Nominee Urges Government, Private Sector Cooperation
By Lisa Daniel
American Forces Press Service
WASHINGTON, April 15, 2010 The new U.S. Cyber Command needs to strike a balance between protecting military assets and personal privacy, the presidential nominee to lead the command told a Senate committee today.
Army Lt. Gen. Keith B. Alexander, director of the National Security Agency and chief of Central Security Service at Fort Meade, Md., said many issues related to Cyber Command’s operations are yet to be determined. Cyber Command is to be subordinate to U.S. Strategic Command.
If confirmed by the Senate, Alexander said, he looks forward to working with the Defense Department and Senate Armed Services Committee to define and structure how the command will work.
Alexander noted that when Defense Secretary Robert M. Gates created the command last year it was an acknowledgement of the growing threats against the department’s computer network systems, the corresponding threat to national security, and the need for unity of command in addressing the problem.
The general noted that the threat to defense computer systems has grown and will continue to do so. “We’ve been alarmed by the increase this year,” he said, “and it’s growing rapidly.”
If confirmed, Alexander said, his main focus will be on building capacity and capability to secure the networks and educating the public on the command’s intent.
“This command is not about an effort to militarize cyber space,” he said. “Rather, it’s about safeguarding our military assets.”
The public should understand the rules and how the command will operate, Alexander said, and that it will be audited. “We’ve got to help them understand that by showing them how we’re doing it, and that we are following a legal framework,” he added.
Privacy is just one of several sticking points to work out, Alexander said. Others include necessary collaboration with the private sector and neutral nations, and how to determine the perpetrator of an attack.
The command, by authorization, will work closely with the Department of Homeland Security and the National Security Agency, U.S. Strategic Command and U.S. Northern Command, Alexander said.
Asked to explain how the command would respond to various hypothetical scenarios, Alexander replied that the command will respond to cyber attacks under Title 10 of military authority and would operate under standard rules of engagement. If the command needs to work in a foreign country, he added, it would need the authority of the U.S. combatant commander for that region with approval by the president.
But, the general said, those scenarios would become more complicated if the cyber attacks came through a neutral country, or if they came through computers in the United States. In the latter case, Homeland Security would have jurisdiction and would have to work with the private sector, but could ask Cyber Command to assist, he said.
“One of the things the administration is trying to address with [Homeland Security and the Defense Department] is how we do this with industry,” Alexander said. “That’s probably the most difficult issue, and one we will spend the most time working on.”
While Homeland Security has oversight of the “dot-gov” Internet domain, Cyber Command is responsible for “dot-mil” security, and for giving early warning of cyber threats to the United States and providing people and capabilities to support any homeland threat, the general explained.
Because private entities own and operate most computer infrastructure, Alexander said, the government needs to work closely with them. “They’re on the leading edge,” he said. “They have great capabilities and great talent. The government is going to have to leverage that talent.”