Detailed Summary of "Srsly Risky Biz: Special guests Rob Joyce and Andy Boyd on offensive cyber"

Podcast Information:

• Title: Risky Bulletin
• Host/Author: risky.biz
• Description: Regular cybersecurity news updates from the Risky Business team...
• Episode: Srsly Risky Biz: Special guests Rob Joyce and Andy Boyd on offensive cyber
• Release Date: May 15, 2025

1. Introduction to the Episode and Guests

The episode kicks off with host Patrick Gray introducing the special edition of the "Seriously Risky Business" podcast. Unlike the usual format featuring Tom Uren discussing his newsletter, this episode features an in-depth conversation with two high-profile former intelligence officials:

• Rob Joyce: Former CyberSecurity Director at the NSA and former advisor on cyber during the Trump administration.
• Andy Boyd: Former head of the Center for Cyber Intelligence at the CIA.

Gray sets the stage by highlighting the shift in focus towards offensive cyber operations, the impact of recent governmental changes on agencies like the NSA and CIA, and the integration of artificial intelligence in intelligence work.

Notable Quote:

"We brought together a couple of fantastic guests to have really a conversation about offensive cyber and what's happening with US Government intelligence agencies in the age of the Trump White House." — Patrick Gray [00:06]

2. Government Staffing Changes in NSA and CIA

Rob Joyce opens the discussion by addressing significant staffing upheavals within U.S. intelligence agencies. He points out that while some agencies like CISA have faced extensive cuts, other parts of the NSA remain relatively stable. However, the removal of key leadership positions has led to uncertainty and a subsequent loss of talented personnel.

Notable Quote:

"There are very real things happening now. The good news is it doesn't progress that much farther down into NSA, but sister agency CISA. The best word I can use is eviscerated." — Rob Joyce [02:21]

Andy Boyd corroborates Joyce's observations from the CIA's perspective, noting that although there haven't been forced departures at the leadership level, several senior leaders are opting for voluntary early retirement to secure their benefits sooner. This trend is concerning as it leads to the loss of experienced and qualified individuals within the agency.

Notable Quote:

"They're really quality people. They're the kind of people that would frankly be qualified to take my former job as director for the center for Cyber Intelligence in a couple of years." — Andy Boyd [04:38]

3. Offensive Cyber Operations: Policies and Streamlining Efforts

The conversation delves into the Trump administration's approach to offensive cyber operations, specifically referencing National Security Presidential Memorandum (NSPM) 13. Joyce explains that NSPM 13 aimed to streamline the previously cumbersome interagency processes that hindered effective offensive cyber actions. By providing more mission-type orders and defining clear boundaries, NSPM 13 empowered Cyber Command to execute campaigns with greater agility.

Notable Quote:

"NSPM 13 gave a little bit more mission type orders, meaning you talk about what the end goals were. You define some left and right boundaries that gets pre coordinated and Then the title 10 Actors in Cybercom would then be able to do a campaign based around that approval and it was better." — Rob Joyce [07:31]

Andy Boyd adds that while the administration has clear national security priorities—such as focusing on China and combating drug cartels—there remains a gap in translating these grand strategies into actionable cyber operations. He emphasizes that cyber tools should complement, not replace, concrete national security policies.

Notable Quote:

"Cyber operations are not a panacea for a lack of a concrete national security policy. You have to actually apply them like you'd apply any other tool of national power." — Andy Boyd [06:05]

4. Active Defense vs. Offensive Cyber: Defining Boundaries and Strategies

Patrick Gray introduces the topic of active defense, which involves disrupting attacker infrastructure targeting U.S. interests. He queries whether active defense has become an accepted norm in cybersecurity practices. Rob Joyce likens active defense to a sports strategy—preventing opponents from scoring while simultaneously creating opportunities to score oneself.

Notable Quote:

"The active defense is the idea that we're going to challenge them and put friction into those operations so that they don't just get continual tries to get the goal." — Rob Joyce [23:37]

However, Joyce points out the significant communication and terminology gaps that exist when discussing offensive measures. The lack of clarity on what constitutes "active defense" versus "offensive cyber" leads to misunderstandings among policymakers and operatives alike.

Andy Boyd concurs, highlighting that varying interpretations of offensive actions can lead to ineffective or counterproductive strategies. He stresses the importance of establishing clear definitions to ensure cohesive and effective cyber operations.

Notable Quote:

"Beauty is in the eye of the beholder. And it even the term active defense means different things to different people." — Rob Joyce [23:37]

5. Cyber Threats to Critical Infrastructure: Vault and Salt Typhoon

The episode examines specific cyber threats like Vault Typhoon—a Chinese state-sponsored campaign targeting U.S. critical infrastructure—and Salt Typhoon in Australia. These operations involve pre-positioning attackers within vital systems to prepare for potential future disruptions.

Patrick Gray challenges the notion that responding to such threats should involve aggressive offensive measures, questioning whether the U.S. is adequately prepared to escalate its response without compromising its own infrastructure.

Notable Quote:

"We are not ready to for this fight, you know, so if we do escalate that way." — Patrick Gray [27:38]

Rob Joyce emphasizes the necessity of enhancing both defensive and offensive capabilities to impose significant costs on adversaries. He advocates for a more robust application of diplomatic and economic tools alongside cyber measures to deter hostile actions effectively.

Notable Quote:

"We need to be more muscular in all elements of imposing costs and response." — Rob Joyce [30:40]

Andy Boyd draws parallels between combating cyber threats from cartels and counterterrorism efforts, noting that although the nature of these threats differs, the strategic approach in utilizing intelligence and law enforcement remains crucial.

Notable Quote:

"These guys know what they're doing and they have huge business enterprises and they're sub state actors." — Andy Boyd [20:15]

6. Role of AI in Cyber Intelligence

The discussion shifts to the integration of artificial intelligence (AI) in cyber intelligence operations. Rob Joyce outlines how AI, particularly machine translation, has been instrumental in managing the vast amounts of data collected by intelligence agencies. AI aids in curating workloads, prioritizing critical information, and enhancing the efficiency of human analysts.

Notable Quote:

"AI augmenting people who have a base level of skill and accelerating them." — Rob Joyce [35:16]

Andy Boyd adds that AI serves as a productivity booster, freeing up analysts to engage in more complex and intellectually demanding tasks. He envisions AI handling routine data processing, thereby allowing intelligence personnel to focus on strategic decision-making and operational execution.

Notable Quote:

"If you could take that off an analyst plate and have them focus on much deeper intellectual activities, that is great." — Andy Boyd [38:36]

Patrick Gray echoes these sentiments by sharing an anecdote about how AI tools have enabled individuals to manage increased workloads efficiently, underscoring AI's role as a transformative productivity tool rather than a replacement for human expertise.

Notable Quote:

"It's amazing because it writes up perfect notes, then you just go through, correct the spelling of people's names and call it a day." — Patrick Gray [38:50]

7. Startups and the Intelligence Community: Opportunities through Q Tel

The conversation concludes with a focus on how startups can collaborate with the intelligence community to address technological needs. Rob Joyce highlights Q Tel as a pivotal platform where the NSA communicates its technological challenges to the venture community, fostering partnerships that drive innovation.

Notable Quote:

"NSA literally gives in Q Tel the list of problems that it's hoping to have solved and they then canvas the venture world and do annual conferences and other venues where they talk about what we're looking for and kind of mine and harvest those needs." — Rob Joyce [40:29]

Andy Boyd praises the U.S. startup ecosystem's dynamism, expressing confidence that future breakthroughs in intelligence technology will emerge from initiatives like Q Tel. He encourages entrepreneurs and innovators to engage with these platforms to develop solutions that align with national security objectives.

Notable Quote:

"I'm very confident that whatever that technology is, it's going to be invented in the United States or maybe Australia." — Andy Boyd [41:05]

8. Conclusion and Strategic Recommendations

As the episode wraps up, both Joyce and Boyd emphasize the importance of a balanced and strategic approach to cyber operations. They advocate for enhancing both defensive measures and offensive capabilities to effectively deter and respond to cyber threats. Additionally, they underscore the need for clear communication, well-defined operational boundaries, and robust collaboration with the private sector to bolster the nation's cybersecurity posture.

Notable Final Remarks:

"We have not really, we have not really leaned in on the diplomatic levers, the tariff levers, some of the sanctions levers, and a whole array of tools that are tools of statecraft." — Rob Joyce [32:45]

"The intelligence community is a supporting actor in that." — Andy Boyd [21:06]

Key Takeaways:

• Staffing Challenges: Significant cuts and leadership changes within agencies like CISA and CIA are leading to the loss of experienced personnel.
• Policy Evolution: NSPM 13 streamlined offensive cyber operations, allowing for more agile and mission-focused actions.
• Active Defense vs. Offense: Clear definitions and strategies are crucial to effectively balance defensive and offensive cyber measures.
• Critical Infrastructure Threats: Operations like Vault Typhoon highlight the need for enhanced defensive and offensive strategies to protect vital systems.
• AI Integration: Artificial intelligence plays a pivotal role in augmenting human analysts, improving efficiency, and managing large data sets.
• Startup Collaboration: Platforms like Q Tel facilitate collaboration between the intelligence community and startups, driving innovation in cybersecurity technologies.

This episode provides a comprehensive exploration of the current state and future directions of offensive cyber operations within the U.S. intelligence community. Through insightful discussions with former NSA and CIA officials, listeners gain a nuanced understanding of the challenges, strategies, and technological advancements shaping the cybersecurity landscape.