my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

The People Who Built America's Cyber Arsenal Say We're Losing. They're Probably Right.

John Z Black Mar 29, 2026 Policy, Law & Governance #nsa #rsac #cyber-deterrence #doge #national-security #policy #paul-nakasone #whistleblower

When four former NSA directors take the stage together at RSAC, it’s not a panel. It’s a reckoning.

Gen. Paul Nakasone, who led NSA and US Cyber Command from 2018 to 2024, was there. Gen. Timothy Haugh, recently departed from NSA leadership, was there. Two more former directors joined them. These are the people who built and handed off America’s most sophisticated cyber capabilities. Their collective message was not reassuring.

Nakasone’s line was the one that landed: “I think we’ve become numb to it.” He’s talking about the American public’s relationship with cyber incidents. The breaches, the intrusions, the critical infrastructure probes, the ransomware attacks on hospitals and schools and water systems. We read about them. We absorb them. We move on. No sustained pressure, no political consequence, no demand for accountability that sticks. And in that vacuum, adversaries have learned they can operate in American systems with relatively low risk of serious consequences.

The panel debated what cyber incident would trigger a kinetic US response. They didn’t reach consensus. That ambiguity is operational. Adversaries read these signals. If the people who ran NSA can’t agree on where the line is, there’s a reasonable chance adversaries have correctly concluded there isn’t one that matters.

The same week this conversation was happening at RSAC, a federal whistleblower alleged that a former DOGE engineer removed Social Security Administration data on a thumb drive. The SSA Inspector General’s office opened a formal investigation. Everything that follows is alleged, but the security concerns are worth naming regardless: removable media, access that hadn’t gone through standard vetting, no clear audit trail. SSA data is sensitive. Social Security numbers, benefit records, identity-linking information for millions of Americans.

This is what “numb to it” looks like from inside government. Not a dramatic espionage operation. Just a thumb drive, a gap in access controls, and a whistleblower who felt they had to say something because the normal channels didn’t seem to be working.

Nakasone’s diagnosis isn’t defeatism. The path forward requires the public, the press, and policymakers to stay engaged with cyber threats long enough to demand something better than the status quo. That requires attention. And attention, apparently, is exactly what we’ve run out of.

Read the full analysis of the RSAC panel and what it means for US cyber posture