The Principal Deputy Director for National Intelligence (PDDNI) Susan M. Gordon spoke at the recent Cipher Brief Threat Conference about how technology and the role of the private sector are changing the way the U.S. Government must think about - and prepare - for future threats.
Gordon's approach to the mission has been to openly and broadly share her thoughts on the magnitude of the threat the U.S. is facing.
It's the kind of straight talk that she says is necessary to fostering more innovative approaches to problem solving. The Cipher Brief asked her to expand on a few of the topics she covered, in these 5 questions:
You introduced a new way of thinking about intelligence in the future recently, saying that the private sector should no longer be thought of as a supporting command, supporting the USG, but that instead, it is the USG that will be supporting the technology and innovation developed by the private sector. Tell us more about that shift and what it means to national security.
Throughout its history, the Intelligence Community (IC) has provided threat and warning information to policymakers for the government to use to keep America safe. Today, our adversaries and competitors are attacking not only government entities, but the private sector—our companies and our communities—via economic espionage because they represent the strength of America, our great engine of innovation and the foundation of our republic. This makes them a threat surface. Given this, the government is going to have to share leadership responsibilities when it comes to protecting and making choices about our industrial capabilities and critical infrastructure. Said differently, the private sector and local governments are going to have to assume more responsibility for protecting their investments and themselves; and the federal government—in this case, the IC—is going to have support private sector and local governments as they execute that responsibility with more information and insight. It’s a slight change in perspective, but an important one.
How should the U.S. Intelligence Community be thinking about the Huawei threat to 5G networks?
The strategic threat represented by China’s plan to be the provider of choice for emergent 5G networks is particularly concerning. It is one manifestation of China’s efforts to expand their global influence using a whole-of-country approach. And because China can compel the actions of their companies, we see a foundation of Huawei, ZTE, or other Chinese equipment as a risk to the security and integrity of communications networks. The IC’s responsibility to warn of threats we see on the horizon has inspired us to reach out to not only our policy community, but to worldwide partners and allies, and to U.S. companies and state and local governments, to share our assessment of risk as they make their choices to build out their infrastructure.
The four major U.S. telecommunications companies that are the most-heavily invested in 5G development have pledged that they will bar Huawei and ZTE from 5G networks, is that the right approach?
From an intelligence perspective, China seeks to expand their global influence and is using a whole-of-country approach in pursing economic dominance. When Chinese companies, whose action Beijing can compel, offer 5G communications equipment and packages at prices that undercut competitors, it potentially creates a situation where Chinese state-owned firms provide the infrastructure and data backbone that underpin entire countries—including our own. It’s not just the risk of technical penetration that concerns us, it’s that China’s government can compel their companies to provide access to the data that traverses their equipment. The IC will always assess that a clean, reliable, secure network provides the least risk of compromise.
You’ve said that the U.S. has to plan to manage risks within a ‘dirty’ network, what does that mean? (And do we have a ‘dirty’ network right now?)
Thanks for the opportunity to expand on this important piece of the conversation about the security and integrity of emerging communications networks. While I would always advocate that governments and private entities choose to build their 5G networks without equipment that would potentially compromise its integrity, I am enough of a realist to know that this will not always be possible—especially in remote, underserved areas where resources and choices are limited. Plus, the sheer vastness of equipment and devices in a 5G world may make such an absolute solution unlikely. We should absolutely work with partners and allies to pursue clean networks. And, we must also prepare for a world with networks that are potentially compromised. The IC wouldn’t be doing its job if we didn’t assess, understand, and warn of this possibility—and as a result, inspire solutions responsive to that situation. And, this isn’t just a future threat. This is an urgent issue.
It has been reported that Huawei has the controlling interest in the 4G market in much of the world outside of the U.S. and Europe today. If the same applies for 5G networks around the world in the future, how will the U.S. Government best be positioned to mitigate the risks that come with that?
Because 5G communications will enable so many aspects of our lives in the future—from safe, smart cities, to driverless cars, to critical infrastructure, to medical devices and telemedicine, to connection to the Internet of Things—security will be really important. China’s entry into this market is challenging because their products provide real capability—a legitimate business play—and still threaten the integrity of the world’s information infrastructure. The U.S. federal government is not in the sole driver’s seat when it comes to mitigating the threat posed. Foreign partners, private companies and local governments are the ones making the choices. That’s why the IC is being assertive in both how and to whom we articulate our assessment as they make their choices, and clear that we may need to find more ways to mitigate the risk.
