By Patrick Marshall

Blog archive
Starting line

Still at the starting line in the cyberdefense race

With the presidential election behind us and the political status quo confirmed in Washington, the dangers in cyberspace continue to grow, says NSA Director and U.S. Cyber Command commander Gen. Keith B. Alexander.

The nation’s dependence on a global information infrastructure is growing at the same time threats are increasing both in number and in sophistication.

“Where are we going to go from here?” Alexander asked at the recent Symantec Government Symposium in Washington. “We have tremendous vulnerabilities. Everybody’s getting hit,” and the theft of intellectual property has become “the biggest concern we have right now as a nation.”

On top of that, recent attacks such as those against the Saudi oil company Aramco, believed to have been launched from Iran, demonstrate the ability to effectively wipe out data on targeted computers. “I am concerned that attacks like that are coming,” the general said. “We have to get ready for that.”

The message was not new. For years now Alexander has been pushing for better cooperation between government and the private sector in the face of cyber threats, and Defense Secretary Leon Panetta drew attention to the issue in October by revealing the Aramco attacks. But the intensity of the campaign is increasing, along with the stakes.

The Defense Department is moving ahead with plans and capabilities for conducting defensive and offensive operations in cyberspace and now is developing formal rules of engagement for cyberwar. But the DOD is placed in an awkward situation, having the intelligence, the capabilities and the mission of defending the .mil domain from foreign assault, but no authority to act in the non-military critical infrastructure on which it and the rest of the nation depends. That is the realm of the Department of Homeland Security, the FBI and the private sector. And while everyone would like to be under the DOD shield, nobody wants to turn over their security—or information—to the military.

There is informal cooperation. The NSA stands ready to provide its expertise to DHS for protection of civilian infrastructure. And DOD is working with the private sector through the Enduring Security Framework, a program launched in 2008 in which corporate executives are granted temporary, one-day classified clearance to get “scared straight” style briefings on cyber threats and capabilities. But DOD wants to see a legislative framework that will spell out the relationship between the military, the civilian government and the private sector in the area of cybersecurity.

Alexander, Panetta and the rest of the brass want two things: A baseline of security standards for civilian critical infrastructure that the military eventually could be called up on to defend, and clear lines of authority, responsibility and liability for sharing information across sector boundaries.

Whether the chances for this happening will be any better in the new Congress than in the current one—which was where cybersecurity legislation went to die—is anybody’s guess. But whatever the final formula for effective cyber defense is, it needs to emerge sooner rather than later, Alexander said.

“We can defend this space,” he said. “But we’re still at the starting line. We need to get moving.”

Posted by William Jackson on Nov 13, 2012 at 5:18 PM


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.