Cyber Defense Requires Teamwork, Agility, Alexander Says
By Donna Miles
American Forces Press Service
WASHINGTON, Oct. 27, 2011 The commander of U.S. Cyber Command called for increased collaboration among the government, industry and America’s allies in developing more defensible networks to confront escalating global cyber threats.
Current network security protections aren’t nimble enough to defend against the exploding number of threats, Army Gen. Keith B. Alexander told government, academic and private-sector professionals yesterday at the Security Innovation Network’s Showcase 2011 conference here.
Firewalls, routers, antivirus software and intrusion detection systems are designed to identify and block specific cyber-intruder signatures, Alexander said. The problem, he noted, is that adversaries have the ability to scan the networks, exploit vulnerabilities and use them to gain access.
“It’s like the Maginot Line,” Alexander explained, referring to the fortifications France built along its border with Germany after World War I with hopes of preventing another cross-border attack. Germany responded during World War II by doing the unexpected: attacking instead through the Ardennes Forest.
“That’s the same thing that happens in your network,” Alexander said, noting in cyberspace adversaries have “all the advantages.” They can scan networks, he said, and identify what software is being run, and pounce when they identify a vulnerability.
“That’s the dynamic we have to change,” Alexander said.
“We are the guys who helped create the Internet. We are the ones that built that. We ought to be the first ones to secure it.”
The White House’s International Strategy for Cyberspace and Defense Department strategy represent a start in that direction, Alexander said. But he emphasized that developing more defensible systems isn’t something the Defense Department or any other entity can do alone.
It requires government agencies working as a team, he said, while also working with industry and U.S. allies and partners.
“When we talk cyber, we talk a team sport,” Alexander said. “It’s all of us operating as a team to defend the country in cyberspace, with the right legal authorities.”
Alexander cited the explosion of network communications around the world. As of March 31, 30 percent of the world population had access to the Internet. During 2010, 107 trillion emails were sent -- that’s 294 billion per day. By 2015, he said, it’s predicted that there will be twice as many Internet devices as people on the planet.
Such growth, the general said, has created vulnerabilities which leave no sector immune -- from hackings at well-respected companies such as Nasdaq, RSA Security and Booz Allen Hamilton to denial-of-service attacks in Estonia, Georgia and elsewhere.
For every company that recognizes it has been hacked, Alexander said, hundreds more don’t.
Among the costs is a huge loss of intellectual property through what Alexander called “the greatest transfer of wealth in history.” But the bigger fear, he said, is that disruptive attacks will turn destructive.
Alexander noted initiatives under way that show promise in countering these growing threats. For example, he said, “cloud” computing delivers shared resources and software through virtual routers, machines and networks [and] enables faster server updates and more agile responses than legacy databases.
Meanwhile, a pilot program in which the Defense Department shares classified threat intelligence with industry is helping to increase military cyber defenses and preventing enemy intrusions into other sensitive government networks.
Alexander called the Defense Industrial Base Cyber Pilot, launched in partnership with the Homeland Security Department, “a huge step” that’s blocked intrusions and identified signatures that hadn’t been previously seen.
“The intent is to push signatures to the Internet service providers and protect vulnerabilities,” he said. “We are having success with that.”
Lauding progress in network protections, Alexander emphasized that they can’t come at the cost of civil liberties and privacy rights.
“We should demand that we get both,” he said. “In my opinion, we can do that. We can protect civil liberties and privacy and come up with a defensive program that we can defend this country and our companies in cyberspace.”