Alexander: Laws, Policies Lag Behind Changes in Cyber Threats
By Claudette Roulo
American Forces Press Service
WASHINGTON, Feb. 27, 2014 The threat in cyberspace is changing so rapidly that law and policy lag behind, the nation’s top cyber commander said here today.
The gap is one of the “key and fundamental” issues that the nation must address, Army Gen. Keith B. Alexander told members of the Senate Armed Services Committee. Alexander is commander of U.S. Cyber Command in addition to his duties as National Security Agency director.
“How do we protect our nation in this space and through this space, … and how do we do it in such a manner that they know we're protecting their civil liberties and privacy while concurrently protecting this nation?” he asked.
Exploitative and destructive cyberattacks are both on the rise, Alexander said. Exploitative attacks are designed to steal information or money, he explained, while destructive attacks are intended to disrupt or destroy devices or activities.
Defense and commercial systems are targeted in both types of attacks, Alexander said.
“The best way to solve the exploitation problem and to also defend against disruptive and destructive attacks is to form a defensible architecture,” he said. “We should protect these networks better than we have them protected today -- not just within the Defense Department, but also our critical infrastructures. Time and again, we're seeing where people have exploited into these networks only to find out that the way that they're getting in is so easy that it's difficult to defend.”
Cyberattacks are on the rise, he said. Recent attacks on Wall Street and around the world destroyed data on systems, which had to be replaced, he noted.
“This is a significant change from disruptive attacks -- those distributed denials of service which only disrupt for the time that that attack is going on, versus a destructive attack, where the information is actually lost. Far more damaging, … far more costly,” Alexander said.
More nation-states are likely to adopt cyberattacks if diplomacy fails, the general said. “We've got to be prepared for that as a nation, and we've got to work with our allies to set up … the ground rules and deterrence theory in this area.”
Cyber defense is a team sport in which the services must be aligned and trained to a joint standard, Alexander said. The general acknowledged that such training will take time.
“We'll have roughly one-third of that force fully trained by the end of this calendar year, and I think that -- given the sequestration -- is a huge step forward,” he said.
The way forward includes educating not only service members, but also the American people, the administration and Congress on what’s happening in cyberspace, Alexander said.
“Many of the issues that we've worked our way through over the [past] five years on the NSA side, working with a [Foreign Intelligence Surveillance Court], boils down to an understanding of what's going on in cyberspace -- our ability to articulate it, and their understanding of what we're talking about,” the general said.
“I think we need to step back [and] set a framework for discussion with the American people,” he continued. “This is going to be absolutely important in setting up what we can and cannot do in cyberspace to protect this country.”
Issues with NSA surveillance programs are overshadowing cyber defense issues, the general said. “We have to get those resolved, because, ironically, it operates in the same space,” he said.
Within the next several weeks, Alexander said, he expects to return to Congress with a proposal to address President Barack Obama’s -- and the nation’s -- concerns about surveillance programs.
(Follow Claudette Roulo on Twitter: @rouloafps)