Alexander Cites Need for Greater Cyber Defenses

LINTHICUM, Md., Sept. 13, 2011 — Cit­ing the high rate of intru­sions against Defense Depart­ment net­works, the com­man­der of U.S. Cyber Com­mand today said his biggest con­cern is the threat of destruc­tive attacks yet to be seen.

A destruc­tive attack from cyber­space “is com­ing, in my opin­ion,” Army Gen. Kei­th B. Alexan­der told mil­i­tary, gov­ern­ment, indus­try and aca­d­e­m­ic pro­fes­sion­als at a con­fer­ence here called “Maneu­ver­ing in Cyber­space.”

“It is a ques­tion of time,” he said. “What we don’t know is how far out it is,” and whether it will tar­get com­mer­cial infra­struc­ture, gov­ern­ment net­works or mobile plat­forms.

Alexan­der, who also serves as direc­tor of the Nation­al Secu­ri­ty Agency, rec­og­nized both the “tremen­dous oppor­tu­ni­ties and tremen­dous vul­ner­a­bil­i­ties” cre­at­ed through net­work-enabled tech­nolo­gies.

Just as the Unit­ed States has been on the lead­ing edge in devel­op­ing many of these capa­bil­i­ties, Alexan­der said it also needs to be a leader in defend­ing against cyber threats.

“We were the coun­try that devel­oped the Inter­net, the iPhone, the iPad [and] some of these oth­er great tech­nolo­gies,” he said. “We ought to be the first to secure it.”

That, Alexan­der said, begins with edu­ca­tion so peo­ple under­stand the extent of the threats, and the need for a coor­di­nat­ed effort to con­front it.

“Cyber [secu­ri­ty] is a team sport,” Alexan­der said. “We have to work with­in the Defense Depart­ment as a team, and the Defense Depart­ment, with oth­er agen­cies as a team, … and we have to strength­en our pub­lic-pri­vate part­ner­ships.”

Cyber threats rep­re­sent “a prob­lem on a mas­sive scale that affects every indus­try and sec­tor of the econ­o­my and gov­ern­ment,” Alexan­der said. “So we have to get out in front.”

The cost of cyber crime to the glob­al econ­o­my is esti­mat­ed at $1 tril­lion. “What has been going on over the last few years in the net­work is the great­est theft that we have seen in his­to­ry,” he said.

Mean­while, mal­ware is being intro­duced at a rate of 55,000 pieces per day, or one per sec­ond.

As trou­bling as these sta­tis­tics may be, Alexan­der said his big­ger con­cern is, “what’s com­ing: a destruc­tive ele­ment.”

Both the U.S. Inter­na­tion­al Strat­e­gy for Cyber­space, issued in May, and the Defense Depart­ment cyber strat­e­gy, released in July, rec­og­nize the impor­tance of defend­ing U.S. net­works. This includes tak­ing offen­sive action in the event of a hos­tile attack.

For now, Alexan­der said his focus is on improv­ing defens­es to reduce that like­li­hood.

“We live in a glass house,” he said. “In cyber, we have not yet solved the defen­sive por­tion. From my per­spec­tive, there is a lot we can do to face that before we take offen­sive actions.”

Alexan­der cit­ed the Defense Indus­tri­al Base Cyber Pilot as a step in the right direc­tion. The pro­gram autho­rizes the Defense Depart­ment to share clas­si­fied threat intel­li­gence with par­tic­i­pat­ing defense con­trac­tors or their com­mer­cial Inter­net ser­vice providers so they can increase their cyber defens­es and pre­vent ene­my intru­sions into sen­si­tive gov­ern­ment net­works.

As the depart­ment and its part­ners seek oth­er ways to boost cyber defens­es, Alexan­der empha­sized that it won’t do so at the cost of civ­il lib­er­ties and pri­va­cy.

“I do not see us hav­ing to give up civ­il lib­er­ties or pri­va­cy to have cyber secu­ri­ty,” he said. “They can and must go togeth­er. And I think [that is how] we have to approach them.”

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)