LINTHICUM, Md., Sept. 13, 2011 — Citing the high rate of intrusions against Defense Department networks, the commander of U.S. Cyber Command today said his biggest concern is the threat of destructive attacks yet to be seen.
A destructive attack from cyberspace “is coming, in my opinion,” Army Gen. Keith B. Alexander told military, government, industry and academic professionals at a conference here called “Maneuvering in Cyberspace.”
“It is a question of time,” he said. “What we don’t know is how far out it is,” and whether it will target commercial infrastructure, government networks or mobile platforms.
Alexander, who also serves as director of the National Security Agency, recognized both the “tremendous opportunities and tremendous vulnerabilities” created through network-enabled technologies.
Just as the United States has been on the leading edge in developing many of these capabilities, Alexander said it also needs to be a leader in defending against cyber threats.
“We were the country that developed the Internet, the iPhone, the iPad [and] some of these other great technologies,” he said. “We ought to be the first to secure it.”
That, Alexander said, begins with education so people understand the extent of the threats, and the need for a coordinated effort to confront it.
“Cyber [security] is a team sport,” Alexander said. “We have to work within the Defense Department as a team, and the Defense Department, with other agencies as a team, … and we have to strengthen our public-private partnerships.”
Cyber threats represent “a problem on a massive scale that affects every industry and sector of the economy and government,” Alexander said. “So we have to get out in front.”
The cost of cyber crime to the global economy is estimated at $1 trillion. “What has been going on over the last few years in the network is the greatest theft that we have seen in history,” he said.
Meanwhile, malware is being introduced at a rate of 55,000 pieces per day, or one per second.
As troubling as these statistics may be, Alexander said his bigger concern is, “what’s coming: a destructive element.”
Both the U.S. International Strategy for Cyberspace, issued in May, and the Defense Department cyber strategy, released in July, recognize the importance of defending U.S. networks. This includes taking offensive action in the event of a hostile attack.
For now, Alexander said his focus is on improving defenses to reduce that likelihood.
“We live in a glass house,” he said. “In cyber, we have not yet solved the defensive portion. From my perspective, there is a lot we can do to face that before we take offensive actions.”
Alexander cited the Defense Industrial Base Cyber Pilot as a step in the right direction. The program authorizes the Defense Department to share classified threat intelligence with participating defense contractors or their commercial Internet service providers so they can increase their cyber defenses and prevent enemy intrusions into sensitive government networks.
As the department and its partners seek other ways to boost cyber defenses, Alexander emphasized that it won’t do so at the cost of civil liberties and privacy.
“I do not see us having to give up civil liberties or privacy to have cyber security,” he said. “They can and must go together. And I think [that is how] we have to approach them.”
U.S. Department of Defense
Office of the Assistant Secretary of Defense (Public Affairs)