We got 17% of it correct! Paul Nakasone at RSA 2024

Transcription of an excerpt of the panel discussion from the RSA Conference 2024 that was held on May 8, 2024 in San Francisco titled "Apocalypse Avoided: The Future According to the Four Horsemen of Cyber" moderated by Garrett Graff and hosting Stephen Davis, Jen Easterly, Paul Nakasone and Timothy White as panelists.

Context:
In 2008, an infected USB caused the worst military compromise in US history. This was a wake-up call: cyberspace was the new frontline. To rethink digital era battle, the Four Horsemen assembled, drafting the plan to build US Cyber Command. 15 years later, they reunite publicly for the first time to reflect on the evolution of cyber, today’s threats, and how to safeguard the nation in cyberspace.

Featuring:
- Garrett Graff (GG) Moderator - WIRED contributing editor and Director, Cyber Initiatives, The Aspen Institute

- Paul Nakasone (PN) Panelist - Former Director of the US Cyber Command and Director of the NSA (2018-2024)

Transcript:
[GG]: I had the opportunity to profile you for Wired a couple of years ago, and even though you didn't speak to me for that article, I spoke to a lot of people around you.

[PN]: It's interesting how you got that clause in there.

[GG]: One of the things that really struck me in going back and talking to people who were working with you at the time was you had thought about this time that this was maybe the peak of your career, that there was actually not much of a career path up into the general ranks for someone with a cyber background, with a network warfare background, and you were unsure how much more you could rise in the army at that time. It turned out your career worked out okay. In 2016, you become the commander of NSA and the commander of US Cyber Cyber Command as it is for the first time Unified Combattant Command. I wonder if you could now reflect back about what you think your team got right in setting it up now that you've been in this job and what lessons you learned as you were actually trying to implement this as the person who had helped originally conceive of it.

[PN]: I took over understand Cyber Command on the fourth of May, 2018, I think the first thing that I would say is, So the Department got it right. This is 2008, 2009. Think if we hadn't done something in that time frame to build a cyber force. All of the things that we're able to do over the next 10 plus years get done because we had the basis of what's going on. I think we got the structure pretty right. In fact, one of the things I think I said in the after-action report was we were 100% that we got 17% of it correct, but we could iterate really fast. That's the important part. We iterated really quickly on things that we thought we got wrong. But I think to your point, there were also some things that we just didn't foresee. What didn't we foresee? The rise of the private sector. Oh, my goodness. I mean, 2018, when I take over as director and commander, the private sector is the big change that has obviously happened and has happened, and we had to figure out how we're going to work with them. You built a command in.