Cyber defense needs a good offense, Alexander says

Cyber Command chief calls for common environment, real-time awareness and "hunting" inside networks

TAMPA, Fla. — If only the nation’s cyber warriors had a situation like that between nuclear powers such as the U.S. and Russia, where mutually assured destruction ensures that no one launches their atomic weapons. No so in the cyber world, where the legal and military framework that would come into play if a nation state or non-nation-state actor launched a cyberattack against American networks is yet to be written.

“Think about the consequences for the deterrence theory in the area of cyber,” said Army Gen. Keith Alexander, former director of the National Security Agency and recently confirmed as first commanding general for the U.S. Cyber Command. He spoke Tuesday at the Army’s LandWarNet conference.

“It changes the whole paradigm,” he said. “Not only do we have to have a way to bring nations together to talk about the rules of the road, we’ve also got to come up with a deterrence theory that takes on the non-nation-state actors, the terrorists and the criminals.”

Related stories:

Cyber Command lays groundwork for rapid deployment of resources

New DOD cyber commander seeks better situational awareness

The key to developing such deterrence lies in creating a common operating environment and common operational picture for the nation’s networks, Alexander said,

“How do we know where [attackers] are?” he said. “We don’t have real-time situational awareness of our networks, or the ability to take action on them.”

The nation’s network defenders “have some stuff at the perimeters,” such as antivirus capabilities, Alexander said, but such measures only address only 80 percent of the problem and are not necessarily tackled as a unified effort. What’s needed to defend, operate, exploit and attack as one team is a shared situational awareness that lets operators know what’s going on inside the network all the way to its edge. 

“If we can’t see the networks, can’t understand what’s going on our boundaries, or what’s going on inside our networks, we will lose all the time,” he said. “If we don’t know what’s going on in our networks we will not be able to defend them.”

The answer, according to the nation’s top cyber warrior, is establishment of a dynamic defense that attacks as much as it defends.

“Just like we would do in physical combat, we have to have folks who are hunting inside our networks,” he said. “Give the system administrators, our network operators, weapons to hunt inside our network for malicious software and malicious actors to destroy them.”

At the boundary of networks should be an interactive device or capability that has to be able to talk to network hunters inside the network, as well as to the foreign intelligence organizations, law enforcement and others outside the network.

“With our allies, we have to be able to see what’s going on in global networks so we can provide real-time indications and warning to our defense capabilities,” Alexander said. “And we have to have offensive capability to shut down somebody trying to attack us real time.”

About the Author

Barry Rosenberg is editor-in-chief of Defense Systems. Follow him on Twitter: @BarryDefense.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected