Alexander: Defending Against
Cyberattacks Requires Collaboration
By Cheryl Pellerin, American
Forces Press Service.
Washington D.C. – Octobre 30, 2013 – (AFPS)
– Catastrophic cyberattacks loom in the nation’s future, and only collaboration
among government agencies, Internet service providers and U.S. allies worldwide
can help citizens prepare for them, the commander of U.S. Cyber Command said
Army Gen. Keith B. Alexander, who also serves as director of
the National Security Agency, delivered the keynote address to senior government
security officials and industry executives attending a cybersecurity conference.
“Over the last 14 months, we’ve seen over 350
distributed-denial-of-service attacks on Wall Street, with varying levels of
success. In August 2012, the whole world saw a destructive attack on Saudi
Aramco’s computer systems that … wiped out the data on over 30,000 systems,”
The general asked the audience to imagine if that attack had
hit Wall Street and to consider the impact it would have on the nation’s
finances and the global financial structure.
“Those types of catastrophic attacks are in our future,” the general said. “We
have to prepare for them. This is something the government cannot do by itself
-- this is something government, industry and our allies have to work [on]
Alexander said the partnership must start with legislation
that allows Internet service providers such as those who have large financial
industry clients on Wall Street to tell government law enforcement agencies
exactly when a cyberattack is happening so it can be stopped.
“We need a way for industry to tell us when there’s an attack
going on,” he said. “The chances of us seeing it in time to do something about
it are very small, especially for a destructive attack.”
Alexander likened the way such a process would work to the
way the E-ZPass electronic toll collection system scans cars on the highway to
collect tolls. In the case of Internet traffic, the Internet service provider
would scan network packets to see if they are good or bad, he explained.
If a bad packet is coming into Wall Street, Internet service
providers would see that, he said, and could tip off the FBI, the Department of
Homeland Security, the National Security Agency or U.S. Cyber Command about the
bad packet, including where it’s going and where it’s coming from, at network
“That’s the key,” Alexander said. “In order to respond to
these types of threats, we need that information at network speed, and we’ve got
to come up with the rules and the operational concepts to actually work at
network speed if we’re going to stop some of these attacks.”
Some questions remain about how the process would work, he
“How do we scan traffic to know that it’s good to go in such
a way that we protect our civil liberties and privacy and insure it’s not
something that’s going to destroy our financial networks?” he asked. Our
thoughts are that this is where government and industry can work together.
“We don’t need the contents of the packet,” he continued. “We
don’t need to know anything more than it’s a bad packet and it came from Point A
and it’s going to Point B. But for industry to provide us that information, we
Five areas are most important to the Cyber Command and NSA
missions, the general told the audience. First, and perhaps most important, is
to have a trained and ready force, he said.
“If you don’t have that and if [the cyber warriors] aren’t
trained to the right level,” Alexander said, “they will never detect the threats
that are going on in our networks.”
Second is to have operational concepts and command and control, the general said,
defining that as Team Cyber, or the integration of NSA and Cyber Command as a
team alongside the Department of Homeland Security and the FBI.
“We have a team and a concept that says if an attack is
happening on Wall Street, we have to know how we’re going to work it,” he said.
“NSA and Cyber Command do not respond inside the United States; that’s the role
of the FBI. Outside, we work with our allies; that’s where NSA and Cyber Command
come in. The operational concept says how we stop an attack and how we tell the
right authorities what’s coming.”
Third is to have a defensible architecture, he said, using
the Defense Department’s networks to explain the problem.
“Within the Defense Department we have 15,000 enclaves, each
with different system administrators, each with their own firewalls, and each
presenting a potential vulnerability if they’re not patched at the same time,”
Having 15,000 groups of people trying to patch a network at
the same time is problematic, he said. “Somebody’s going to make a mistake, and
… in cyberspace that means an adversary has a good probability of getting access
to our network,” he said. “It’s the same thing for industry. How are we going to
fix it? This is where the thin virtual cloud comes in.”
Such problems must be addressed at network speed “if we’re
ever going to get out in front of this,” he added.
The fourth area is shared situational awareness in
cyberspace, or how cyberspace is seen.
“Today, when somebody talks about an attack into your
network, ask them to draw you a picture,” Alexander said. The issue, he added,
is that if someone can’t describe what’s happening in cyberspace so that every
decision maker understands it, how can they respond?
“We need shared situational awareness in cyberspace. We’re
working that -- we call it the cyber common operational picture -- but we also
have to have that shared space with industry,” Alexander said. “That’s one of
the key things that industry and government have to work on together. How do we
see the threats?”
Seeing good airplanes and bad airplanes coming in requires
that they be sorted out, Alexander said. “We do that for air defense,” he added.
“How do we do it for cyber defense, and how do we share it with our allies?
That’s a key issue we have to address in solving some of the problems coming
The fifth area is authorities, he said. “The secretary of
defense and the president are the policymakers, and it’s their decision on when
we act and when we don’t act,” Alexander said. “But we have to set up some of
the authorities -- what we’ll call the rules of the road.”
From a military perspective, these are the rules of
engagement, he said, “and we are actually working that with the Defense
Department, the White House and others. … But those, I think, absolutely should
be on the table, and they should be transparent.”