U.S. Army General and Cyber Command Director Paul Nakasone and Director of the Cybersecurity and Infrastructure Security Agency Jen Easterly were keynote speakers at Vanderbilt’s second annual Summit on Modern Conflict and Emerging Threats, which was hosted from May 4-5. The Hustler sat down with Nakasone and Easterly to discuss their thoughts on the rise of artificial intelligence, emerging threats to digital security and how academia can support national security efforts.
In 2022, the university signed a five-year education partnership agreement with the National Security Agency, at which Nakasone directs the Cyber Command.
The Hustler: What was your path to careers in this field, and what recommendations do you have for college students today?
Easterly: I started out in the United States Army — but I got out a little earlier than General Nakasone. I did West Point and was in the army for 21 years, joined the National Security Agency as the deputy for counterterrorism and then went to the White House. I then moved to Morgan Stanley to do cybersecurity operations. I later came back to the government to be on the cyber defense side.
The opportunity to work for the government, the intel community, the policy community and the private sector was really unique. If I were to give any advice to anybody who is learning how to enter the job world, I would say be willing to take risks, be willing to take that opportunity, don’t be afraid of failure and focus on creating relationships that allow you to have impact.
Nakasone: I started in the United States Army, and I am still in the United States Army. Jen and I crossed paths in 2007 at the National Security Agency, and we have worked together since then on a series of different initiatives. My advice to people that are in college is even though you have all these plans that you think are going to fall in place, but things always change. Use the change as an opportunity. Have the flexibility and agility to see changes as opportunities.
What role does academia, and institutions like Vanderbilt, play in national security?
Nakasone: They educate our leaders, right? This is the point that I am very appreciative of my own college experiences — that they taught me how to think critically, communicate and experience and organize my thoughts. That is a huge piece of being able to develop leaders in the future, and this is what Vanderbilt has done for so many years really effectively.
Easterly: I just love the opportunity to be at institutions like Vanderbilt for a couple of reasons. First of all, when you get older, there is a sense of jadedness and skepticism that sometimes seeps in that frankly you do not see at most universities among the students. So I just love the energy, creativity and sense of possibility. I love the partnership because oftentimes there are ideas that bubble up from students who may not have experience that we have but have great ideas.
Also, the research that happens in places like Vanderbilt is incredibly important and enriching to the type of mission that we are doing. In particular, I talked a lot today about the nexus between cybersecurity and artificial intelligence, and so some of the research that you all are doing can help us do better at our cyber defense mission and understand the threat so that we can prepare to defend our critical infrastructure.
With the rise of AI tools like ChatGPT and others, technology is becoming a bigger part of our academic lives as well. What are your thoughts on the growth of these cyber tools and their proliferation?
Nakasone: I think the most revolutionary device that I have seen throughout my life was the smartphone in terms of how it changed so much of our lives: the information that we gathered, the ability to communicate. I think AI will be even more so than the smartphone. We have to figure out a way to have this incredible technology but also the safeguards that ensure that it doesn’t necessarily attack the foundations of our nation.
Easterly: For people who are entrepreneurial and in technology, these are exciting things to talk about, and sometimes talking about the downsides and the risks is not the most fun. So I do think we need to have a really robust and integrated conversation with our industry and academia and research partners on the risks posed by smartphones. I remember Steve Jobs introduced the first iPhone, and we had a revelation of having a computer in your pocket, but now we are worried about those being weapons of mass distraction. It changes the way you think, the way you interact, the way you engage.
Misinformation seems to spread like wildfire, aided in part by the advent of social media and the ease of reposting, sharing, etc. How do you recommend people safeguard themselves against misinformation, and what can the media do to promote the spread of factual information?
Nakasone: I do not take all my news from one source. I look at a variety of different news sources to discern what’s happening in the world. I also am fairly skeptical about some things I read on the internet. ‘Does it sound right? Does it look right?’ Increasingly, we are in a world of convenience.
Easterly: One of the most important skills coming out of school or going into the workforce is critical thinking. It has suffered a bit because of this attention economy and smartphones. I think we see things, and we are not thinking skeptically. People who are old like us understand the trade and started out with newspapers. It is incredibly important that we talk about thinking critically. We need to be able to build our societal resilience. I think we need to talk a lot more about what we can do to deal with this proliferation of disinformation, particularly foreign influence and disinformation, which I am very concerned about.
Living in Nashville, some people on campus might feel distanced or disconnected from political/security centers like Washington. How do areas like this play a role in national security?
Nakasone: So this is a confluence city, right? Tennessee has always had that ability to bring new ideas to the fair, and this is what I think Vanderbilt does so well. This is what Chancellor Diermeier was talking about last night. He was thinking about the future summits: ‘What do we need to handle in the future summits?’ He’s already thinking about that. Nashville is a growing city; it is among the fastest growing cities in the nation right now. So hopefully what will also grow with it is this ability for the institution and the arts to flourish here as well.
Easterly: The way I think about it is why we come from D.C.: I try to get out of D.C. as much as I can. Part of our mission is to work with state and local officials in corporations across the country, and we cannot do that effectively unless I am out here. I am here today, but yesterday, I was meeting with TN Secretary of State Tre Hargett and Commissioner Jeff Long to understand the problems going on in the city of Nashville and in the state of Tennessee. So I think we need to talk to each other more. There’s a big skepticism from state and local level at the federal government. I think we bridge that by making sure that we’re communicating: You all are coming to D.C., and we are coming out to see you.
How have threats to national security evolved in recent years, and how have your departments adapted to respond to them?
Nakasone: Well, I think it really has moved from a quantity problem to an increase in quality problem. What do I mean by that? In 2018, we were focused on one entity: Russia.
Now, it is not just Russia — its is Iran, it is China, it is non-state actors attempting to have some type of influential effect on our democratic processes. But here’s the other piece: it’s a quality problem too. This is what Jen was speaking about today: what does generative AI mean to an ability to weave a story that takes moments as opposed to months to put together and can influence something so rapidly?
Easterly: The current threat from a cyber perspective is a lot of ransomware, particularly attacks against what we call target-rich cyber-poor entities, schools, universities — including an HBCU and the city of Dallas. These threats are very real, not necessarily on the national security level, but if they affect people in their lives, then some of this is connected into the national security and critical security apparatus. I have significant concerns of where things are going to go over the next couple of years, and that is probably something that I wouldn’t have been talking as much about five years ago.
What do you think is the biggest misconception that the average American has of your work and cybersecurity in general?
Nakasone: For our work with the National Security Agency, I think there is a general sense that the agency is somehow perhaps spying on Americans. That is the farthest thing from the truth. We have a very, very strong culture of compliance. We have a strong feeling that our civil liberties and privacy matter, and we have a workforce that is dedicated to that every single day.
Easterly: If your leadership knows CISA, I think that is a good thing. We are the newest agency that the federal government set up four years ago, so get the word out. I think people sometimes think cybersecurity is so technical and do not think they can do that. There are so many things you can do in cybersecurity on law and policy and communications. It is not just about programming and hunting and things like that. Think about cybersecurity as a career. There is a ton to do out there. And it is not overly complicated to know how to do the basics of protecting yourself. Password complexity, password keeper, updating your software and using multi-factor authentication are most of the very easy things that we can all do to keep our communities, ourselves and our families safe.
Responses have been edited for length and clarity.