FROM: U.S. DEPARTMENT OF DEFENSE,
Nation Must Defend Cyber Infrastructure, Alexander Says
By Claudette Roulo
American Forces Press Service
WASHINGTON, June 28, 2013 - The United States must have a transparent debate on how it will protect itself in cyberspace, the director of the National Security Agency said yesterday.
"It is a debate that is going to have all the key elements of the executive branch -- that's DHS, FBI, DOD, Cyber Command, NSA, and other partners -- with our allies and with industry," Army Gen. Keith B. Alexander told an audience at the Armed Forces Communications and Electronics Association International Cyber Symposium in Baltimore.
Everyone involved must figure out how to work together as the cyber threat grows, said Alexander, who also commands U.S. Cyber Command.
In August, the Saudi Aramco oil company was hit with a destructive attack that destroyed the data on more than 30,000 systems, he said. In September, distributed denial of service attacks began on the U.S. financial sector, and a few hundred disruptive attacks have occurred since.
In March, destructive cyberattacks took place against South Korea, the general said.
"If you look at the statistics and what's going on, we're seeing an increase in the disruptive and destructive attacks. And I am concerned that those will continue," he said. "As a nation, we must be ready."
Over the past few years, there has been a convergence of analog and digital data streams, Alexander said. Now, everything is on one network -- information sent by terrorists, soldiers and school teachers travels through the same digital pipelines.
The cyber world is experiencing an exponential rate of change, he said. "It's wonderful," he added. "These capabilities, I think, are going to help us solve cancer. This is a wonderful opportunity."
But, he said, cyberspace also has vulnerabilities. "We're being attacked," Alexander said. "And we've got to figure out how to fix that."
The key to the nation's future in cyber is a defensible architecture, he said, embodied for the Defense Department by the Joint Information Environment. In that environment, mobile devices will securely connect with fixed infrastructure across the services in a way that allows the department to audit and take care of its data much better than it could do in the legacy systems, Alexander said.
The need to create one joint integrated cyber force is "a great reason for having NSA and Cyber Command collocated," Alexander said. Both are based on Fort Meade, Md.
"We can leverage the exceptional talent that the people at NSA have to help build that force," he added, "and that's superb."
A PUBLICATION OF RANDOM U.S.GOVERNMENT PRESS RELEASES AND ARTICLES
Showing posts with label GEN. ALEXANDER. Show all posts
Showing posts with label GEN. ALEXANDER. Show all posts
Monday, July 1, 2013
Monday, March 18, 2013
CYBERCOMMAND ON OFFENSE AND DEFENSE
Credit: U.S. Navy. |
Cybercom Builds Teams for Offense, Defense in Cyberspace
By Cheryl Pellerin
American Forces Press Service
WASHINGTON, March 12, 2013 - As escalating rounds of exploits and attacks mar the strategic landscape of cyberspace, U.S. Cyber Command is standing up a highly trained cadre focused on national defense in that domain, the Cybercom commander told Congress today.
Army Gen. Keith B. Alexander told the Senate Armed Services Committee that the command is developing teams that will protect the nation's interests in cyberspace, along with tactics, techniques and procedures, and doctrine describing how the teams will work in that environment.
"These defend-the-nation teams are not defensive teams, these are offensive teams that the Defense Department would use to defend the nation if it were attacked in cyberspace," said Alexander, who also serves as National Security Agency director. "Thirteen of the teams we're creating are for that mission set alone. We're also creating 27 teams that would support combatant commands and their planning process for offensive cyber capabilities."
Cybercom also has a series of teams that will defend DOD networks in cyberspace, the general said.
The intent at Cybercom is to stand up roughly one-third of the teams by September, the next third by September 2014, and the final third by September 2015, he added.
"Those three sets of teams are the core construct for what we're working on with the services to develop our cyber cadre," he said, adding that the effort is on track thanks to efforts by the service chiefs, who are pushing the initiative.
Training is key to the teams' development, the general said. "The most important partnership we have with NSA and others is in ensuring that training standards are at the highest level," he added.
Alexander told the panel that, from Cybercom's perspective, the environment on the strategic landscape of cyberspace is becoming more contentious.
"Cyber effects are growing. We've seen attacks on Wall Street -- 140 over the last six months -- grow significantly. In August, we saw a destructive attack on Saudi Aramco, where data on over 30,000 systems was destroyed," he said.
In industry, the antivirus community of companies believes attacks will increase this year, Alexander said, "and there's a lot we need to do to prepare for this."
The general said command and control is an important part of Cybercom's cyber strategy. Combatant commands and service chiefs are looking at the command and control of working together, he said.
"We've done a lot of work on that, and have ironed out how the joint cyber centers at each combatant command will work with Cyber Command, how we push information back and forth, and how we'll have operational and direct support of teams operating in their areas," Alexander said. "We'll have more to do on this as the teams come online."
Another important part of the strategy is situational awareness, the general said, or seeing an attack unfold in cyberspace.
"Today, seeing that attack is almost impossible for the Defense Department," he said. "We would probably not see an attack on Wall Street -- it's going to be seen by the private sector first, and that [highlights] a key need for information sharing."
Such sharing has to be real-time from Internet service providers to the Defense Department, the Department of Homeland Security and the FBI, all at the same time, the general said.
"If we're going to see [an attack] in time to make a difference, we have to see it in real time," he said. And companies that are sharing the information with the Defense Department have to have protection against privacy lawsuits from customers and other potential liabilities, he added.
Legislation that would have provided some of these protections along with a national cybersecurity framework failed to pass the Senate in August, and in an Executive Order signed Feb. 12, President Barack Obama directed federal departments and agencies to use existing authorities to provide better cybersecurity for the nation.
"The Executive Order issued last month is a step in the right direction, but it does not take away the need for cyber legislation," Alexander said, pointing out that that civil liberties, oversight and compliance are critical for Cyber Command and NSA in operating in cyberspace.
"We take that requirement sincerely and to heart, ... [and] we can do both -- protect civil liberties and privacy and protect our nation in cyberspace," he said. "That's one of the things we need to educate the American people about."
Cyber Command experts also are building an operational picture the command would share with combatant commands, the DHS, the FBI and other national leaders, and the command also is working hard on authorities and policies related to DOD activities in cyberspace, Alexander said.
"This is a new area for many of our folks, especially within the administration, within Congress and for the American people," he acknowledged. "We're being cautious in ensuring that we're doing that exactly right and sharing the information we have with Congress."
No one actor, the general added, "is to blame for our current level of preparedness in cyberspace."
"We must address this as a team, sharing unique insights across government and with the private sector," he added. "We must leverage the nation's ingenuity through an exceptional cyber workforce and rapid technological innovation."
The U.S. government has made significant strides in defining cyber doctrine, organizing cyber capabilities and building cyber capacity, Alexander told the panel.
"We must do much more to sustain our momentum," he added, "in an environment where adversary capabilities continue to evolve as fast as or faster than our own."
Tuesday, February 19, 2013
CYBERSECURITY AND U.S. CYBER COMMAND
CYBER COMMANDER GEN. ALEXANDER |
Cybercom Commander Calls Cybersecurity Order First Step
By Army Sgt. 1st Class Tyrone C. Marshall Jr.
American Forces Press Service
WASHINGTON, Feb. 13, 2013 - The cybersecurity policy President Barack Obama announced during his annual State of the Union address is a step toward protecting the nation's critical infrastructure, the commander of U.S. Cyber Command said here today.
Army Gen. Keith B. Alexander, also director of the National Security Agency, joined senior U.S. officials from the White House and the Commerce and Homeland Security departments to discuss strengthening the cybersecurity of the country's critical infrastructure.
"We need a way of sharing information between government and industry -- both for information sharing and hardening our networks," he said. "I think what we're doing in the executive order tackles, perhaps, the most difficult issue facing our country: How do we harden these networks when, across all of industry and government, those networks are in various states of array? We've got to have a way of reaching out with industry and with government to solve that kind of problem."
The general said the new cybersecurity policy is important to strengthening the country's defenses against cyberattacks. "The systems and assets that our nation depends on for our economy, for our government, even for our national defense, are overwhelmingly owned and operated by industry," he explained. "We have pushed hard for information sharing."
Private-sector companies have the information they need to defend their own networks in a timely manner, he said. "However, information sharing alone will not solve this problem," he added. "Our infrastructure is fragile." The executive order Obama signed to put the new cybersecurity policy into effect sets up a process for government and industry to start to address the problem, the general said.
But although the president's new executive order helps to bring about some solutions, Alexander said, it isn't comprehensive.
"This executive order is only a down payment on what we need to address the threat," he said. "This executive order can only move us so far, and it's not a substitute for legislation. We need legislation, and we need it quickly, to defend our nation. Agreeing on the right legislation actions for much-needed cybersecurity standards is challenging."
The executive order is a step forward, though, because it creates a voluntary process for industry and government to establish that framework, Alexander said.
"In particular, with so much of the critical infrastructure owned and operated by the private sector, the government is often unaware of the malicious activity targeting our critical infrastructure," he said. "These blind spots prevent us from being positioned to help the critical infrastructure defend itself, and it prevents us from knowing when we need to defend the nation."
The general noted government can share threat information with the private sector under this executive order and existing laws, but a "real-time" defensive posture for the military's critical networks will require legislation removing barriers to private-to-public sharing of attacks and intrusions into private-sector networks.
"Legislation is also necessary to create incentives for better voluntary cooperation in cyber standards, developments and implementation," he said, "and to update and modernize government authorities to address these new cyber threats."
Alexander warned that potential cyber threats to the United States are very real, pointing to recent examples.
"You only have to look at the distributed denial-of-service attacks that we've seen on Wall Street, the destructive attacks we've seen against Saudi Aramco and RasGas, to see what's coming at our nation," Alexander said. Now is the time for action, he said, and the new executive order takes a step in implementing that action.
In his role as director of the NSA, Alexander said, he is fully committed to the development of the cybersecurity framework.
"We do play a vital role in all of this, and in protecting DOD networks and supporting our combatant commands and defending the nation from cyber-attacks," he said. "But we can't do it all. No one agency here can do it all. It takes a team in the government."
And the government cannot do it by itself, either, he added. "We have to have government and industry working together as a team," he said.
Subscribe to:
Posts (Atom)