Cyber defense needs a good offense, Alexander says

Cyber Command chief calls for common environment, real-time awareness and "hunting" inside networks

TAMPA, Fla. — If only the nation’s cyber warriors had a situation like that between nuclear powers such as the U.S. and Russia, where mutually assured destruction ensures that no one launches their atomic weapons. No so in the cyber world, where the legal and military framework that would come into play if a nation state or non-nation-state actor launched a cyberattack against American networks is yet to be written.

“Think about the consequences for the deterrence theory in the area of cyber,” said Army Gen. Keith Alexander, former director of the National Security Agency and recently confirmed as first commanding general for the U.S. Cyber Command. He spoke Tuesday at the Army’s LandWarNet conference.

“It changes the whole paradigm,” he said. “Not only do we have to have a way to bring nations together to talk about the rules of the road, we’ve also got to come up with a deterrence theory that takes on the non-nation-state actors, the terrorists and the criminals.”

Related stories:

Cyber Command lays groundwork for rapid deployment of resources

New DOD cyber commander seeks better situational awareness

The key to developing such deterrence lies in creating a common operating environment and common operational picture for the nation’s networks, Alexander said,

“How do we know where [attackers] are?” he said. “We don’t have real-time situational awareness of our networks, or the ability to take action on them.”

The nation’s network defenders “have some stuff at the perimeters,” such as antivirus capabilities, Alexander said, but such measures only address only 80 percent of the problem and are not necessarily tackled as a unified effort. What’s needed to defend, operate, exploit and attack as one team is a shared situational awareness that lets operators know what’s going on inside the network all the way to its edge. 

“If we can’t see the networks, can’t understand what’s going on our boundaries, or what’s going on inside our networks, we will lose all the time,” he said. “If we don’t know what’s going on in our networks we will not be able to defend them.”

The answer, according to the nation’s top cyber warrior, is establishment of a dynamic defense that attacks as much as it defends.

“Just like we would do in physical combat, we have to have folks who are hunting inside our networks,” he said. “Give the system administrators, our network operators, weapons to hunt inside our network for malicious software and malicious actors to destroy them.”

At the boundary of networks should be an interactive device or capability that has to be able to talk to network hunters inside the network, as well as to the foreign intelligence organizations, law enforcement and others outside the network.

“With our allies, we have to be able to see what’s going on in global networks so we can provide real-time indications and warning to our defense capabilities,” Alexander said. “And we have to have offensive capability to shut down somebody trying to attack us real time.”

About the Author

Barry Rosenberg is editor-in-chief of Defense Systems. Follow him on Twitter: @BarryDefense.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected