Alexander: U.S. Must Address
Media Leaks, Cyber Legislation
By Cheryl Pellerin, American
Forces Press Service.
Washington D.C. – (AFPS)
– March 7, 2014 – Leaks to the media of classified information and the need for
cyber legislation were key elements of a speech this week by Army Gen. Keith B.
Alexander, commander of U.S. Cyber Command and director of the National Security
“What's going on in media leaks directly affects our ability
to get cyber legislation,” Alexander told an audience at Georgetown University,
“and we have to address both as a nation and amongst nations. We've got to get
U.S. Navy Rear Adm. Gretchen Herbert, commander of Navy Cyber Forces,
observes a spectral warrior demonstration at the Department of Defense Satellite
Gateway Facility in Hampton Roads, Va., Feb. 2, 2012. The demonstration was part
of Exercise Bold Alligator 2012.
U.S. Navy photo by Mass Communication
Specialist 1st Class Joshua J. Wahl
Recent media leaks include those by former NSA contractor
Edward Snowden, who last year fled the United States for temporary asylum in
Russia, after stealing 1.7 million intelligence files from NSA concerning the
agency’s surveillance activities and later disclosing thousands of documents to
reporters at London’s Guardian newspaper and the Washington Post.
The Justice Department has since charged Snowden, now a
fugitive, with espionage and theft of government documents. The massive leak
launched a continuing public debate, a presidential review of NSA
intelligence-collection practices, and a range of intelligence reforms announced
Jan. 17 by President Barack Obama.
On media leaks, Alexander offered his own perspective on a
Feb. 19 ruling by a British high court against David Miranda, the partner of
Guardian journalist Glenn Greenwald who had published articles and was planning
to produce more stories based on Snowden’s stolen NSA data.
Miranda was detained for nine hours Aug. 19 after two British
counterterrorism-unit police officers searched him at Heathrow Airport and found
he was carrying encrypted material derived from NSA data stolen by Snowden. He
was held under the authority of paragraph 2(1) of Schedule 7 of the United
Kingdom Terrorism Act 2000, and filed an application for judicial review of the
detention, which he said took place without legal authority. On Feb. 19, a court
dismissed Miranda’s application.
“We’re now in an interesting situation as a nation,”
Alexander said of the wide-ranging debate over the Snowden leaks, adding that
the U.K. justices in the Miranda case determined that “journalists have no
standing when it comes to national security issues.”
In the Miranda case, the British court found that journalists
have a “professional responsibility to take care so far as they are able to see
that the public interest, including the security of the state and the lives of
other people, is not endangered by what they publish.” But the court called such
a safeguard inadequate for lives and security because of what was described as
the “jigsaw” nature of intelligence information -- a range of data and facts
pieced together over time by different agencies -- and because journalists have
their own take on what serves the public interest, and added that
“constitutional responsibility for the protection of national security lies with
“I just put that on the table,” Alexander said, “because
that’s a key issue that we as a nation are going to face.” The general said the
leaks have caused “grave, significant and irreversible damage to our nation and
to our allies. It will take us years to recover from it. In some areas like
terrorism, I feel like someone else is going to pay the price for what’s [been]
The latest large distributed-denial-of-service attacks, one
in May and one in June 2013, Alexander said, caused more than $180 million in
damage to systems in South Korea.
“There is a great need for our nation to get cyber
legislation and work with other nations [to] set up norms” to help defend
against the rising number of adversaries. Media leaks have made it necessary to
address such issues as a nation, the general said, including public discussion
in the United States about what the government should and should not do as part
of its cyber security responsibilities.
Alexander said that in preparation for an evolving cyber
future, Cyber Command is working on five priorities:
-- Establishing a defensible architecture -- a thin virtual cloud architecture
that turns the advantage to those who defend the networks and that offers the
ability to fix vulnerabilities at network speed.
-- Maintaining a trained and ready force by educating everyone, including those
at Cyber Command, to the high standard used for NSA’s elite forces.
-- Establishing cyberspace operational concepts and command and control for the
many teams operating there. Alexander said Cyber Command is working on virtual
and physical command and control, and streamlining command and control from the
president and defense secretary to Cyber Command and others.
-- Developing shared situational awareness in cyberspace as a way to visualize
it and everything that can happen there so military leaders can understand what
they’re facing and what’s needed to deny the adversary that capability. “If we
can’t visualize [cyberspace] and transfer that thought to someone else, we won’t
have a common way of stopping [adversaries],” the general said. “For the cyber
courses we have to have it, so we’re building a common operational picture.”
-- Giving NSA and Cyber Command authority to share back with industry malware
signatures and information about cyber attacks or cyber exploits.
A final critical issue, the general said, is for the nation
to determine a way for the government and other nations to work together in
cyberspace, “so everybody understands what the norms and the red lines are and
how we'll track them.” Alexander added, “Why do we need cyber legislation? NSA
has great insights, as does Cyber Command, about threats against our nation.
Wall Street, the power companies and the rest of government don't have a way to
protect themselves [if we don’t work] together with them.”
Today, NSA and Cyber Command probably wouldn’t see an
incoming attack or exploit against Wall Street, he said.
Despite everything that’s been said about the domestic
collection capabilities of NSA, “the fact is we don't have the ability to see [such
commercial activity], and Internet service providers and others are forbidden to
share that information with the government – the Department of Homeland Security,
the FBI, NSA and Cyber Command -- because of restrictions put forth in the
Electronic Communications Privacy Act and the Stored Communications Act.” The
issue, he said, is that “we have capabilities to help defend the nation, but we
don't have a way to share them back and forth. And if we did share something,
we'd have to figure out how to work liability with those companies so they're
protected from the facts we've given them.”
Such liability protection would shelter companies from
customer civil suits based on company cybersecurity activities performed as
partners with government agencies, he explained. “This is a team sport -- [it’s]
not just NSA and Cyber Command. It’s DHS, FBI and many others,” Alexander said.
“The government has to work with industry, we have to have the … policies and
we’re working our way through [them], but the key thing we need is legislation.”
NSA and Cyber Command, FBI and other agencies may know
something about an adversary’s ability to exploit or attack a network, he
explained. “If it’s classified, how do we share that?” he asked. “And if we
share that, how do they give that information back to us?”
Much needs to be accomplished between government and industry
and within the U.S. government to get the authorities issue right, the general
said. “We have a lot of capabilities in our government that we ought to share,
analogous to the way we share capabilities to defend our nation in physical
space,” he added. “If a bank is attacked by another nation state [in
cyberspace], our country shouldn’t say to that bank, ‘Good luck with that.’
Because if that bank were attacked in physical space with missiles, we wouldn’t
say, ‘You have to have your own missile defense system.’ In this space we have
to figure out how that government-industry partnership will work.”
Alexander said the nation has to handle issues that have
arisen because of the media leaks before it tackles cyber legislation. “I think
we are going to make headway over the next few weeks on media leaks,” he said.
“I’m an optimist -- I think if we make the right steps on media-leaks
legislation, then cyber legislation will be a lot easier.”
(Follow Cheryl Pellerin on
Twitter: @PellerinAFPS) :
Army Gen. Keith B. Alexander
Special report: The Cyber Domain - Security and Operations
U.S. Cyber Command
Alexander: Laws, Policies Lag Behind
Changes in Cyber Threats