In his first public engagement since taking charge of the Defense Department’s new cybersecurity command, Gen. Keith Alexander described the enormity of the challenge his organization faces in securing military networks from a bewildering array of attacks.
“Today our nation’s interests are in jeopardy,” Alexander said in an address at the Center for Strategic and International Studies, a Washington think tank.
Alexander offered an alarming estimate of the intensity of the threats against military systems, saying the 15,000 networks the Defense Department maintains are probed by unauthorized users roughly 250,000 times an hour, or 6 million times each day.
“It is not alarmist to say that the weakest link in our security can seriously impact our ability to operate securely and with confidence in cyberspace,” he said. “While our front-line defenses are up to this challenge, we still have to devote too much of our time and resources to dealing with relatively mundane problems, such as poorly engineered software, missing patches and poor configuration.”
After a lengthy Senate confirmation process, Alexander took control of the Pentagon’s new Cyber Command on May 21. He retains his role as director of the National Security Agency, the top military intelligence organization that is collocated with the Cyber Command in Fort Meade, Md.
Pairing the unit with the NSA has drawn criticism from some quarters of government and industry, with critics raising concerns about keeping the famously secretive intelligence agency at the center of U.S. cybersecurity operations at a time when the administration is working to build partnerships and improve information sharing with the private sector.
But Alexander promised that the NSA is subject to vigorous oversight, both internally and by Congress and the Department of Justice, to ensure that it is fulfilling its obligations while protecting privacy and civil liberties. Moreover, he argued that the agency’s experts and sophisticated monitoring systems will be an invaluable asset to the work of the Cyber Command.
“This intellectual and technological capital is critical to the success of the entire U.S. government efforts in cyberspace,” he said.
The Cyber Command is tasked with handling the military’s offensive and defensive cyber activities. In forming the unit, the Pentagon consolidated two joint task forces that had independent responsibilities in the cyber arena, the Joint Functional Component Command for Net Warfare and the Joint Task Force for Global Network Operations.
On the offensive side, Alexander said the Command is working to develop “clear rules of engagement” in the cyber arena. As part of that process, the Command is reviewing existing military protocols and weighing their application to new models of information attacks, which can present unique challenges of attribution and national sovereignty.
Defensively, Alexander said the biggest challenge facing the Cyber Command is to develop comprehensive monitoring systems that probe for attacks across the sprawling information systems of the military and relay threat alerts in “Net time.”
Alexander also expressed cautious support for a Russian proposal for the United Nations to develop international protocols for limiting cyberattacks amongst nations, calling it a “starting point” for international debate.
“I do think that we have to establish the rules,” he said, though he noted that the State Department or an administration office, not the Cyber Command, would take the lead in any international negotiations concerning cybersecurity.