USA — Alexander Details U.S. Cyber Command Gains

WASHINGTON — Estab­lish­ing U.S. Cyber Com­mand closed the gap that pre­vent­ed the Defense Depart­ment from defend­ing its cru­cial infor­ma­tion net­works, the organization’s com­man­der told the House Armed Ser­vices Com­mit­tee yes­ter­day.

Cyber­com, based at Fort Meade, Md., merges the offen­sive and defen­sive sides of DOD’s cyber world into one orga­ni­za­tion for the ben­e­fit of both sides, said Army Gen. Kei­th B. Alexan­der, who also is direc­tor of the Nation­al Secu­ri­ty Agency.

The com­mand stood up in May. Before that, Joint Task Force Glob­al Net­work Oper­a­tions was respon­si­ble for defense.

“That task force got one lev­el of intel­li­gence and could see one part of the net­work,” Alexan­der told the com­mit­tee. “Oper­at­ing on the oth­er side was the Joint Func­tion­al Com­po­nent Com­mand Net War­fare trained at a dif­fer­ent lev­el with dif­fer­ent intel insights at a dif­fer­ent clas­si­fi­ca­tion lev­el.”

Two orga­ni­za­tions had respon­si­bil­i­ty for the same net­work, the gen­er­al explained. “And if you were oper­at­ing at the Nation­al Train­ing Cen­ter, you wouldn’t have the defen­sive team out there defend­ing, and then take them off the field and run out with an offen­sive team,” he said. “It’s the same team.”

The offense and defense can­not be dif­fer­ent, because these oper­a­tions will occur in real time, the gen­er­al said.

“It’s also an expe­ri­ence that we’ve seen in some of our red team and blue teams of what’s hap­pen­ing in our net­works,” he said. “And I think that’s a huge and a pos­i­tive step and goes sig­nif­i­cant­ly toward pro­vid­ing bet­ter sup­port to the [com­bat­ant com­mands].”

A sub­uni­fied com­mand under U.S. Strate­gic Com­mand, Cyber­com has about 1,000 ser­vice­mem­bers and civil­ian employ­ees. The com­mand has a bud­get of about $120 mil­lion this year, and is pro­grammed for about $150 mil­lion in fis­cal 2011.

“We need the con­tin­ued sup­port of Con­gress and the resources that the depart­ment is putting for­ward for the com­po­nent com­mands that we have here,” Alexan­der said. “It is going to have to grow. Each of them are look­ing at this and address­ing that, and we will need your con­tin­ued sup­port to make that hap­pen.”

But the com­mand also needs author­i­ties and guid­ance from Con­gress and the White House to ensure a good defense. Alexan­der said the think­ing is that any cyber defense will require a team effort incor­po­rat­ing the Home­land Secu­ri­ty Depart­ment, the FBI, the Defense Depart­ment and oth­er con­cerned pub­lic and pri­vate agen­cies.

“Right now, the White House is lead­ing a dis­cus­sion on what are the author­i­ties need­ed and how do we do this and … how will that team oper­ate to defend our coun­try?” he said.

What they will look at across that is what are the author­i­ties, what do we have legal­ly, and then giv­en that, what do we have to come back to Con­gress and reshape or mold for author­i­ties to oper­ate in cyber­space?”

Alexan­der went on to describe dif­fer­ent forms of the cyber threat.

“Since the incep­tion of the Inter­net, as it were, prob­a­bly the key thing that we’ve seen is hack­er activ­i­ty and exploita­tion,” he said. “That’s where some­one comes in and takes infor­ma­tion from your com­put­er, steals your cred­it card num­ber, takes mon­ey out of your account.”

That threat endures, and it pos­si­bly is the most sig­nif­i­cant form of the threat, the gen­er­al said. It is not just steal­ing Amer­i­can intel­lec­tu­al prop­er­ty, he not­ed, but also involves theft of U.S. secrets and com­pro­mis­ing oth­er parts of U.S. net­works.

Fast-for­ward to 2007, when Esto­nia became the first nation attacked in cyber­space.

“We see a shift from exploita­tion to actu­al­ly using the Inter­net as a weapons plat­form to get anoth­er coun­try to bend to the will of anoth­er coun­try,” Alexan­der said. “While it’s hard to attribute that to a nation state, you can see it did hap­pen when two nations were quar­rel­ing over polit­i­cal issues.”

Dis­rup­tive cyber attacks on Geor­gia fol­lowed in 2008. “A dis­rup­tive attack pre­vents you from doing your busi­ness for the time being,” the gen­er­al explained, but it’s nor­mal­ly some­thing that you can recov­er from and then go on and do your busi­ness.

“What con­cerns me the most,” he con­tin­ued, “is destruc­tive attacks that are com­ing, and we’re con­cerned that those are the next things that we will see.”

Destruc­tive attacks destroy equip­ment, Alexan­der said, and the vic­tim can­not take the same equip­ment and just dri­ve for­ward.

“It’s not some­thing that you recov­er from by just stop­ping the traf­fic,” he said. “It is some­thing that breaks a com­put­er or anoth­er auto­mat­ed device and, once bro­ken, has to be replaced. That could cause tremen­dous dam­age.”

DOD is con­cerned if that hap­pens in a war zone to defense net­works, Alexan­der said.

“If that were to hap­pen in a war zone, that means our com­mand and con­trol sys­tem and oth­er things suf­fer,” he said. “We’ve got to be pre­pared for that both from a defen­sive per­spec­tive, and then to ensure that the ene­my can’t do that to us. Again – a full oper­a­tional capa­bil­i­ty.”

DOD clas­si­fied net­works have been breached. A for­eign intel­li­gence agency used a flash dri­ve to put a virus into U.S. Cen­tral Com­mand net­works in 2008. The depart­ment launched Oper­a­tion Buck­shot Yan­kee to com­bat the worm, and Cyber­com has drawn lessons from the expe­ri­ence.

“We actu­al­ly had three parts that came out of that Oper­a­tion Buck­shot Yan­kee – cul­ture, con­duct and capa­bil­i­ty,” Alexan­der told the rep­re­sen­ta­tives. “On the cul­ture side, it was get­ting com­man­ders to under­stand this is commander’s busi­ness. This isn’t some­thing that you say, ‘I’m going to have one of my staff run it.’ This is commander’s busi­ness.

Com­man­ders are respon­si­ble for the oper­a­tion of their com­mand. And this oper­a­tional net­work, it’s impor­tant to them.”

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

More news and arti­cles can be found on Face­book and Twit­ter.

Fol­low on Face­book and/or on Twit­ter