U.S. Leaders Cite Partnership as Key to Cybersecurity
By Cheryl Pellerin
American Forces Press Service
WASHINGTON, Oct. 2, 2012 As the cyber threat intensifies over time from exploitation to disruption to destruction, responsible U.S. agencies and industries can fight back using cooperation and transparency, the commander of U.S. Cyber Command said here yesterday.
Army Gen. Keith B. Alexander, who also serves as director of the National Security Agency, was part of a panel on cybersecurity at the Woodrow Wilson Center for Scholars.
“For the last 10 years, what we’ve seen on our networks has been essentially exploitation, [such as] theft of intellectual property and crime,” the general said. “Over the last few weeks, we’ve seen distributed denial-of-service attacks, so we’re seeing the threat grow from exploitation to … disruption, and my concern is it’s going to go from exploitation and disruption to destruction.”
He defined destruction as physical harm to computer devices on a network that would cause the networks to fail, or the loss of a significant amount of data that would impair the ability of a company -- a stock exchange or a power grid -- to operate.
“I believe that’s coming our way,” Alexander said. “We have to be out in front of this for a whole host of reasons. The Defense Department’s reason is that we depend on critical infrastructure to do our jobs. We depend on the power grid, [and] we depend on the Internet to operate.”
For industry, the general gave examples of companies that have experienced serious losses as a result of destructive cyberattacks. In August, a viral attack on computers at Saudi Arabia’s government-owned oil company, Aramco, lost data from up to 30,000 workstations. According to news reports, a malicious virus replaced data on a third of the computers of the world’s largest oil producer with an image of a burning U.S. flag.
“Think about a company that loses all that data from their systems,” Alexander said. “That doesn’t mean you just go to backup systems -- it’s gone. And if that data had important information, you can never recover it. From our perspective, that’s a significant problem.”
He also mentioned RSA, a U.S. computer security company that in March 2011 experienced a cyberattack that news reports said cost the company $66 million. That month, the company released an open letter to employees and customers describing the attack, its likely consequences and the company’s response.
Companies that do business exclusively online are particularly vulnerable, Alexander said. One of these was DigiNotar, a Dutch certificate authority owned by VASCO Data Security International that went bankrupt within 30 days after a September 2011 security breach that resulted in the fraudulent issuing of certificates.
DigiNotar worked with Google and other online firms, Alexander added. Certificates allow people to communicate securely online, and the breach was devastating to the company.
“I do think we have to get out in front of [such cyber destruction],” the general said, “really for the operation of our government and our country, and it will also have a significant economic impact.”
The solution to cyber-related intellectual property theft and destructive attacks, Alexander said, is information sharing by responsible organizations and working together in a transparent way.
“The cyber team that our government needs,” the general said, includes the Homeland Security Department as the entry point for working with industry, and the FBI, National Security Agency and Cyber Command working together to help on the technical front.
The FBI would have the lead for law enforcement and identifying attackers, NSA on foreign intelligence and Cyber Command on defending the nation, Alexander said. “Together, that team is what I think the American people hold us accountable for doing,” he added.
“What we’re asking industry to do is to look for certain kinds of bad things going on, and if they see these things, let the government know right away. It’s just like pulling a fire alarm,” he said. “Call us and we’ll respond. Otherwise, we don’t need to know what traffic is transiting [the network].”
Alexander said he thinks it’s the correct thing to do to have a civilian agency in the lead for cybersecurity, especially if the FBI, NSA and Cyber Command can do their jobs on the technical side. Such a configuration “allows for the transparency that I think the American people need in this area,” he added. “Cyber is so important to all of us. They want to know we’re doing it right, and the way to do that is to be transparent.”
Cybersecurity also was the subject of a proclamation issued yesterday by President Barack Obama, who said in declaring October as National Cybersecurity Awareness Month that the U.S. digital infrastructure is a strategic national asset that everyone has a role in protecting.
“By bringing together federal, state and local governments and private industry partners, we have made great progress in securing cyberspace for business, education, entertainment and civic life,” Obama said.
“In November 2011,” he added, “we released the Blueprint for a Secure Cyber Future, a strategic plan to protect government, the private sector and the public against cyber threats today and tomorrow.”