Former US Cyber Director Inglis on Israel, Russia and ONCD’s future

Chris Inglis, the first-ever national cyber director, said Tuesday that cyberattacks would likely become a part of the unfolding conflict between Israel and Hamas, but he is confident in Israel’s ability to defend itself both on the battlefield and in cyberspace.

“Cyber is involved in everything… it’s certainly involved in this and I think in two ways,” said Inglis, who stepped down from his post in February. “One, cyber, the digital infrastructure, is being used to synchronize, coordinate activities, whether that’s diplomacy or actions on the battlefield, and therefore needs to work well, needs to work with optimal performance.”

The U.S. and its allies “will help [Israel] in any way they can,” he added.“The private sector is not off that battlefield either, they are providing the underpinning commodity resources necessary to deliver resilience and robustness.”

The other front is the “information war” between the two sides to push their perspectives, according to Inglis.

“I have every confidence in the world that the Israelis are perfectly capable of defending themselves and asserting their viewpoints on that battlefield,” he said.

Onstage at the Predict 2023 conference in Washington, D.C., Inglis spoke to Recorded Future News’ Martin Matishak about that and other conflicts, including the war between Russia and Ukraine, as well as plans for a national cyber alert system and potential regulations for AI.

Here are some highlights from the conversation.

Russia and Ukraine

Inglis, who took office in July 2021, spoke openly about his initial reaction to Russia invading Ukraine in early 2022.

“I thought the Ukrainians would buckle under the technological superiority of the Russians,” he said. But what the war has shown is that “defense can hold its own against offense. The Ukrainians have shown that technology matters, and expertise matters more — a lot more.”

He said the war also showed that “offense is a lot harder than it looks.” While Russia is highly capable when it comes to offensive cyberattacks, he said most of them have relied on hitting victims when they wouldn’t expect it. “It’s easy to do a sucker punch,” he said. “NotPetya was a sucker punch.”

He added that one of the biggest contributors to Ukraine’s success is the country’s doctrine, which he described as the ability to assign roles and responsibilities.

Artificial intelligence

Although the U.S. government and companies need to embrace AI and “ride that wave,” he added that regulations might be needed that ensure people take responsibility for the misuse of the technology.

“The danger is that we allow it to set its own course and define its own role in our society,” Inglis said. “That we turn over to it the ability to make value judgments.”

Inglis compared potential AI regulations to the way the U.S. enforces laws over other technologies, like automobiles. Even if a human doesn’t understand the mechanics of their car, they are still responsible for speeding, driving drunk and other behaviors, Inglis said.

But, overall, he said “the most amazing thing about AI isn’t what it is at the moment, but the speed of its advancement. If we chase this car of AI we’re going to recognize that we’re way behind it and we’re going to recognize it’s not a car, it’s an entirely different thing”

A national cyber alert system

Inglis, who serves on CISA's Cybersecurity Advisory Committee, also spoke about that group's work in investigating the prospect of a national cybersecurity alert system. Even though there are few solid details about what such a system might look like, the group publicly said last month that “there is a genuine need” for a system that “routinizes the 24/7 consideration and provisioning of cyber alerts.”

Inglis said such a system could resemble a national weather alert system, but it would have unique challenges. For example, when the government warns about an approaching hurricane, the storm system won’t change paths based on the fact that an alert has been issued. Hackers, on the other hand, are dynamic and would also be listening in on alerts.

Additionally, he said, it has to be more specific than many current alerting systems. “It has to have enough granularity. It can’t just be red and green,” he said. “It needs to say, ‘Tthis very specific red is holding these specific assets at risk.’”

Whateverthe system looks like, it must be “ruthlessly focused” on the beneficiaries of the information — making sure that the information gets into the hands of the people who need it and can use it, he suggested.

What’s next for ONCD

The Office of the National Cyber Director has gone through several leadership changes since Inglis’s departure, including a key architect of the White House’s national cyber strategy departing in June and revelations in July — first reported by Recorded Future News — that the acting director would not receive the nomination to permanently fill Inglis’s vacancy.

President Joe Biden has since nominated Harry Coker, a former NSA executive director, to serve as the next national cyber director, and he is awaiting confirmation.

Inglis said he has known Coker “for the better part of 20 years” and that he has the leadership experience and expertise to succeed in the role.

He added that if he was given the opportunity to give Coker advice, he would tell him that “cyber isn’t a vertical, it’s a horizontal.”

“We’re not all trying to solve similar problems — we’re trying to solve the same problem. We’re inflicted by the same weaknesses in our infrastructure, in the same adversaries,” he said.