Alexander: Laws, Policies
Lag Behind Changes in Cyber Threats
By Claudette Roulo, American Forces Press
Washington D.C. – (AFPS)
– February 27, 2014 – The threat in cyberspace is changing so rapidly that law
and policy lag behind, the nation’s top cyber commander said here today. The gap
is one of the “key and fundamental” issues that the nation must address, Army
Gen. Keith B. Alexander told members of the Senate Armed Services Committee.
Alexander is commander of U.S. Cyber Command in addition to his duties as
National Security Agency director.
“How do we protect our nation in this space and through this
space, … and how do we do it in such a manner that they know we're protecting
their civil liberties and privacy while concurrently protecting this nation?” he
Exploitative and destructive cyberattacks are both on the
rise, Alexander said. Exploitative attacks are designed to steal information or
money, he explained, while destructive attacks are intended to disrupt or
destroy devices or activities. Defense and commercial systems are targeted in
both types of attacks, Alexander said.
“The best way to solve the exploitation problem and to also
defend against disruptive and destructive attacks is to form a defensible
architecture,” he said. “We should protect these networks better than we have
them protected today -- not just within the Defense Department, but also our
critical infrastructures. Time and again, we're seeing where people have
exploited into these networks only to find out that the way that they're getting
in is so easy that it's difficult to defend.”
Cyberattacks are on the rise, he said. Recent attacks on Wall
Street and around the world destroyed data on systems, which had to be replaced,
he noted. “This is a significant change from disruptive attacks -- those
distributed denials of service which only disrupt for the time that that attack
is going on, versus a destructive attack, where the information is actually lost.
Far more damaging, … far more costly,” Alexander said.
More nation-states are likely to adopt cyberattacks if
diplomacy fails, the general said. “We've got to be prepared for that as a
nation, and we've got to work with our allies to set up … the ground rules and
deterrence theory in this area.”
Cyber defense is a team sport in which the services must be
aligned and trained to a joint standard, Alexander said. The general
acknowledged that such training will take time. “We'll have roughly one-third of
that force fully trained by the end of this calendar year, and I think that --
given the sequestration -- is a huge step forward,” he said.
The way forward includes educating not only service members,
but also the American people, the administration and Congress on what’s
happening in cyberspace, Alexander said. “Many of the issues that we've worked
our way through over the [past] five years on the NSA side, working with a [Foreign
Intelligence Surveillance Court], boils down to an understanding of what's going
on in cyberspace -- our ability to articulate it, and their understanding of
what we're talking about,” the general said.
“I think we need to step back [and] set a framework for
discussion with the American people,” he continued. “This is going to be
absolutely important in setting up what we can and cannot do in cyberspace to
protect this country.”
Issues with NSA surveillance programs are overshadowing cyber
defense issues, the general said. “We have to get those resolved, because,
ironically, it operates in the same space,” he said.
Within the next several weeks, Alexander said, he expects to
return to Congress with a proposal to address President Barack Obama’s -- and
the nation’s -- concerns about surveillance programs.
(Follow Claudette Roulo on Twitter: @rouloafps)
Army Gen. Keith B. Alexander
U.S. Cyber Command
Special Report: The Cyber Domain