Ex-NSA Directors Discuss 'Red Line' for Offensive Cyberattacks

CYBER RISK PHYSICAL SECURITY CYBERATTACKS & DATA BREACHES CYBERSECURITY OPERATIONS NEWS Ex-NSA Directors Discuss 'Red Line' for Offensive Cyberattacks Four former NSA chiefs representing a near-complete history of US Cyber Command debated and discussed the role of offensive cyber in the government. Alexander Culafi,Senior News Writer,Dark Reading March 25, 2026 5 Min Read SOURCE: ALEXANDER CULAFI RSAC 2026 CONFERENCE – San Francisco – When it comes to cyberattacks, what crosses the "red line" and justifies a kinetic response? That was one of the major questions posed to four former National Security Agency (NSA) directors and US Cyber Command leaders, who weighed in on the US government's offensive cybersecurity strategy as part of a keynote panel at RSAC 2026 Conference on Tuesday. The keynote, titled "Inside Offensive Cyber: Lessons from Four NSA Directors" featured Tim Haugh, Paul Nakasone, Mike Rogers, and Keith Alexander. Alexander was appointed by former President Barack Obama to establish and lead the US Cyber Command, and was succeeded in the post by Rogers, Nakasone, and Haugh, respectively.  The panel followed the release of President Donald Trump's cyber strategy earlier this month, which prioritized offense and deterrence. Offensive cyber in a military context covers a wide range of activity. It can include taking down threat actor infrastructure and conducting surveillance against adversaries (as the US has been repeatedly accused of doing against China and others). It also includes attacks like Stuxnet, which caused major damage to Iran's nuclear program and has been attributed to US and Israel, though neither government has formally confirmed involvement. Related:Why a 'Near Miss' Database Is Key to Improving Information Sharing The 50-minute discussion, moderated by venture capitalist Ted Schlein, covered a wide range of topics, such as how the US's view toward offensive cyber has evolved over time from a more secretive concept to something public facing. The panelists also discussed how the NSA became the basis of US military cyberwarfare, the evolving (and increasing) role of the private sector, and the idea that offensive capabilities are necessary to defend the country.  Alexander said early detractors of the US's move into offensive cyber argued against the Internet becoming a place for warfare. "It already is," he said. "Because it is, we have to be the best at it, because our nation is the most digitized nation in the world." While much of the conversation was generally in support of offensive cyber actions, two of the most interesting questions involved whether the US government still cares about cyber, and what the so-called "red line" is where a cyberattack may be met with kinetic military force (something the Obama administration reserved the right to do back in 2011). The Red Line of Offensive Cyber During the discussion, Schlein asked about how government officials determine where the red line is for cyberattacks that reach a certain level of severity. Related:With Government's Role Uncertain, Businesses Unite to Combat Fraud Nakasone put it bluntly. "Whatever the president says [the red line] is, that's it at the end of the day," he said. "That's the determination, and we can all think what it is, but he's the one that determines whether or not we're going to take some type of distinct action based upon this." Rogers added to this, saying that, when working with President Obama, the former commander advocated in favor of establishing criteria for when kinetic response may be appropriate, such as when a cyberattack directly causes loss of life. Speaking to the broader topic of responding to adversaries, Haugh said that what all commanders would do in these cases is to "give options to our policymakers" for varying levels of response and the associated risk, so that others can take that counsel based on what decisionmakers may be comfortable with. Alexander said that, as a commander, "you need to give the president and the National Security Council flexibility to respond." What you don't want, he said, is to have hard rules that leave no room for flexibility or context, because there may be situations where the president decides that, for example, launching missiles as a response to a cyberattack isn't the best course of action, even if that attack fits a certain criteria. To that end, Alexander argued against having legislation that codifies such policies into laws, because "you don't want Congress legislating something that they don't really understand." Related:Researchers: Meta, TikTok Steal Personal & Financial Info When Users Click Ads Does the US Still Care About Cyber? At one point, Schlein asked, "Does this country care that much about cyber?" It's a question worth asking in the wake of CISA facing massive layoffs (like other federal agencies) and the Cyber Safety Review Board getting effectively shuttered shortly after Trump's inauguration.  At this year's RSAC Conference, the US government had effectively zero official presence compared to a fairly prominent one in previous years. Agencies abruptly pulled out of the show as former CISA Director Jen Easterly was hired as RSAC CEO back in January. There were some different approaches to this question. Alexander was more diplomatic, saying, "I think the key players in cyber continue to do what they need to do and train, get ready and do their operation. … My experience is they're out there working just as hard as they ever were and they're progressing." Rogers was more directly critical of the current administration. "I see a private sector that is very network owners that are very energized and focused. I see a government that's unwilling to expend political capital to really drive fundamental change in cyber," he said. "And it's a reflection of the fact that, politically, we are so divided and as a society, we are so divided. Think about it, we're the largest economy in the world. We don't have a single federal data privacy framework. We don't have a single major piece of cyber legislation, and compare that with the rest of the Five Eyes as examples." Rogers said the situation "frustrates the hell out of me personally," adding that there's a notable lack of cooperation between the government and the cybersecurity industry. "We need political leadership synchronized with the private sector to get where we need to go," he said. "And neither can do it by themselves. It just isn't there." RSAC Conference MAR 23, 2026 TO MAR 26, 2026 Join thousands of your peers at RSAC™ 2026 Conference in San Francisco from March 23–26. Discover new strategies, explore bold technologies, and connect with peers who share your challenges and ambitions. Don’t just attend the Conference—be part of the community that defines what’s next. SECURE YOUR SPOT About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBER RISK US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity by Alexander Culafi JAN 05, 2026 CYBER RISK Switching to Offense: US Makes Cyber Strategy Changes by Robert Lemos, Contributing Writer NOV 21, 2025 CYBER RISK Microsoft Exchange 'Under Imminent Threat,' Act Now by Arielle Waldman NOV 12, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ CYBER RISK What Orgs Can Learn From Olympics, World Cup IR Plans byTara Seals MAR 12, 2026 THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE