NSA Speaker Rob Joyce Offers Cybersecurity Insights at DEF CON 26


By James Lint
Senior Editor for InCyberDefense and Contributor, In Homeland Security

Rob Joyce, the Senior Advisor for Cybersecurity Strategy at the National Security Agency (NSA), was an interesting kickoff speaker for DEF CON 26. He has attended this hacker’s convention for many years. Joyce attended this year’s conference not only to give his talk but also for recruitment purposes.

Information Technology Is a Worldwide Game Changer, Joyce says.

Information technology is a worldwide game changer and is increasing the number of people online, according to Joyce. In 2017, 4.16 billion people (54% of the global population) were online. While social media sites such as Facebook and Twitter encouraged the development of online communities, the growth of Bitcoin and other cryptocurrencies, the Internet of Things (IoT) and cloud computing have accelerated the evolution and increased online communities. Consequently, there have been more cybersecurity hacking incidents.

Major cybersecurity incidents have included:

  • The Office of Personnel Management database hack between 2014-15 by Chinese actors
  • The attack on Ukraine’s electrical grid in 2016
  • The WannaCry ransomware attack from North Korea that knocked out computers in 150 countries in 24 hours in 2017
  • The Russian cyber attack on the 2018 Winter Olympics, which took Internet and Wi-Fi access and the Olympics website down for 12 hours

Joyce Reviews Today’s Cyber Threats

Joyce discussed the current threats that are affecting the U.S. and cyber security domains. He noted that high-end cyber threat activity continues to become more sophisticated, while the level of expertise required for hacking has decreased.

This change is due to new Internet tools that have become easier for hackers to use. Joyce noted that hacking has clearly moved from mere exploitation to active disruption of operations and organizations. Many of the Chinese hacks were not attacks to destroy or even disrupt systems. Instead, Joyce observed, the Chinese hacks were intended as cyberespionage.

An interesting area that Joyce examined was the growing use of information operations using cyber intrusions to spread misinformation. Cyber intrusions into social media platforms have been used to create additional followers or fake accounts. This practice allows threat actors to push a storyline or create malicious propaganda campaigns, as we’ve seen during election cycles.

Joyce Offered Prediction on Where Cybersecurity Is Going in the Future

As a result of Joyce’s speech, some attendees explored career opportunities with NSA. This agency is continuing to incorporate innovative technology in cyber defense, such as analytics tools and the knowledge gained from them.

NSA also collaborates with the Department of Homeland Security to pass along cyber threats to the affected industries. In the future, Joyce predicted, there will be more communication between agencies and other organizations to stop cyber threats to the United States.

Conferences Such as DEF CON 26 Provide Unique Window into Government Agencies

Normally, you do not encounter NSA personnel unless you reside in the Washington, D.C., metro area. However, DEF CON 26, provides a unique opportunity to talk to, ask questions of and learn from senior government officials, including those from NSA.