's your way out of this? >> so you spend a lot of time trying to ensure that you truly have a defensible system, that you truly understand your system and that you have a sense of where your data is and that you have a high level of confidence about the accuracy and veracity of that data. you spend a lot of time focused on that. one of the trends you've seen in cyber -- >> rose: you have a way of laying that data against something to determine whether -- >> there is lots of different techniques you use to do it. i'm not going to argue it's foolproof. i don't want to create that impression. but there are things to do. one thing, data now increasingly has a value as a commodity in a way that it didn't necessarily in the past. >> rose: you can sell it. not just sell it, but i can remember five, ten years ago thinking to myself there is so much data in this particular database and repository that it would be almost impossible for anyone to pull it all. if they could, there is so much information, it would be incredibly difficult to put it together to generate a coherent picture about what are the trends, what's within that data. the power of big data analytics over the course of the last few years makes large segments, massive amounts of data very attractive. so go back over the last 12, 18 months, you've seen anthem penetrated, o.p.m. penetrated and a massive extraction of data. >> rose: do we know who did that? >> not thatly publicly talk about. >> rose: but you know? not that i'm going to publicly talk about. >> rose: but go ahead, you've seen these examples, massive penetration of access to data. >> them pulling large amounts out. >> rose: to use somewhere else other times. >> for different reasons. >> rose: if you knew that information about somebody who might be for some reason of interest to you, it would give you a possibility of pressure, manipulation -- >> those are certainly some of the options that you have to stop and think about, what are the implications. >> and also the capacity to make sure -- you know, to see if anybody is in any way -- as part of your own national security. >> right. >> rose: it's begin tock a very difficult world, isn't it? >> it is, and it is only -- it's going to get more complicated because you look at the future, you look at the connectivity we are building into our very structures, the internet of things, for example, and it will generate massive opportunity for us. it will bring increased ease of day-to-day life. but it's a bit of a double-edged stword. sword. the increased connectivity of the world we live in will have massive second and third-order effects i don't think we collectively understand. take an automobile. when you and i were young, an automobile was a mechanical device that was operated by an individual, and the only connectivity it had with the outside world was either in its visual displays in the form of lights and turn signals or in a one-way reception device in the form of a radio. >> rose: exactly. now the thing we call an automobile is a again combination of mechanical and digital features designed with the idea that remote connectivity now permeates multiple aspects of the functions of the vehicle in a way that as drivers we don't understand. >> rose: when you look at the united states and the internet that we created, came out of the pentagon in the beginning, you actually worry about that -- not worry about it, but you recognize that some of those kinds of developments which have been so important are now more likely to come from silicon valley and other places rather than within the pentagon. >> the base of the apollo model i loved watching as a little boy where the government drove technological defellments on a massive scale that permeated across many other elements of society and technology, those days are long gone for us. it's one of the reasons why partnerships between the dod -- government at large but dod specifically which is the area i work in, and particularly with the n.s.a. and the united states are so critical to our future. one of the ideas on the n.s.a. side, n.s.a. 21, the large restructuring we're going through because we said to ourselves the future is about the power of integration and partnerships, and how do we create a structure, an ethos, a culture that helps to enable that and make it easier? because i believe we have got to have relationships in the private sector, both to help generate the technical insights that we need to execute our mission to help us do that but alsoics quite frankly, for things that we're competing for the same workforce. >> rose: talent. i'm interested in gaining insights for my industry counterparts. what works for you? how are you able to recruit and train people and train them and keep them adapted to a world that keeps changes that has not traditionally been the government model but we have to move into those areas now. >> rose: you have to, i assume, compete with huge financial reward by offering an opportunity to serve your country in a unique way. >> right. >> rose: that would be the compelling incentive, i would assume. >> it is. >> rose: and work with huge resources. >> we're very fortunate. if you look at n.s.a., our retention in 2015 was almost 96%. my counterparts in the val yew look at me and go, you mean you only lost 4% of your workforce last year? i said, yeah, because our model traditionally has been when you join the organization, the culture, the ethos, the mission is what powers you, it's what drives you to want to be a part of it, it's not the money. i'm not trying to argue money is a bad thing. that's just something we are not going to compete on. i often tell people, if money is a driver for you, if it's something that's important for you, and there is nothing wrong with that -- hey, the idea of building a future for yourself and family, of building a vision for yourself, i applaud that. if that's a primary driver for you, there is lots of other ways to make a difference. you can serve in a lot of ways and help generate a better world in a lot of ways than just being in the military. >> rose: brings me all the trips you make to silicon valley, is there an answer? >> i tell people, look, i don't know what the answer is, but -- >> rose: there is one but you don't know what it is. >> i'm struck by a couple of thoughts. silicon valley is an engine of innovation and technological change. it is the envy of the globe. it is a culture and an area that is powered by the power of possibility and, yet, we're spending a lot of time now talking about what we can't do. i would match rather sit down and say can we have a discussion about what's in the range of the possible? that shouldn't be for the government to decide. you don't want me as an intelligence professional deciding that. you don't want the law enforcement arena making those unilateral kinds of decisions, but i also argue you don't want companies making those kinds of unilateral decisions. we need to tee up a broader dialogue within our entire society, what are we comfortable with, because these issues are foundational for us as a nation. >> rose: what are you saying we cannot be comfortable with, an inscription process does not allow anyone to break -- >> no, what i'm saying, is again, when i hear that, i go, so you're already going down the solution road. i don't know what the solution is. i start from a premise, though, that says strong encryption is foundational to the future. a defensible network, a defensible internet is in our best interests as a nation. as the director of the n.s.a. and the commander of cyber command, i acknowledge that that is a broad, national imperative, and i have to learn to live in a world like that. and if as times we have to make a accommodations on the defensive side to impact our abilities to generate offense, if that's what the nation thinks is the greater good we have to be mindful. we have to go into it with our eyes open because in the end, in some ways, it's all about risk and what are we comfortable with. there is nothing that is risk free. i'll often hear talk about backdoors. i'm thinking we put backdoors into structures and all the software updates you get now and pick your device, there is always vulnerabilities in systems. we have to ask ourselves what are we comfortable with. because i think for us -- >> rose: who can answer that? the citizens of our nation. that's where the answer's got to be. >> rose: that means we need to have congress decide? >> well, congress is the elected representative of our citizens, but what i would hope is we would have a broad, national dialogue about just what are we comfortable with. >> rose: and who's going to lead that dialogue? it's not taking place anywhere. >> no, because right now what you're seeing is perspectives, neither of which is necessarily invalid. >> rose: you're seeing sessions before congress and interviews with principals engaged, more interviews on apple side than the government side because mr. comey's not doing a lot of interviews. >> we tend to paint things as good or bad in society, black or white. so we are seemingly -- it is just the perception so take it for what it's worth, but i think to myself why are we framing this as a good versus bad? we've got two imperatives. with we expect the f.b.i., for example, to defend the citizens of our nation -- >> rose: i hear that and know that and i've known that a long time and i've even talked to the president about the balance between security and privacy and freedom. i mean, that conversation has taken place. we're no closer to solving the issue. yes, we have two imperatives but somewhere, some time we have to figure out a way and it doesn't seem to me we're making a whole lot of progress in figuring it out. >> i don't disagree with you, but i think one of the reasons that's the case is you're finding public positions now becoming more hardened. it becomes more and more difficult to do that. i, like you share the frustration. the worst case scenario for us in many ways is we fail to address this, we have a major event with a high loss of life and in the emotion of the moment we take a quick set of actions that perhaps we think to ourselves further down the road boy are we really comfortable with that. that's not where we want to be, but if we're not carable, if we can't address the potential bferl then, with we can't help ourselves which i hope is not the case. >> rose: hair you saying in this conversation, there is so much capability out there that the question of a significant cyber attack is simply not will it happen but when will it happen. correct, i believe it's the when, not the if. >> rose: and there are people in the world today who have the capacity to be successful at it. >> yes. >> rose: and we have no capacity -- >> i wouldn't say we have no capacity. >> rose: -- to stop it. i wouldn't say we have no capacity, but it certainly is a difficult challenge. you look at the breadth of the infrastructure within the united states. as you said earlier, you just look at how these kinds of capabilities, this kind of connectivity so permeates every aspect of our society and infrastructure. clearly the scale of the problem set is huge. there is no doubt about that. >> rose: think about this and the role you play in our national defense both offensively and defensively. if i'm in a country and i'm responsible as the minister of defense or the minister of information, i'm going to give much more thought, much more thought to my cyber capabilities than i am to my nuclear capabilities. because i would think that that is more likely to give me power to do things than nuclear. >> it will be interesting to see if it plays out that way. certainly there are more nations today investing in cyber capabilities than you are seeing investing in nuclear capabilities. >> rose: right. there is no doubt about that. >> rose: there is no rule about developing cyber capabilities and there are rules about, you know, nonproliferation treaties and the like about nuclear. >> right, but i would also argue it's broader than just proliferation regime idea that you've talked about. it's the fact that cyber in some ways great equalizer. it doesn't take billions of dollars of investment. it doesn't take decades of time. and it doesn't take the dedication of tens of thousands of people. it's the great equalizer to me in the sense that small nation states, groups, small number of individuals with a relatively limited investment can generate capabilities of significant concern. >> rose: what should happen to edward snowden? >> that's for a legal and a policy framework to decide. that's not for me to decide. >> rose: but the primary damage that occurred because of his release was simply it gave people an awareness of our capability. that more than roll up names and addresses? >> you know, the immediate concern to me was a loss of capability, but i would argue also the implications of distrust, so now as a nation we're trying to ask ourselves -- so take for example i often run into one of n.s.a.'s missions, the foreign intelligence mission tends to get the most attention but the other mission for n.s.a. is information assurance or cyber defense which was originally focused in the department of defense, then over the last decade or so had been broadened over the government and in the last couple of years increasingly partnering with other elements of the government, homeland security, beau owe of investigation, to apply it in the private sector and doing that at a time when we need more trust and openness for the flow of information, i will sometimes hear, well, we don't want to share any information with you because we don't want to compromise the security and the privacy of individuals, and i'm talking about computer network. i don't want any information on individuals. that has nothing to do with this mission and there are specific legal frameworks that if i get that data, immediately i have to put in place. so i can't use the data, it slows me down and impacts our ability to do the defensive. >> rose: can you look back at that now and say we're getting a lot of information we didn't really need? >> no. i mean, you certainly -- >> rose: let me ask it in a different -- go ahead. >> no, no. >> rose: let me ask it in a different way. did edward snowden disclose anything that was beneficial to us to say he raised a red flag we ought to have done for ourselves to ask how far with we going and do we have the right safeguards, et cetera, et cetera? >> i often get that question. >> rose: i know. i would argue -- i tell you the way i phrase it with my own workforce: if you believe we are doing something illegal, immoral, unethical, i expect you to be a professional and raise your hand and say, i have a problem with this. >> rose: that's right. we have mechanisms to address that. you have multiple venues as an individual to raise those concerns, whether you want do it within the organization, whether you want to do it outside the organization, mechanisms, inspector generals, elected representatives, lots of venues to do. this it is not for us to unilaterally decide what is right and wrong and what laws i want to obey. i would argue that's not a good place for us as a naismghts if you believe that -- for us as a nation. if you believe that something that's being done is wrong, stand up, raise it. i can remember i had a discussion with my father -- >> rose: a lot of people did that after snowden. they thought too much information was being collected in ways and that the safeguards were not sufficient. >> no one -- you surely had people outside the organization -- >> rose: i mean outside the organization. >> -- arguing that. don't get me wrong, we work in an elected representative democracy. we have to be accountable to the citizens of the nation we defend. i don't get offended when people ask me, so why should we be comfortable with what you do? help me understand what you do and should i really believe it? i don't have a problem with that conversation. that's a good thing for us as a nation. the challenge i find is could we actually have a conversation as opposed to just talking at each other. that doesn't generate insight. that doesn't generate knowledge. >> rose: did that conversation take place after snowden at all? >> that conversation has been ongoing for a while now. >> rose: it continues. ight. you see that reflected, for example, in section 215 of the patriot act expired in the summer of 2015. long discussion, very public. our elected representatives had a lengthy discussion about are we comfortable with the framework, should it continue, what would it look like, should we extend the process in place now or do away with it, so we've created a new legal framework and a new set of laws, for example. >> rose: to do your job, do you have everything you need? >> you never have everything that you need. >> rose: what would you like to have more of? >> i wish that we were in an environment where the idea of a conversation we were actually talking to each other about tough issues was easier. i'm not arguing we don't do it, but it's not as easy in some ways and takes a whole lot more effort. that doesn't mean i want anybody to write in either one of my jobs -- >> rose: may i suggest one small thing. >> please, please. >> rose: that's more your responsibility than the others because you, you know, have more reasons to say no. at the same time, you have more opportunity to say, yes, i welcome that dialogue and we're prepared the do that. because i think if we do that as you and sri talked this evening about some of these issues, when you would say, i can't talk further about this because of national security, it were that, and i think most people who want to have this dialogue respect that and people are much more informed because they live this issue than i am in order to have the conversation. >> it's one reason you see i'm engaged in a dialogue with you tonight. >> rose: right. it's another reason why you mention i spend time in the valley. but it's not about me as an organization, it's the relationships we've created, academic institutions. we bring people to the n.s.a. and say, let's talk to you about what we do, ask us whatever questions you have. it's why we have declassified more data and posted it, for example, online. it's why we've created mechanisms for civil liberties and privacy, where we had put products at an unclassified level designed to -- so let's walk you through, hey, here's the legal framework we used to execute the things we do. here's the protections put in place. here's how we try to account for those kinds of issues which are very legitimate, i don't have a problem with that at all. so there's been a conscious set of efforts, not just n.s.a. or more broadly across the government to try to get to the point that i think you've raised which is valid. we can't sit here and just say to ourselves, well, why don't they seem to like us or understand what we do is in their defense? that is not a healt healthy posn for us to take and i hope that's not one that's coming across because i don't believe that. >> rose: how much attention do you pay to artificial intelligence? >> you mean machine learning. >> rose: machine learning. is incredibly foundation to the future to me. >> rose: absolutely. particularly when i look at -- let's just take sign deer fence, for example, one of our primary missions both for cyber command and n.s.a., many defensive strategies today are built around the idea of, well, my strategy is based on recognition of past activity. >> rose: right. that doesn't help you with something new. also, many of the defensive strategies today are very heavily predicated on a big manpower investment. it doesn't scale well. machine learning, artificial intelligence offers the possibility of just talking within the cyber defense arena, could you harness the power of machine learning to generate systems and capabilities that actually are taking ongoing cyber activity, ingesting it, learning from it and anticipating it? >> rose: yes, that's exactly it. >> you know, can you get to that. >> rose: and are we getting to that. >> clearly, lots of work going on in this arena. to me, it's only a question of the when. is it something you will see in the next 12 months? no, i don't think so. but is it something that you're going to see in the near term? >> rose: in the next five years. >> yes, sir, i believe so. >> rose: and these are questions journalists always ask and other people ask, too, and you hear them within your own people and when you make -- when you're out within the general citizenry, so on this night what concerns you most and what makes you most optimistic? >> so i am always concerned the potential of another 9/11. that's as much an emotional scale. i could still see the image of the twin towers coming down and it just physically agitates me -- how could someone have done that to us? >> rose: how could we not have realized it was coming. >> right. i had a shipmate, for example, we weren't close, intimate friends, but we had just served together on sea duty in europe, patrick dunn, lieutenant commander united states navy, great irishman, we would smoke cigars on the deck sometimes and just talk about life, just groups of us. he transferred from the ship we were on, went to duty in the navy command center in the pentagon, his wife pregnant at the first time with their first child, patrick was killed on 9/11 at the pentagon. i think about i don't want that to happen on my watch. it's my job along with a whole lot of other people to ensure that doesn't happen. that's an important, visceral thing for me. in the cyber arena, i worry about destructivity acts against critical infrastructure we've talked about. i worry about data and software manipulation, and then i look at what happens when non-state actors decide cyber is now -- take i.s.i.l for example, it's not just a tool for promulgation of ideology, generation of revenue, recruitment of followers -- >> rose: it's more than that. my concern is what happens if they decide it's a destructive weapons system. >> rose: isn't theye they alreay decided that? >> you aren't seeing the level of activity that is in the realm of the possible and that's what concerns me. >> rose: you haven't seen the level of activity -- >> how bad could this get. they could significantly up their game, and i worry about that. >> rose: it's a scary thought. yes, sir. >> rose: thank you for coming. thank you very much. >> rose: next, a conversation with jeffrey goldberg who wrote the brilliant article in the atlanta magazine about obama and his foreign policy. >> i mean, i have been interacting with him from time to time for the last, i guess, eight or ten years, even when he was in the senate, and i think, yeah, this president attend of his presidency has a more tragic view of certain issues than he did at the beginning, the arab world most particularly, the middle east. >> rose: and the limitations of american power there. >> he was always sensitive to the limitations of american power. he was following george w. bush who one could argue overextended. so obama was always in a category of people who were thinking about limitations. but i would say that he was -- when it comes to certain issues and certain problems, he's not hoping on change, he's moved into a more fatalistic pose, which is interesting and ironic because only in the last couple of years has he really begun to accumulate foreign policy achievements, really big achievements. the fatalism has gone hand in hand with the actual building of a foreign policy. >> rose: the iran nuclear deal at the top of the list? >> the iran nuclear deal, climate change, t.t.p., burma, there is a lot of stuff there. that's been sort of a core observation which is the fatalism is there bulls the willingness to go to place where is you think you can do something and do it. >> rose: you can argue he now feels he can express his mind because he's not running for reelection. >> he's on the glide path. >> rose: yeah. and things that have frustrated him for years, i mean from 15 years, for instance the u.s. relations with saudi arabia which he questions to some degree, he's slightly more free now to sort of argue against certain assumptions that we make in foreign policy. >> rose: for more about this program and early episodes, visit us online atpbs.org and charlierose.com. captioning sponsored by rose communications captioned by media access group at wgbh access.wgbh.org >> rose: funding for "charlie rose" has been provided by: >> and by bloomberg, a provider of multimedia news and information services worldwide. announcer: explore new worlds and new ideas through programs like this, made available for everyone through contributions to your pbs station from viewers like you. thank you. announcer: judy collins, tom and dick, the smothers brothers, the kingston trio, the highwaymen, the brothers four, glenn yarbrough, the limeliters, roger mcguinn, barry mcguire, randy sparks and the minstrels unite for history in a special celebration of american folk music... next on pbs. ♪ ♪ rows and flows of angel hair ♪ and ice cream castles in the air ♪

Related Keywords

Myanmar , New York , United States , Iran , Afghanistan , China , Syria , Russia , Ukraine , Raqqa , Ar Raqqah , Iraq , Saudi Arabia , Libya , North Korea , Ireland , Paris , Rhôalpes , France , Americans , Burma , Chinese , Ukrainian , North Koreans , Russians , American , Irishman , Iranians , Glenn Yarbrough , Jeffrey Goldberg , Edward Snowden , George W Bush , Patrick Dunn , Mike Rogers , Judy Collins , Ashe Carter , Barry Mcguire ,