USA — Cybercom Chief Details Cyberspace Defense

WASHINGTON, Sept. 23, 2010 — U.S. Cyber Com­mand stands ready to defend Defense Depart­ment net­works, but laws and poli­cies must be updat­ed to pro­tect the nation, the organization’s com­man­der said yes­ter­day.

Army Gen. Kei­th B. Alexan­der is the first com­man­der of Cyber­com, which stood up under U.S. Strate­gic Com­mand in May, merg­ing DOD’s defen­sive and offen­sive cyber arms into one com­mand.

The com­mand oper­ates in a new domain for the mil­i­tary – the man-made domain of cyber­space. The domain is just as impor­tant for mil­i­tary oper­a­tions as land, sea, air and space, defense offi­cials said. Cyber­com directs mil­i­tary oper­a­tions in cyber­space and is respon­si­ble for defense of cru­cial mil­i­tary net­works.

The threat is real and con­tin­u­ing, Alexan­der said.

“The more you learn, the more you say we have to come togeth­er to pro­tect this,” the gen­er­al said dur­ing a round­table with reporters at the Nation­al Cryp­to­log­ic Muse­um. Not­ing that Defense Depart­ment net­works are scanned or probed 250,000 times an hour, Alexan­der said, “we have to do a bet­ter job defend­ing it.”

The net­works are the lifeblood of com­merce, pow­er, finance and many oth­er aspects of life today. There are 1.9 bil­lion Inter­net users in the world today, Alexan­der said, and 4.6 bil­lion cel­lu­lar phone sub­scribers. The num­ber of e-mails each day this year is around 247 bil­lion, with 90 tril­lion e-mails sent in 2009. The Inter­net is a tremen­dous capa­bil­i­ty, Alexan­der said, but it also is an enor­mous vul­ner­a­bil­i­ty.

“Our intel­lec­tu­al prop­er­ty here is about $5 tril­lion,” he said. “Of that, approx­i­mate­ly $300 bil­lion is stolen over the net­works per year.”

Cybercom’s three main mis­sions are to defend the defense infor­ma­tion grid, launch the full spec­trum of cyber oper­a­tions on com­mand, and to stand pre­pared to defend the nation’s free­dom of action in cyber­space, Alexan­der said.

The com­mand has a bud­get of $120 mil­lion for this year and has about 1,000 mil­i­tary and civil­ian employ­ees. Includ­ed in this is a 24/7 joint oper­a­tions cen­ter that mon­i­tors the grid, detects attacks and neu­tral­izes them. The com­mand works with the Air Force, Navy, Army and Marine Corps cyber com­mands to par­cel out how to defend the net­works and who has respon­si­bil­i­ty for the spe­cif­ic nets.

Assign­ing respon­si­bil­i­ty needs to hap­pen through­out the gov­ern­ment, the gen­er­al said, not­ing that tech­nol­o­gy has out­paced pol­i­cy and law. The gov­ern­ment, he added, still is deal­ing with laws that came out when the nation relied on rotary phones.

“The laws we did 35, 40 years ago are what we have to update,” he said.

Alexan­der put two issues on the table. “First, we can pro­tect civ­il lib­er­ties and pri­va­cy and still do our mis­sion,” he said. “There can be mis­takes, but we can pro­tect the First Amend­ment.”

The sec­ond issue, he said, is that Cyber Com­mand is defend­ing the DOD net­works now, and as direct­ed, can help the Home­land Secu­ri­ty Depart­ment defend its net­works.

There is con­fu­sion over who does what, the gen­er­al acknowl­edged, so White House offi­cials are lead­ing an effort to sort through the needs of cyber­se­cu­ri­ty and update the poli­cies and issues. “They are look­ing at the poli­cies and author­i­ties that need [re-]doing, and what’s the right way to approach it,” he said.

Once the review is fin­ished, he explained, the pres­i­dent must deter­mine how the fed­er­al gov­ern­ment will be orga­nized to han­dle this.

Con­gress is also look­ing at the prob­lems. “From my per­spec­tive,” Alexan­der said, “I would like to war-game it and hypoth­e­size what could hap­pen and ensure the poli­cies, laws and author­i­ties allow us to do what peo­ple expect us to do. I don’t want to fail in meet­ing the expec­ta­tions of the Amer­i­can peo­ple, the White House and Con­gress.”

Chang­ing the pol­i­cy is com­plex, and will take time and sev­er­al tries to do it right, Alexan­der said. The gen­er­al said he envi­sions a team han­dling things in cyber­space. The DHS, the FBI, oth­er gov­ern­ment agen­cies and pri­vate stake­hold­ers – along with Cyber­com – all have a role, he said, and get­ting the dis­parate agen­cies and enti­ties to work togeth­er will be a pri­or­i­ty for cyber defense.

Some ques­tions still need to be answered, and pol­i­cy mak­ers need to take them into con­sid­er­a­tion, Alexan­der said.

They include:

— What con­sti­tutes a cyber attack?

— How do the laws of war per­tain to oper­a­tions in cyber­space?

— What does deter­rence look like in the cyber world, where it can take months to deter­mine attack per­pe­tra­tors and the cyber defense group may have noth­ing to strike back at?

These ques­tions are valid, the gen­er­al empha­sized. In 2007, Esto­nia was hit by a cyber attack that crip­pled that nation’s grid for weeks, he said, and a for­eign intel­li­gence agency com­pro­mised a clas­si­fied U.S. mil­i­tary sys­tem in 2008.

The attacks can be dis­rup­tive, like the Esto­nia attack, or destruc­tive, with lives lost and equip­ment and net­works destroyed, Alexan­der said.

“Those are the kind of rules that have to be weighed and dis­cussed,” he added. “It’s good to have that debate, and from my per­spec­tive, it is impor­tant that it is clear who has the respon­si­bil­i­ty to defend in that kind of require­ment.”

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

More news and arti­cles can be found on Face­book and Twit­ter.

Fol­low on Face­book and/or on Twit­ter