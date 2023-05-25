Comment on this story Comment Gift Article Share

Reviewing the record of the outgoing NSA and Cyber Command director, and evaluating the nominee to replace him

For the first time in five years, leadership of the National Security Agency and U.S. Cyber Command is poised to change — and cyber experts say that Lt. Gen. Timothy Haugh, who is reportedly President Biden’s nominee, would step into the role well-prepared while being poised to inherit some unresolved business.

Gen. Paul Nakasone, the incumbent, is due to leave as the longest-serving leader of Cyber Command and one of the longest-serving NSA directors. Nakasone has a track record that those same experts praised.

Nakasone would hand off key issues to Haugh, such as pushing for Congress to reauthorize expiring surveillance authorities and wrestling with the ongoing question of whether leadership of the NSA and Cyber Command should be separated.

One of the first things he’ll need to do, though, is get confirmed. That’s out of his hands, with Sen. Tommy Tuberville (R-Ala.) already saying he’ll put a hold on Haugh’s nomination as well as other military nominees due to a dispute with the Defense Department over abortion.

Nakasone

One of Nakasone’s chief accomplishments was strengthening the Cyber Mission Force, whose teams are responsible for executing cyberspace operations, said former congressman Jim Langevin (D-R.I.).

“Gen. Nakasone was always focused on the mission and the people,” Langevin, now a senior fellow at Brown University’s Watson Institute for International and Public affairs, told me.

“That’s what made him so effective,” said Langevin, who led the House Armed Services subcommittee with the bulk of the panel’s cyber oversight. “Making sure that people had the resources and training that they need was a high-priority item for Gen. Nakasone.”

Nakasone also recognized the importance of so-called “hunt forward” missions, Langevin said. Those are the Cyber Command teams that examine foreign allies’ systems for malware or other malicious tools after receiving an invitation to look.

According to Langevin, an example of that is the work Nakasone’s teams did to help prepare Ukraine for cyberattacks, both before the Russian invasion and after — and their work to help defend the United States from potential Russian cyberattacks.

Relatedly, one of Nakasone’s achievements was emphasizing a “defend forward” approach, a former deputy director of the NSA, Rick Ledgett, told me. Those missions are aimed at disrupting cyber adversaries at their source.

Another Nakasone achievement: Embracing and working to implement a Trump-era presidential memo that gave the Pentagon more flexibility to take offensive action in cyberspace, said Sean Plankey, who served as director of cyber policy for the National Security Council from 2018 to 2019.

“That was a success for the nation and success for him,” Plankey, now chief architect at cybersecurity start-up BedRock Systems, told me.

Haugh

If Langevin had his way, he would’ve wanted Nakasone to stay. But “I have great respect for” Haugh, Langevin said, and he said he has confidence in Haugh’s ability to take over command from Nakasone and “hit the ground running.”

Langevin’s former colleagues in Congress also are said to like Haugh, the former commander of the 16th Air Force.

“Haugh is generally liked by lawmakers in both parties, according to officials and congressional aides, some of whom predicted his nomination would proceed smoothly once the Senate takes it up,” Dustin Volz wrote for the Wall Street Journal.

Haugh has long been seen as the successor-in-waiting to Nakasone, given his work at the Air Force on cyber and that he’s been the deputy commander at Cyber Command.

“There is no one more qualified to take the helm of NSA and CYBERCOM than Lt. Gen. Haugh,” Josh Lospinoso, a founding member of Cyber Command and CEO of Shift5, said via email. “His work as both the deputy commander of CYBERCOM and his successes at the 16th Air Force exemplifies his leadership experience in both cyber and intel, both of which are critical given the dual nature of the role.”

Haugh’s communication skills stand out, Ledgett said, based on meetings where the two were in the same room. “He was thoughtful and really good at explaining complicated cyber concepts to basically a bunch of lawyers,” said Ledgett, the founder of the Ledgett Group and a managing director at Paladin Capital Group.

One unique trait that Haugh brings to the table is that he’s not been as much of a Nakasone “disciple” as the leader of the Cybersecurity and Infrastructure Agency (Jen Easterly), the top National Security Council cyber official (Anne Neuberger) or the recently departed national cyber director (Chris Inglis), Plankey said. Haugh has served less than a year as Cyber Command’s top deputy. That means he could offer additional diversity of experiences and viewpoints, Plankey said.

His background is also less focused on intelligence collection than Nakasone’s had been when he first took the job, Plankey said.

Tasks ahead

There’s a long-running argument that has waged across the executive and congressional branches of the United States about whether it would be better if leadership of the NSA and Cyber Command were split in two. It’s still an unresolved debate.

“This leadership change might also be an inflection point to evaluate the current joint structure of the two agencies,” Lospinoso said.

“Lt. Gen. Haugh may want to consider conducting a review on the organization, performance and execution of the joint structure to evaluate successes and challenges through the lens of the ever-evolving threat environment,” Lospinoso said. “This review could provide contemporary insights into the opportunities and challenges of a dual-hatted position and how to keep evolving both organizations in a mutually beneficial manner to address national security with the most effective means possible.”

Ledgett said it will be important for Haugh not to neglect the NSA side of his job, given the massive role it plays in the overall U.S. intelligence community. “A big part of Tim’s job is making sure that that stays balanced, that it doesn’t become all Cybercom all the time,” he said.

Nakasone has been one of many Biden administration national security officials urging Congress to renew spying powers, known as Section 702, that they say have been used to counter cyberthreats. Those authorities are set to expire by the end of the year — putting Haugh potentially squarely in the middle of the fight, Plankey said.

China-linked hackers breached U.S. communication equipment in Guam

Officials warned that Chinese state-sponsored hackers breached communication technology at a U.S. outpost in Guam and critical infrastructure in other locations, our colleague Joseph Menn reports.

“U.S. agencies and those of America’s closest allies issued a rare joint report advising organizations on how to hunt for signs of intrusion by the same group and how to shore up defenses. The ‘Five Eyes’ intelligence alliance said that facilities in Britain, Canada, Australia and New Zealand could be targeted, as well,” Joseph writes.

The hackers use legitimate credentials and software commands to move about the networks, making it more difficult to detect them, according to cybersecurity officials.

The hacking activity attributed to Chinese group Volt Typhoon was first discovered two years ago and involves the use of compromised devices protected by cybersecurity firm Fortinet, according to Microsoft.

There was no destruction of electronic data or equipment, but the intruders could be laying the groundwork to disrupt communications between North America and Asia in the event of a military confrontation, Joseph writes, citing the Microsoft findings.

“Today’s advisory highlights China’s continued use of sophisticated means to target our nation’s critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity,” said CISA Director Jen Easterly.

Russian accused of crypto laundering charges pushes for freedom via prisoner swap

A Russian national charged with money laundering in the United States is advocating for release through a prisoner swap that could free detained Wall Street Journal reporter Evan Gershkovich, the outlet’s Louise Radnofsky and Dustin Volz report.

“The effort is similar to a playbook used by Viktor Bout, the convicted Russian arms dealer who won his freedom in a prisoner swap after public pressure for a deal,” they write.

Alexander Vinnik was arrested in Greece in 2017 and charged with running a bitcoin laundering operation BTC-e, which he co-founded in 2011 and was allegedly used to finance Russian criminal activities.

“Mr. Vinnik should be permitted to … answer the accusations against him and advocate publicly for his inclusion in a prisoner swap,” wrote David Rizk, Vinnik’s lawyer, who added that making the prisoner swap campaign public would maximize its chances of happening. Vinnik has pleaded not guilty to the charges set against him.

The proposal comes as the United States faces mounting pressure to free citizens detained on foreign charges that are considered by national security authorities to be bogus.

“In Russia, those citizens include Gershkovich, who was detained on a reporting assignment in Russia on March 29 and is being held on espionage charges that the Journal and the U.S. government vehemently deny. Another detained U.S. citizen is Paul Whelan, a corporate-security executive and former U.S. Marine who has been held since late 2018,” Radnofsky and Volz write.

The Justice Department declined to comment to the Journal.

Pegasus spyware story takes a new turn in Mexico

NSO group’s contested Pegasus spyware has found its way into the inner circle of the Mexican government as it investigates alleged spying abuses in its military, our colleagues Oscar Lopez and Mary Beth Sheridan report.

They write: “Pegasus has been found on the cellphones of Alejandro Encinas , the undersecretary for human rights in Mexico’s Government Ministry, and at least two other people in his office, according to three people briefed on the matter, who spoke on the condition of anonymity because of the sensitivity of the case.”

“President Andrés Manuel López Obrador said Encinas had informed him that his phone had been bugged. But at his daily news conference on Tuesday, the president downplayed the high-tech attack and said he didn’t believe the army was at fault,” they add. Mexico’s Defense Ministry declined to comment.

Mexican politicians have a long history of spying and espionage against their opponents, the report notes. López Obrador had pledged to end political spying and has said that Pegasus is no longer in use, though research from Mexican digital rights groups signals that the nation’s military might have continued using it, it adds.

