President Trump’s early tenure has been marked by reports of slipshod cybersecurity practices, and dysfunction among the country’s intelligence agencies. But behind the scenes, Trump has shown he is attuned to hacking threats, and prepared to defend the U.S. in cyber-space, according to the former head of the National Security Agency.
Speaking at a breakfast in San Francisco on Tuesday morning, retired General Keith Alexander described a recent meeting at which the President discussed cybersecurity issues with members of his inner circle. According to Alexander, Trump’s behavior shifted significantly once members of the media left the event.
“The President’s demeanor changed to what you would expect of a corporate CEO,” said Alexander. “The part that struck me was he listened. He took what they said, restated it, went on to next thing and allowed everyone to talk.”
The gathering reportedly included Trump, adviser Jared Kushner, Defense Secretary James Mattis, former New York City mayor Rudy Giuliani, and others.
Alexander also said Trump’s comportment in the meeting was “the president our nation needs to see,” and expressed confidence Trump would be able to develop a comprehensive strategy to combat cyber threats.
The remarks come at a time of ongoing tumult among White House security staff—most notably the sudden resignation of National Security Adviser Michael Flynn on Monday—and are at odds with earlier news reports that portrayed Trump as sometimes cavalier about what he famously called “the cyber” in a presidential debate last fall.
On the question of Flynn’s resignation, Alexander said he was not aware of what occurred behind the scenes, only stating he was sure the White House had good reasons to back the departure.
Alexander’s assessment of Trump and cybersecurity is significant in part because as the former head of the country’s top spy agency, he presided over a controversial set of intelligence gathering techniques that were exposed by former NSA contractor Edward Snowden in 2013.
Get Data Sheet, Fortune’s technology newsletter.
In addressing the breakfast, hosted by the State of Maryland during the RSA security conference, Alexander also spoke about the challenge of balancing privacy and security, and the wisdom of “hacking back” against other countries.
‘You’d Kick North Korea’s butt’
The pervasive hacking conducted by countries like North Korea and China is a source of ongoing frustration for companies, and has led some to suggest the private sector should retaliate with cyber-attacks of their own.
Alexander, however, believes such retaliation is possible but ill-advised. Using Sony (SNE) as an example, he explained could easily avenge North Korea’s devastating attack of 2014 by “hacking back,” perhaps with the discreet aid of U.S. defense contractors.
“You’d kick North Korea’s butt—wipe out their seven computers and we would be done with it,” he said about a hypothetical Sony counter-strike. “But here’s the problem. North Korea assumes it’s a government attack and they escalate. They throw artillery into Seoul and we’ve started a land war on the Korean peninsula, even if it started with a company trying to protect themselves.”
Instead of companies taking cyber retaliation into their own hands, Alexander instead argues it’s the government’s job to address these issues as part of its larger mandate to defend the United States. He said this should include assistance to build “cyber domes” across key industrial sectors, and “network speed” threat coordination between government and the private sector.
“Cyber has become an element of national power,” he said, alongside traditional diplomatic, military, and economic initiatives.
Surveillance but ‘no back doors’
One of the most difficult cybersecurity tasks for the Trump administration will be how to address a new generation of device and communication tools that are all but impossible to spy on. Fueled in part by Edward Snowden’s revelations, Apple (AAPL) and other companies began introducing encryption features that can’t be broken by law enforcement or even accessed by the companies themselves.
Last spring, encryption was at the heart of a hugely publicized court fight between Apple and the FBI, which sought access to a locked iPhone owned by a terrorist responsible for the San Bernardino massacre. (The stand-off ended abruptly after the FBI succeeded in unlocking the iPhone on its own account, but the issue is likely to return again soon in light of newer versions of the iPhone with even stronger security measures).
According to Alexander, the trouble with ubiquitous encryption is that terrorists can plan in perfect secrecy. Alexander cited a 2009 plot to blow up the New York City subway that was foiled after intelligence agencies intercepted an email—something that would not have been possible if the plotters had used today’s encryption tools, he noted.
Any solution that gives spy services a window into encrypted communication is problematic, however, because it can involve weakening the overall security of a device or messaging service. Such an outcome—especially in the form of a “back door” that lets law enforcement get around encryption—is fiercely opposed by the tech community, which points out any such back door will also be exploited by criminals or repressive governments.
Alexander acknowledged this tension, but did not offer a specific solution.
“I’m not for back doors but I don’t buy the fact we can’t [have both privacy and security],” Alexander said. “We have to drive two groups together and force them to work on this. I don’t think we should accept fact people die because we’re intractable.”