Alexander: Defending Against Cyber Attacks Requires
By Cheryl Pellerin,
American Forces Press Service.
Washington D.C. – (AFPS) – October
30, 2013 – Catastrophic cyber attacks loom in the
nation’s future, and only collaboration among government agencies, Internet
service providers and U.S. allies worldwide can help citizens prepare for
them, the commander of U.S. Cyber Command said this afternoon.
Army Gen. Keith B.
Alexander, who also serves as director of the National Security Agency,
delivered the keynote address to senior government security officials and
industry executives attending a cybersecurity conference.
“Over the last 14 months,
we’ve seen over 350 distributed-denial-of-service attacks on Wall Street,
with varying levels of success. In August 2012, the whole world saw a
destructive attack on Saudi Aramco’s computer systems that … wiped out the
data on over 30,000 systems,” Alexander said.
The general asked the
audience to imagine if that attack had hit Wall Street and to consider the
impact it would have on the nation’s finances and the global financial
“Those types of catastrophic
attacks are in our future,” the general said. “We have to prepare for them.
This is something the government cannot do by itself -- this is something
government, industry and our allies have to work [on] together.”
Alexander said the
partnership must start with legislation that allows Internet service
providers such as those who have large financial industry clients on Wall
Street to tell government law enforcement agencies exactly when a cyber attack is happening so it can be stopped.
“We need a way for industry
to tell us when there’s an attack going on,” he said. “The chances of us
seeing it in time to do something about it are very small, especially for a destructive
Alexander likened the way
such a process would work to the way the E-ZPass
electronic toll collection system scans cars on the highway to collect tolls.
In the case of Internet traffic, the Internet service provider would scan
network packets to see if they are good or bad, he explained.
If a bad packet is coming
into Wall Street, Internet service providers would see that, he said, and
could tip off the FBI, the Department of Homeland Security, the National
Security Agency or U.S. Cyber Command about the bad packet, including where
it’s going and where it’s coming from, at network speed.
“That’s the key,” Alexander
said. “In order to respond to these types of threats, we need that
information at network speed, and we’ve got to come up with the rules and the
operational concepts to actually work at network speed if we’re going to stop
some of these attacks.”
Some questions remain about
how the process would work, he added.
“How do we scan traffic to
know that it’s good to go in such a way that we protect our civil liberties
and privacy and insure it’s not something that’s going to destroy our
financial networks?” he asked. Our thoughts are that this is where government
and industry can work together.
“We don’t need the contents
of the packet,” he continued. “We don’t need to know anything more than it’s
a bad packet and it came from Point A and it’s going to Point B. But for
industry to provide us that information, we need legislation.”
Five areas are most
important to the Cyber Command and NSA missions, the general told the
audience. First, and perhaps most important, is to have a trained and ready
force, he said.
“If you don’t have that and
if [the cyber warriors] aren’t trained to the right level,” Alexander said,
“they will never detect the threats that are going on in our networks.”
Second is to have
operational concepts and command and control, the general said, defining that
as Team Cyber, or the integration of NSA and Cyber Command as a team
alongside the Department of Homeland Security and the FBI.
“We have a team and a
concept that says if an attack is happening on Wall Street, we have to know
how we’re going to work it,” he said. “NSA and Cyber Command do not respond
inside the United States; that’s the role of the FBI. Outside, we work with
our allies; that’s where NSA and Cyber Command come in. The operational
concept says how we stop an attack and how we tell the right authorities
Third is to have a
defensible architecture, he said, using the Defense Department’s networks to
explain the problem.
“Within the Defense
Department we have 15,000 enclaves, each with different system
administrators, each with their own firewalls, and each presenting a
potential vulnerability if they’re not patched at the same time,” Alexander
Having 15,000 groups of
people trying to patch a network at the same time is problematic, he said.
“Somebody’s going to make a
mistake, and … in cyberspace that means an adversary has a good probability
of getting access to our network,” he said. “It’s the same thing for
industry. How are we going to fix it? This is where the thin virtual cloud
Such problems must be
addressed at network speed “if we’re ever going to get out in front of this,”
The fourth area is shared
situational awareness in cyberspace, or how cyberspace is seen.
“Today, when somebody talks
about an attack into your network, ask them to draw
you a picture,” Alexander said. The issue, he added, is that if someone can’t
describe what’s happening in cyberspace so that every decision maker
understands it, how can they respond?
“We need shared situational
awareness in cyberspace. We’re working that -- we call it the cyber common
operational picture -- but we also have to have that shared space with
industry,” Alexander said. “That’s one of the key things that industry and
government have to work on together. How do we see the threats?”
Seeing good airplanes and
bad airplanes coming in requires that they be sorted out, Alexander said. “We
do that for air defense,” he added. “How do we do it for cyber defense, and
how do we share it with our allies? That’s a key issue we have to address in
solving some of the problems coming up.”
The fifth area is
authorities, he said.
“The secretary of defense
and the president are the policymakers, and it’s their decision on when we
act and when we don’t act,” Alexander said. “But we have to set up some of
the authorities -- what we’ll call the rules of the road.”
From a military perspective,
these are the rules of engagement, he said, “and we are actually working that
with the Defense Department, the White House and others. … But those, I
think, absolutely should be on the table, and they should be transparent.”
Army Gen. Keith B. Alexander
Special Report: The Cyber Domain –
Security and Operations