NATIONAL HARBOR, Md. -- Even the best of leaders suffer failures, but the response by leaders to adversity -- including adversity in the realm of national cybersecurity -- is what's truly important.
This was the message that Ret. U.S. Navy Admiral Michael G. "Mike" Mullen, former chairman of the Joint Chiefs of Staff, relayed to attendees at the 2013 Gartner Security and Risk Management Summit.
Mullen stressed the importance of leadership and accountability by opening with a story about his early days in the Navy. He took command of the gasoline tanker USS Noxubee in the Mediterranean at the age of 26, and shortly thereafter the ship ran into a buoy, the result of which was a review of his efforts that he characterized as getting "an F." He spent a considerable amount of time learning from the incident, but he still loved being held accountable for the decisions he made.
"Nobody else hit the buoy," Mullen said. "[The error] was all mine."
Related to the theme of accepting responsibility, Mullen lambasted politicians on Capitol Hill for failing to prioritize the needs of U.S. citizens above party politics in order to respond to critical issues that threaten America's standing in the world. He was especially critical of Congress for its inability to reduce the national debt and repair the broken K-12 education system.
Mullen said cybersecurity is among the issues that keep him awake at night, calling it the "only existential threat out there" that could change our lives to the point that we can't recover. From banking to critical infrastructure, he said, cybersecurity issues dictate so many aspects of ordinary citizens' lives that a cyberattack on the scale of a "cyber 9/11" could cripple the nation's economy. He worries that new laws that would make the difference in preventing such an attack are being held up in Congress, he added.
"We don't look out very well to the future," Mullen said. "Without accountable leaders, I don't think we'll make much progress."
In terms of the threats facing enterprises, Mullen said the nation has long moved past the time when a CEO could call his or her best technical support guy and tell them to "fix it" and make the problems go away. As a consumer, he said, he wakes up every day believing that he's been victimized by attackers, in part because he was a victim of a suspected cyber-espionage attempt in December 2012. As a result, he has adjusted his own cyber life by acknowledging the sophistication of modern cyber threats.
"[I'm] incredibly careful about what I type and write in email," Mullen said. "I make the assumption that someone is reading it, and maybe it's someone I don't even like."
Cybersecurity issues affect U.S. relations with China
Mullen also discussed the recent meetings between U.S. President Barack H. Obama and Xi Jinping, the president of China. He described the association between the two countries as the "most important bilateral relationship in the world," with "cyber" being at the heart of that relationship.
Xi's People's Liberation Army (PLA), specifically the 2nd Bureau's Unit 61398, has received a great deal of media attention following allegations put forth in Mandiant Corp.'s widely publicized APT 1 report. In it, Mandiant alleges that the PLA is responsible for numerous cyber-espionage campaigns against a broad range of victims, dating back at least seven years.
Mullen acknowledged that the Chinese government must achieve GDP growth of 7% to 8% per year to meet its goal of raising 300 million citizens out of poverty. He said that has translated into the government seeking economic advantages through the theft of intellectual property from companies in the U.S. and other developed nations.
With the Chinese government looking to expand its influence to become a true global power, Mullen said, other security tensions are sure to surface, including the recent holdup of Japan-based telecom Softbank's acquisition of Sprint over its relationships with Chinese suppliers. Mullen recently joined the corporate board of Sprint and will serve as the company's security director, and he believes that the U.S. needs to protect its technology, but that the relationship between the U.S. and China will need to evolve to deal with such situations.
Mullen took time to respond to an inquiry regarding the recent leak of sensitive information relating to the National Security Agency's PRISM program, which has now been attributed to Edward Snowden, a former Booz Allen Hamilton employee.
"That's not why we take oaths in this country," commented Mullen, indicating that Snowden must face the consequences that come with leaking classified information. "From my perspective, it was a huge breach and it needs to be dealt with accordingly."
Mullen believes that the NSA leak is only the start of a larger conversation both U.S. citizens and government officials must have regarding the balance between security and privacy, although he felt those coming out harshly against the program represented the "extremes" of both the political left and right. The whole issue is going to "come up very hard against who we are as a country," he said. "We have to be mindful of the security we care about to protect ourselves as we have this debate," he added.
Beyond personal opinions about Snowden and the PRISM program, Mullen emphasized that the leak showed the need for firm leadership in the cyber world. He pointed to Egypt as an example of how the power of the Internet and social media can be used to overthrow a government, but also highlighted how there was no structure in place there to deal with the powerful technology flow afterwards.
"That's why responsible leadership in the information technology world is so critical," Mullen said.