Srsly Risky Biz: MAGA's NSA purge will get messy - Risky Bulletin

Summary5 min read

Risky Bulletin Podcast Summary

Title: Srsly Risky Biz: MAGA's NSA Purge Will Get Messy
Host: Patrick Gray
Guest: Tom Uren, Policy and Intelligence Editor at Risky Business
Release Date: April 10, 2025

Introduction

In this episode of Seriously Risky Business, host Patrick Gray engages in a deep dive discussion with Tom Uren about recent tumultuous changes within the National Security Agency (NSA). The conversation centers around the controversial purge of top NSA officials, the implications of their removal, and the broader impact on cybersecurity and international intelligence collaborations.

NSA Leadership Purge

Firing of Top Officials Patrick Gray opens the discussion by highlighting the significant analysis Tom Uren provided in the latest newsletter, focusing on the ousting of NSA leaders such as Tim Hoare, Hogg, and Wendy Noble. These high-ranking officials were dismissed under pressure from right-wing social media influencer Laura Loomer, with President Trump endorsing these moves.

Tom Uren [01:32]: "Hoare did absolutely nothing to deserve this... Laura Loomer... has constructed a theory to fire these people. And Trump bought it. Now, so that's a problem."

Lack of Justifiable Reasons Uren emphasizes that the dismissed NSA leaders had impeccable records with decades of experience, making their termination baseless.

Tom Uren [01:32]: "Hoare has 30 odd years in military intelligence... it's a loss of leadership."

Potential Replacements and Their Implications

Candidates for NSA Leadership The conversation shifts to potential successors for the NSA head position. Two main candidates emerge: Ezra Cohen and Trey Stevens.

Ezra Cohen: Currently at Oracle, Cohen has held various defense and intelligence roles but lacks the extensive experience compared to his predecessor.

Tom Uren [03:00]: "He's really a dilettante... doesn't stack up to 30 odd years of experience."
Trey Stevens: Co-founder of Anduril, Stevens is seen as a dark horse due to his less overtly pro-Trump stance and reluctance to join the administration.

Tom Uren [04:13]: "He said, 'look, it's a terrible time... I don't know that I want to step into the administration.'"

Concerns Over Civilian Appointments Uren expresses skepticism about appointing civilians to head the NSA, highlighting the tradition of the dual hat arrangement where military and intelligence leadership roles are combined.

Tom Uren [04:20]: "Civilians would have to split the dual hat arrangement... it complicates mission deconfliction."

Dual Hat Arrangement Split

Managing Offensive and Defensive Cyber Operations The dual hat system ensures coordination between offensive cyber operations and intelligence gathering, preventing conflicts where one mission might jeopardize the other.

Tom Uren [05:41]: "We need some way to manage that. Traditionally, it's just to have the same head."

Potential Challenges of Splitting Roles Patrick Gray interjects with anecdotes from industry contacts, questioning whether established procedures within the agencies can effectively handle the split without internal friction.

Patrick Gray [06:43]: "If you had two different heads who are fighting over this, it would be not ideal."

Impact on Agency Neutrality and Recruitment

Perception of Partisanship Uren warns that appointing politically aligned leaders could tarnish the NSA's reputation as a non-partisan entity, potentially deterring top talent.

Tom Uren [07:26]: "It affects recruitment because people don't want to work for an organization they perceive as partisan."

Bipartisanship in Cybersecurity Patrick underscores the importance of bipartisan cooperation in cybersecurity, highlighting how political neutrality has historically fostered collaborative problem-solving.

Patrick Gray [08:14]: "The field of cybersecurity thrives on bipartisanship... solving challenges together."

Effects on Five Eyes Alliance

Strained International Relations The purge and political meddling may undermine the NSA's relationships with its Five Eyes partners, such as the UK, Canada, and Australia, who rely on the NSA for intelligence collaboration.

Tom Uren [10:19]: "This goes away... Paul Nakasone and Mike Rogers would reassure Five Eyes partners, but that buffer is eroding."

Potential Diplomatic Issues Patrick expresses concern over the long-term stability of the Five Eyes alliance, drawing parallels to internal political strife.

Patrick Gray [10:50]: "It doesn't give you a good feeling as Australians... trust in intelligence partnerships is waning."

Trump Administration's Actions on Transatlantic Data Flows

Revisiting Biden-Era Executive Orders The Trump administration is reportedly retracting or undermining executive orders from the Biden era that regulated transatlantic data flows, which were designed to reassure EU partners about U.S. surveillance practices.

Tom Uren [14:51]: "The Trump administration rescinded a huge swath of Biden executive orders... undermining our commitments."

Dismantling Oversight Mechanisms Key figures overseeing data transfer frameworks, like the Privacy and Civil Liberties Oversight Board (PCLOB), have been ousted, weakening the enforcement of data privacy standards.

Tom Uren [16:00]: "There’s only a single person on the PCLOB nowadays... it's meant to be a five-person bipartisan body."

Erosion of Trust with EU Partners The lack of robust oversight and commitment to previously established standards is pushing European entities to consider developing independent tech infrastructures, distancing themselves from U.S. dominance.

Patrick Gray [17:23]: "It's not only the broader behavior of Trump... but also more granular things like the PCLOB having one member."

Overall Trends and Future Trajectories

Direction of U.S. Intelligence Agencies Both Patrick and Tom agree that these actions signify a troubling trajectory for U.S. intelligence agencies, moving towards increased politicization and volatility.

Patrick Gray [13:02]: "Putting a civilian head handpicked by MAGA into NSA probably just adds to that sense of volatility."

Long-Term Implications The guests reflect on the long-term consequences, suggesting that the erosion of non-partisan values and international trust could have detrimental effects on global intelligence cooperation and cybersecurity initiatives.

Tom Uren [18:31]: "These are trends that aren't favorable to anyone... the direction isn't good for the organization."

Conclusions

The episode concludes with a consensus that the current administration's actions are steering U.S. intelligence agencies into a precarious position, fraught with internal leadership crises and strained international alliances. Both hosts express concern over the sustainability of these changes and their far-reaching impacts on global cybersecurity and intelligence operations.

Tom Uren [19:03]: "This doesn't seem like deliberate malignment, but core beliefs are cutting against the EO... it's short-sighted."

Patrick Gray [20:46]: "The newsletter this week is absolutely sensational... fascinating stuff."

Key Takeaways

Leadership Turmoil: The abrupt removal of experienced NSA leaders under political pressure raises concerns about the future direction and stability of the agency.
Potential Consequences: Appointing less experienced, politically aligned leaders could undermine the NSA's effectiveness and erode trust within the Five Eyes alliance.
International Impacts: The undermining of executive orders regulating data flows threatens transatlantic tech collaborations and may push EU partners towards greater technological independence.
Long-Term Trends: The politicization of intelligence agencies reflects a broader trend of volatility that could have lasting negative effects on global cybersecurity efforts.

For more in-depth analysis, subscribe to the Seriously Risky Business newsletter available at Risky Biz or on Lawfare.

Loading summary

Transcript32 lines

[00:00]
Patrick Gray
Foreign and welcome to another episode of Seriously Risky Business, the podcast we do here at Risky Biz hq, which is all about cyber policy and intelligence. My name is Patrick Gray. Before we get started, I'd like to thank the William and Flora Hewlett foundation for supporting this podcast and also Lawfare, which syndicates the newsletter that this podcast is based on. Seriously Risky Business newsletter. You can find that at Risky Biz. And we also have a sponsor this week which is Run Zero, which makes a terrific asset discovery tool. Just check out RunZero via Google. R U N Z E R O so joining me now is Tom Uren, who's our policy and Intelligence editor here at Risky Business. G'day, Tom.
[00:51]
Tom Uren
G'day, Patrick. How are you?
[00:52]
Patrick Gray
Good, Good. All right, so we got, you've done an absolutely incredible bit of analysis here in this week's newsletter. It's a, it's a terrific read. The big thing that you've looked at this week, it's the number one item in your newsletter, is really looking at this purge that's happened at NSA with Tim Hoare or Hogg or however you want to say it, and Wendy Noble, the director and Deputy Director of nsa, being fired from their positions at the urging of a right wing of social media influencer, I guess, Laura Loomer. And, you know, you've written about why you think that's probably not going to turn out all that well. Share with us your thoughts.
[01:32]
Tom Uren
You know, has haw done anything to actually deserve this? And as far as you can tell from the public record, absolutely nothing at all. And that's because I'm, you know, I'm a cybersecurity insider, but I'm definitely outside the US national security apparatus. But so is Laura Loomer. So she's basically taken, I don't know what, and constructed a theory, a reason to fire these people. And Trump bought it. Now, so that's a problem. The second problem is that haw actually had a tremendous amount of experience. And so he was deputy Commander of Cyber Command. He ran the Cyber National Mission Force, he was head of the Air Force's Cyber and Information Warfare Unit. So he has 30 odd years in military intelligence. Now, it seems like there's two names that have been floated as potential replacements for at nsa, and those are both, well, they're political appointees, obviously, but they're both people who have demonstrated past loyalty to Trump. So one of them is Ezra Cohen. He works at Oracle now and he's been in various defense and intelligence roles. National Security Council, the Pentagon the office of the dni. That sounds impressive until you realize that these were mostly political appointments. And he's really, I guess you would call it a dilettante. He's dabbled in different various areas and it doesn't stack up to 30 odd years of experience. And so there's like orders of magnitude of actual experience in that field that you're losing. So there's a, there's a loss of leadership. The other thing that the is interesting is that these, the other person is a guy called Trey Stevens, who's a defense technology co founder of a firm called Anduril, which by all accounts is an interesting firm. And he has, he was reportedly considered for a position in this administration, but, but didn't take it. I don't think he looks that good in the sense that he's less blatantly pro Trump. And in a recent interview he said, look, it's a terrible time. I'm really busy with Andrew. I don't know that I want to step into the administration.
[04:14]
Patrick Gray
It's like, I mean, this is the, this is the equivalent of saying, sorry, I can't, I'm washing my hair.
[04:20]
Tom Uren
That's right. You know, so I put him as a very dark horse at that point. But both of them are civilians. And so in order for a civilian to replace Hoare as head of NSA is they would have to split what is known as the dual hat arrangement, where traditionally the head of Cyber Command, which is a military position, has also been the head of nsa. So they would have to split that. I wrote about the potential for that split a couple of months ago. And the reason that the head of NSA is the head of Cyber Command is that they do, they basically use very similar resources to do not quite competing missions, but missions where you put the other's mission at risk. So, for example, if you're doing offensive cyber operations, you want to cause effects that people might notice sometimes. So that puts your intelligence capabilities at risk. And so you need some way to deconflict what you're doing. On the one hand, you don't want to say, we'll only ever do intelligence. We won't conduct defensive missions because our intelligence capabilities are so important, but you don't want to do the other either. So you need some way to manage that. And the traditional way is just to have the same head.
[05:41]
Patrick Gray
I mean, that said, sorry, I just want to jump in there because I've obviously talked about this with a bunch of people in the United States who are sort of close to these agencies and you Know, the deconfliction thing is interesting. Like, so logically what you're saying is right, which is having the one person who can set these priorities and whatnot, running both of the organisations, that's one way to deal with this. But there are pretty well established procedures and evaluation criteria within these agencies to work out this deconfliction. I guess. So. I mean, I'm not, not necessarily super concerned by that. I mean, I could, I could see though that if you had, you know, you split the role, you had two different heads who are really fighting over this, that it would be not ideal. So I can foresee that sort of situation where everybody's sort of using bad faith interpretations of guidelines and rules to try to get their way. But I don't know, you know, that might be a bit of a stretch. I don't know. Look, everybody you talk to about this idea of splitting NSA and Cyber Command, the leadership, everyone you talk to has a different opinion.
[06:43]
Tom Uren
It's crazy. I think there's, there's good arguments both for and against.
[06:48]
Patrick Gray
Yeah.
[06:48]
Tom Uren
I think what I would say is that having it all kicked off into place because of a meeting that happened in the Oval Office with the far right influencer, that's not a good way to start this off, I think.
[07:01]
Patrick Gray
Yeah. I mean, look, the point that really comes through in what you've written here is that like, there could be good reasons to do this, but they're not doing this for the good reasons. This is much more about, like putting someone, probably a civilian, in charge of NSA who's much more amenable to the MAGA agenda and that, that could have some really sort of caustic effects on the agency, which is the largest intelligence agency in the world.
[07:26]
Tom Uren
Yeah. So for Trump to put a political appointee in, it doesn't need Senate confirmation, Cyber Command does. So there's, it's relatively easy just to put whoever he likes in there. I think that split, just doing it ad hoc, abruptly is a problem. I think if it was planned out, you know, like I said, reasonable arguments on both sides. But I also think it affects recruitment because people in general don't want to work for sort of an organization they perceive as partisan. So nsa, traditionally people had political opinions, but it's all about the greater good. It's not about gop.
[08:15]
Patrick Gray
Sort of transcends politics, doesn't it? A mission like this, which is about protecting the national interest, you know, from protecting your country from things like terrorist attacks and foreign adversaries that are seeking to do real harm to Your country, its economic interests and its people. You know, one thing I've been in cybersecurity for, you know, 25 years or something and one thing that I've, that I really like about this field actually is the bipartisanship. I have had fantastic conversations and, you know, discussions with people on both sides of politics and you know, the politics just sort of melts away. Most of the time when you're talking to these people, it's all about solving these challenges. So, you know, I guess what you're saying is if the perception is that this is all of a sudden a party affiliated organization, much like you might see in China, where everything sort of has to show fealty to the, the Chinese Communist Party, that will, you know, automatically knock out a bunch of, you know, good talent who might otherwise work there. I mean, the other issue you've got there too is that it will become a magnet for people who are very partisan and you have to wonder what that will do to the agency as well.
[09:22]
Tom Uren
Yeah, these are both, I think, long term problems, but it's heading down a road that I think is not good for the organization. Now the final problem, worry, concern I have is that these organizations were somewhat isolated from the broader Trump administration. Well, I guess there was the revolving door that you had in the first administration where people would be fired and replaced and these organizations, NSA and Cyber Command were isolated from that. And they also acted as kind of a buffer between the broader US political functioning and five eyes partners. So I'm sure that people like Paul Nakasone and Mike Rogers would be reassuring their five eyes partners saying, look, this special relationship we have is indeed special and it transcends domestic politics and everything will be all right. I think that goes away.
[10:19]
Patrick Gray
Yeah. And so, I mean, when you got the vice president talking in signal with this Secretary of Defense describing Europeans as utterly pathetic and blah, blah, blah, blah. Right. You know, you do sort of wonder if there's going to be a sort of type of person filling these roles who's going to have similar things to say about the Canadians or the Brits or us. Right. So I, yeah, it's, it doesn't give you a good feeling as a, you know, we live in Australia, a five eyes partner country and as Australians doesn't exactly give you, you know, warm and fuzzy feelings.
[10:50]
Tom Uren
Yeah. So the, I think there's lots of problems that transcend the, you know, whoever is the head of nsa. But I think ns that that head in the past has been a kind of a friendly figure. You could talk to and get at least some reassurance. I think that probably likely will not continue in the future.
[11:12]
Patrick Gray
I mean, I think though, the saving grace here is that the Five Eyes alliance is very strong and the level of integration between these agencies is, you know, it's real. It's absolutely a real alliance. And I think to undermine it would probably take quite a lot of time. But we have seen from this administration, they don't mind doing very disruptive things. Like we are recording this on the day where I think there's been a partial walk back on tariffs that have just created market chaos all around the world. So they don't seem very concerned with doing very disruptive things. So while I have had confidence in the Five Eyes alliance's ability to just sort of go on and survive political changes in the United States, I got to say, my confidence there may be eroding somewhat.
[12:00]
Tom Uren
Tom, I think, I think it's. That is the rational feeling to have. Like, you are absolutely right. It's a long lasting partnership. The chances that it disappears overnight are zero. Yet at the same time, partnerships require good faith behavior by all sides.
[12:19]
Patrick Gray
They don't buy our beef. Kick them out of Five Eyes. I mean, you can totally see that happening. We haven't sold them a single hamburger. Those Australians, because of their biosecurity trade barrier, cut them off. I mean, you could see that happening. Right.
[12:34]
Tom Uren
Well, it's pretty much what happened with Canada and what is it? C Sec.
[12:39]
Patrick Gray
So, well, they didn't get kicked out. I mean, that was just someone floated it as an idea and then it was quickly walked back. Right. So. But yeah, I mean, look, the thing we keep coming back down to here is the sort of unpredictability of everything that's going on at the moment.
[12:53]
Tom Uren
Yeah, that's right.
[12:54]
Patrick Gray
And putting in a civilian head handpicked MAGA into NSA probably just adds to that sense of volatility. I think that's where we're landing here. Right?
[13:03]
Tom Uren
Yeah, exactly. Yep, yep.
[13:05]
Patrick Gray
Right. Well, look, let's move on to the next story, which is also sort of continuing in the same vein, which is the Trump administration is sort of signaling a walk back in a Biden era executive order. And this executive order sought to sort of regulate transatlantic data flows and keep, you know, EU businesses happy about using American technology. And as part of this EO, and you covered it at the time back in 2022 with us, you wrote about it at the time. But part of this, this EO said, well, you know, America's intelligence agencies will only spy on Europeans when it's really, really necessary and in the national interest and not just for funsies, as you put it, which funnily enough, like, you know, the United States isn't in the habit of spying on Europeans for funsies. So it was kind of a pointless executive order, but it was still sending a signal, Right, which is, you can trust us, we're not, you know, we're not going to abuse the privileged access we have as a result of being your technology partners and technology suppliers. So that's nice. I mean, I think you wrote at the time that it was sort of pointless, but also kind of nice and would provide people with some sort of reassurance. That reassurance seems to be going away. The Trump admin has fired all but one member of the Privacy and Civil Liberties Oversight Board, which oversees this EU US data track transfer framework, and it also oversees the intelligence community there. And they're just sort of making the sort of noises where they don't care about this sort of stuff. Right. And that is, I guess, pushing the Europeans a little bit more in that direction of wanting their own, you know, cloud tech stack.
[14:52]
Tom Uren
It feels like the Trump administration rescinded a huge swath of Biden executive orders. And this particular one, they've said we'll review it and we won't rescind. Felt like, to me, it's like, we really want to rescind this one, we want to get rid of it. And the reason they kept it is because basically all the transatlantic data flows rely on having this executive order in place. And it basically, like you said, it's, we will only do particular things for SIGINT intelligent collection. And we'll also set up this review and redress mechanism. So if you feel as an EU citizen that you've been unlawfully spied on by the us, you can appeal to this body. And they set up this court and the Privacy and Civil Liberties Oversight Board reviews the court. And I was looking at the, it's called the PCLOB is the acronym and there's only a single person on the PCLOB nowadays. So it's meant to be a five person bipartisan body set up by after 9, 11. And the poor woman just looks so lonely trying to by herself act like she's an entire board and she was in Europe visiting there. I'm sure it was a terrible job of, yeah, yeah, the Trump administration really cares about European civil liberties by herself. And the executive order was really, we'll do all these things, but because everything's classified, it's very hard for a European to have transparency into what's going on. So it was very much, we'll take it on faith that you'll implement these restrictions and, you know, we can appeal and you'll give us back something that says, yes, we've looked at your appeal and we've done something about it or not. And so that's very much a faith based approach to getting transatlantic data flows. And I think the problem is they haven't rescinded the eo, but there's just no faith left anymore. So it's not only the broader behavior of Trump and, you know, talk of annexing Greenland and stuff like that. It's also more, I guess, more granular things like the fact that the peak lob only has one member.
[17:24]
Patrick Gray
So the promises are starting to look a little, a little hollow. But, you know, with both of these stories. Right. So one thing I think when people are commenting on stuff like this, I think there's a mistake they make, which is they say, look, oh, Trump wants to get a civilian leader in NSA and he's going to turn it into his personal surveillance agency. That's not going to happen. Right? Like that can't happen quickly. Same with this sort of thing. Oh, we're going to kill, you know, data transfers across the Atlantic and whatever. So I find it much more, it's much more helpful, I think, to think about these sort of moves in terms of trends and trajectories. And in both of these stories, both of these items that we've examined, like the trajectories aren't good. And I just, I just think that's a more helpful way of, you know, analyzing this, is just looking at it in terms of, well, what's the direction? You know, you know, it's not like we're expecting a new end state in three months, but what's the direction here? You know, game it out, how long, you know, what's this going to look like in, you know, three, four or five years? And I think once you start gaming both of these out, you know, it's not going anywhere that I think is favorable really to anyone.
[18:31]
Tom Uren
Yeah. To me, it feels like this is not a plan to disrupt transatlantic data flows. Like, that's not a goal they have, the administration has. It's their objection is to regulation and restraint of American power. And this EO feels like it's a restraint of American power. They don't like it. They understand that they can't get rid of it, but at the same time, they're not invested in it, they're not.
[19:00]
Patrick Gray
Going to kill it, they're going to make it dead.
[19:04]
Tom Uren
So, and I think it's like a failure to recognize that not investing in it has second order consequences that we don't like. Like you have to like, you know, walk the walk and talk the talk. You can't just talk the talk and then ignore it. Walk in a totally different direction. So it doesn't seem like this is deliberately maligned. It feels like to me there's core beliefs that the administration has that this EO is cutting against and we don't like it, we understand why we need it, but we're not going to support it. And that is, I think, short sighted and it will end badly, particularly for us tech companies who have a lot of business in Europe.
[19:50]
Patrick Gray
Well, it's funny actually. Later, later today I will be publishing also to this YouTube channel and in the other podcast feed I'll be publishing a interview I did with Alex Damos and new United States public enemy number one, Chris Krebs talking about that, that very topic. And they seem to think that, yeah, there's change coming there. There's probably going to be some restructuring of the way American tech is delivered into European markets and whatnot. But yeah, this is certainly, certainly a big topic and, and, you know, something on everyone's minds. Look, we're going to wrap it up there. Tom, you're in. Thank you so much for joining me for that discussion. The newsletter this week is absolutely sensational. I'd really recommend people head over to Risky Biz to subscribe to it and we also publish the newsletters there. And of course you can even read Tom's newsletter on Lawfare where it is syndicated. But mate, yeah, great work this week. Fascinating stuff. And we'll do it all again next week.
[20:47]
Tom Uren
Thanks a lot, Patrick.