USA — Cybercom Chief Details Cyberspace Defense

WASHINGTON, Sept. 23, 2010 — U.S. Cyber Com­mand stands ready to defend Defense Depart­ment net­works, but laws and poli­cies must be updat­ed to pro­tect the nation, the organization’s com­man­der said yes­ter­day.

Army Gen. Kei­th B. Alexan­der is the first com­man­der of Cyber­com, which stood up under U.S. Strate­gic Com­mand in May, merg­ing DOD’s defen­sive and offen­sive cyber arms into one command. 

The com­mand oper­ates in a new domain for the mil­i­tary – the man-made domain of cyber­space. The domain is just as impor­tant for mil­i­tary oper­a­tions as land, sea, air and space, defense offi­cials said. Cyber­com directs mil­i­tary oper­a­tions in cyber­space and is respon­si­ble for defense of cru­cial mil­i­tary networks. 

The threat is real and con­tin­u­ing, Alexan­der said. 

“The more you learn, the more you say we have to come togeth­er to pro­tect this,” the gen­er­al said dur­ing a round­table with reporters at the Nation­al Cryp­to­log­ic Muse­um. Not­ing that Defense Depart­ment net­works are scanned or probed 250,000 times an hour, Alexan­der said, “we have to do a bet­ter job defend­ing it.” 

The net­works are the lifeblood of com­merce, pow­er, finance and many oth­er aspects of life today. There are 1.9 bil­lion Inter­net users in the world today, Alexan­der said, and 4.6 bil­lion cel­lu­lar phone sub­scribers. The num­ber of e‑mails each day this year is around 247 bil­lion, with 90 tril­lion e‑mails sent in 2009. The Inter­net is a tremen­dous capa­bil­i­ty, Alexan­der said, but it also is an enor­mous vulnerability. 

“Our intel­lec­tu­al prop­er­ty here is about $5 tril­lion,” he said. “Of that, approx­i­mate­ly $300 bil­lion is stolen over the net­works per year.” 

Cybercom’s three main mis­sions are to defend the defense infor­ma­tion grid, launch the full spec­trum of cyber oper­a­tions on com­mand, and to stand pre­pared to defend the nation’s free­dom of action in cyber­space, Alexan­der said. 

The com­mand has a bud­get of $120 mil­lion for this year and has about 1,000 mil­i­tary and civil­ian employ­ees. Includ­ed in this is a 24/7 joint oper­a­tions cen­ter that mon­i­tors the grid, detects attacks and neu­tral­izes them. The com­mand works with the Air Force, Navy, Army and Marine Corps cyber com­mands to par­cel out how to defend the net­works and who has respon­si­bil­i­ty for the spe­cif­ic nets. 

Assign­ing respon­si­bil­i­ty needs to hap­pen through­out the gov­ern­ment, the gen­er­al said, not­ing that tech­nol­o­gy has out­paced pol­i­cy and law. The gov­ern­ment, he added, still is deal­ing with laws that came out when the nation relied on rotary phones. 

“The laws we did 35, 40 years ago are what we have to update,” he said. 

Alexan­der put two issues on the table. “First, we can pro­tect civ­il lib­er­ties and pri­va­cy and still do our mis­sion,” he said. “There can be mis­takes, but we can pro­tect the First Amendment.” 

The sec­ond issue, he said, is that Cyber Com­mand is defend­ing the DOD net­works now, and as direct­ed, can help the Home­land Secu­ri­ty Depart­ment defend its networks. 

There is con­fu­sion over who does what, the gen­er­al acknowl­edged, so White House offi­cials are lead­ing an effort to sort through the needs of cyber­se­cu­ri­ty and update the poli­cies and issues. “They are look­ing at the poli­cies and author­i­ties that need [re-]doing, and what’s the right way to approach it,” he said. 

Once the review is fin­ished, he explained, the pres­i­dent must deter­mine how the fed­er­al gov­ern­ment will be orga­nized to han­dle this. 

Con­gress is also look­ing at the prob­lems. “From my per­spec­tive,” Alexan­der said, “I would like to war-game it and hypoth­e­size what could hap­pen and ensure the poli­cies, laws and author­i­ties allow us to do what peo­ple expect us to do. I don’t want to fail in meet­ing the expec­ta­tions of the Amer­i­can peo­ple, the White House and Congress.” 

Chang­ing the pol­i­cy is com­plex, and will take time and sev­er­al tries to do it right, Alexan­der said. The gen­er­al said he envi­sions a team han­dling things in cyber­space. The DHS, the FBI, oth­er gov­ern­ment agen­cies and pri­vate stake­hold­ers – along with Cyber­com – all have a role, he said, and get­ting the dis­parate agen­cies and enti­ties to work togeth­er will be a pri­or­i­ty for cyber defense. 

Some ques­tions still need to be answered, and pol­i­cy mak­ers need to take them into con­sid­er­a­tion, Alexan­der said. 

They include: 

— What con­sti­tutes a cyber attack? 

— How do the laws of war per­tain to oper­a­tions in cyberspace? 

— What does deter­rence look like in the cyber world, where it can take months to deter­mine attack per­pe­tra­tors and the cyber defense group may have noth­ing to strike back at? 

These ques­tions are valid, the gen­er­al empha­sized. In 2007, Esto­nia was hit by a cyber attack that crip­pled that nation’s grid for weeks, he said, and a for­eign intel­li­gence agency com­pro­mised a clas­si­fied U.S. mil­i­tary sys­tem in 2008. 

The attacks can be dis­rup­tive, like the Esto­nia attack, or destruc­tive, with lives lost and equip­ment and net­works destroyed, Alexan­der said. 

“Those are the kind of rules that have to be weighed and dis­cussed,” he added. “It’s good to have that debate, and from my per­spec­tive, it is impor­tant that it is clear who has the respon­si­bil­i­ty to defend in that kind of requirement.” 

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs) 

Face­book and/or on Twit­ter

Team GlobDef

Seit 2001 ist im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →