Apply Now to Attend Nexus Conference 2025
Claroty Nexus Logo
Topics:
See all in Cyber Resilience See all in Articles
See all in Videos
See all in Podcasts
Adm. Michael S. Rogers, USN (Ret.) joins the Nexus podcast to discuss the Biden administration's National Cybersecurity Strategy, and its themes of cyber resilience and critical infrastructure protection.
Cyber Resilience
Healthcare
Industrial
Operational Resilience
Risk Management

Nexus Podcast: Adm. Michael Rogers on Deterrence in Cyberspace

Michael Mimoso
/
Oct 2, 2025

Subscribe and listen to the Nexus podcast on your favorite platform.

As adversaries continue to aggressively encroach on U.S. critical infrastructure, it’s becoming blatantly obvious to experts that deterrence in cyberspace on the part of the government or asset owners and operators isn’t working. 

China’s state-sponsored activity—the so-called Typhoons, Volt Typhoon and Salt Typhoon—have been alleged to have embedded malicious code in CI networks for the purposes of activating these offensive tools during a time of military conflict for example, not only causing destruction on electric or water systems for example, but also sowing chaos among society. 

This is a bold, strategic shift, and China is not alone. According to Adm. Michael Rogers (Ret. USN), U.S. defensive strategies have not been effective in warding off this threat. 

“Clearly we haven't achieved [deterrence in cyberspace],” Rogers said on the Nexus Podcast. “If you accept the premise that deterrence is the concept that you can change an adversary's behavior, you can change an adversary's mind about their willingness to do something, you can deter them from doing something. Therefore, if you can change an adversary or another actor's strategic calculation and deter them from engaging in activities that are of concern, for example, to the U.S., hey, that's a positive. That's been the goal.”

Intent or Will to Deter Adversaries is the Key

Rogers, former Director of the National Security Agency from 2014 to 2018, says that isn’t the current reality—and that it may be our own self-imposed rules of engagement that are posing challenges to our efforts to deter adversary activity. 

“I don't think any nation in the world has managed so far to … achieve cyber deterrence, if you will, I think in part because deterrence broadly is a combination of capability and intent or will,” Rogers said. “So the capability side is: how can you convince an adversary either that your cyber defenses, cybersecurity, cyber resilience is so high that they're probably not going to succeed? Or how do you convince them that your capabilities to respond to that kind of activity is such that you could make this very painful for them if they were to choose some things that you don't want?”

Rogers added that current approaches of hardening systems as a means of trying to convince adversaries it was too challenging to breach assets and networks isn’t a viable strategy. 

“I never thought that was the way we were going to deter them,” Rogers said. “I thought our best hope for deterrence was to highlight to other nations we have the capability to respond in a like manner or even potentially with greater capability, combined with, and I want you to understand we have the will to do so, that if you continue down this road, we not only have the capability to respond, but we are prepared to respond. I think it's the latter portion, this idea of will or intent. That's where we just haven't done enough.”

Reauthorization of CISA15

In this episode, Rogers also discusses the expiration of the Cybersecurity Information Sharing Act of 2015 (CISA 15) on Sept. 30. The legislation facilitated the bidirectional flow of information between the government and private sector on cybersecurity incidents. While Rogers said he believes the act will be reauthorized in time, there are experts believe that any prolonged period without it in place threatens national security, privacy, and innovation. 

“The challenge is, it's gotten caught in a broader political discussion about what’s CISA's role? What information should CISA be providing? What broader set of activities should CISA be engaged in? So it's taken on a bigger context than the specifics, if you will,” Rogers said. “It's not a silver bullet. I’m not going to say the sky is falling, this is the worst thing that could happen, but I will say, look, ‘This was a significant benefit both to the private sector, but also because I always liked the fact it facilitated a two way flow of information.’ 

“I wanted to learn as much as I could for the private sector. As much as I wanted to provide the private sector with insight, I also wanted to learn from them. So I liked the idea that we were moving information back and forth. I suspect the impact of this is decreased information flow, less threat warning information coming out of the government. I’m not going to say it all stops, but there'll be less of it.”

Cyber Resilience
Healthcare
Industrial
Operational Resilience
Risk Management
Michael Mimoso
Editorial Director

Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.

Stay in the know Get the Nexus Connect Newsletter
Subscribe
Listen on Apple Podcasts. Listen on Spotify Podcasts.
Share
LinkedIn Twitter Facebook Email
Featured Articles
Considerations for Medical Device Vulnerability Remediation Technical Debt in OT Environments: How It's Different and Why it Matters The Purdue Model's Risky Blindspot
Featured Videos
Browse by Topics
Cyber Resilience Cybersecurity Insurance Federal Food & Beverage Healthcare Industrial Internet of Things Nexus Conference Operational Resilience Operational Technology Ransomware Risk Management Technical Debt Vulnerability Management Zero Trust
You might also like… Read more
On the Nexus Podcast, former Commonwealth of Pennsylvania CISO and current Black Kite CSO Bob Maley discussed the resource challenges facing not only critical infrastructure asset owners and operators, but also how those challenges are impacting risk-management efforts in critical industries.
Risk Management
Technical Debt
Cyber Resilience
Healthcare
Industrial
Internet of Things

Nexus Podcast: Bob Maley on Critical Infrastructure Resource Challenges

Michael Mimoso
Pankaj Goyal, Chief Operating Officer of Safe Security, joins the Nexus Podcast to discuss the nuances of protecting OT environments, and how cyber insurance must adapt as OT and cyber-physical systems are connected online and increasingly exposed to attackers.
Cybersecurity Insurance
Risk Management

Nexus Podcast: Pankaj Goyal on Cyber Insurance for OT Environments

Michael Mimoso
Rui Adaite, Managing Security Consultant at GuidePoint Security, joined the Nexus Podcast recently to discuss the nuances of ransomware negotiations, how negotiations work, and the ins and outs of interacting with ransomware gangs.
Ransomware
Cyber Resilience
Industrial
Healthcare

Nexus Podcast: Rui Ataide on Ransomware Negotiations and Recovery

Michael Mimoso
Trend Micro Senior Threat Researcher Salvatore Gariuolo joined the Nexus Podcast, calling int question whether the ISO 15188 standard is sufficient enough to protect EV charging—the cybersecurity of charging stations in particular.
Internet of Things
Vulnerability Management
Risk Management

Nexus Podcast: Salvatore Gariuolo on ISO 15118, Safe EV Charging

Michael Mimoso
noam-moshe-headshot-1734963804.jpeg
Internet of Things
Vulnerability Management
Risk Management

Nexus Podcast: Noam Moshe on Hacking Video Surveillance

Michael Mimoso
In this episode of the Nexus Podcast, BitDefender Director of IoT Security Dan Berte joins to discuss research his team conducted on the security of two solar power management platforms responsible for 20 percent of the planet’s solar power output.
Internet of Things
Vulnerability Management
Risk Management

Nexus Podcast: Dan Berte on Solar Grid and IoT Vulnerabilities

Michael Mimoso
On this episode of the Nexus Podcast, Vivek Ponneda, SVP Growth & Strategy at Frenos, discusses the maturity and evolution of OT security as a practice, and advises that organizations need to leverage these data-rich environments in order to bring necessary context to threat and risk management efforts

Nexus Podcast: Vivek Ponnada on the Need for Context in OT Security

Michael Mimoso
In this episode of the Claroty Nexus Podcast, Austin Allen, Sr. Director of Global Solutions Architecture at Airlock Security, discusses the cybersecurity challenges facing healthcare delivery organizations, and the potential negative impacts of a breach or incident on patient care.
Healthcare
Vulnerability Management
Risk Management

Nexus Podcast: Austin Allen on Healthcare Cybersecurity and Patient Safety

Michael Mimoso
Gentry Lane, founder of Nemesis Global, joins the Nexus Podcast to discuss how a Cold War tactic known as Salami Cuts is being used against U.S. critical infrastructure. Adversaries who cannot operate on equal footing on a kinetic battlefield, are finding cyberspace to be a level playing field. The use of salami tactics is a strategy of gradually degrading an opposition's dominance by instilling distrust in institutions, utilities, or the government's ability to protect us.
Cyber Resilience
Risk Management
Industrial
Healthcare

Nexus Podcast: Gentry Lane on the Use of 'Salami Cuts' in Cyber Conflict

Michael Mimoso
In this episode of the Nexus Podcast, Pedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. ATG devices have sets of sensors that measure and record fuel levels, condensation, temperature, and volume in storage tanks. They are critical because they can be used to monitor for leaks, and can trigger alerts, sirens, perform emergency shutoff procedures, or allow for ventilation if necessary.
Industrial
Operational Resilience
Operational Technology
Vulnerability Management

Nexus Podcast: Pedro Umbelino on Exploiting ATG Devices in Fuel Storage

Michael Mimoso
Steven Sim, the chair of the OT ISAC advisory committee, joins the Nexus Podcast for an in-depth conversation about the state of the OT-ISAC, information-sharing, and why organizations are prospering from this channel from not only sharing, but community initiatives, including conferences, and training opportunities for OT engineers and cybersecurity practitioners.
Operational Technology
Operational Resilience
Cyber Resilience
Vulnerability Management

Nexus Podcast: Steven Sim on OT-ISAC and Cybersecurity Information Sharing

Michael Mimoso
Sarah Fluchs revisits the progress and adoption of the Top 20 Secure PLC Coding Practices list.
Cyber Resilience
Risk Management
Vulnerability Management

Nexus Podcast Episode 100: Sarah Fluchs on the Cyber Resilience Act

Michael Mimoso
Latest on Nexus Podcast
See all episodes
The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.
Adm. Michael S. Rogers, USN (Ret.) joins the Nexus podcast to discuss the Biden administration's National Cybersecurity Strategy, and its themes of cyber resilience and critical infrastructure protection.
Cyber Resilience
Healthcare
Industrial
Operational Resilience
Risk Management

Nexus Podcast: Adm. Michael Rogers on Deterrence in Cyberspace
On the Nexus Podcast, former Commonwealth of Pennsylvania CISO and current Black Kite CSO Bob Maley discussed the resource challenges facing not only critical infrastructure asset owners and operators, but also how those challenges are impacting risk-management efforts in critical industries.
Risk Management
Technical Debt
Cyber Resilience
Healthcare
Industrial
Internet of Things

Nexus Podcast: Bob Maley on Critical Infrastructure Resource Challenges
Pankaj Goyal, Chief Operating Officer of Safe Security, joins the Nexus Podcast to discuss the nuances of protecting OT environments, and how cyber insurance must adapt as OT and cyber-physical systems are connected online and increasingly exposed to attackers.
Cybersecurity Insurance
Risk Management

Nexus Podcast: Pankaj Goyal on Cyber Insurance for OT Environments