Risk
9/23/2010
09:21 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cyber Command Director: U.S. Needs To Secure Critical Infrastructure

General Keith Alexander says the new U.S. Cyber Command will work to protect the nation's key industries and defense networks from devastating cyber attacks.

The command is collocated at Maryland's Fort Meade with the National Security Agency, which Alexander also leads. Alexander characterized the collocation as critical to Cyber Command's success, since NSA can provide both the technical talent key to protecting defense networks and the intelligence key to helping attribute attacks to particular people, organizations or nations.

Each military service has a unit that will support Cyber Command's mission. Among them, the Army Forces Cyber Command will reach full operating capability along with U.S. Cyber Command on October 1, and the 24th Air Force recently passed an inspector general audit of its own operating capability and is thus well on its way to full capability as well.

Alexander said that he has done some scenario walkthroughs with the Department of Defense, the White House and other federal agencies, noting that from a military perspective, he likes to run wargames to better understand capabilities and authorities. "I don't want to fail in meeting the expectations of the American people, the White House and Congress when something happens in cyberspace, and they say, 'well, where was Cyber Command on this?'"

In fact, U.S. Cyber Command was born out of decisions made in the aftermath of Operation Buckshot Yankee, the military's 14-month response to a worm that spread on defense networks via flash drive in 2008, exfiltrating military information along the way to what Pentagon leaders, including Alexander, say was a foreign nation state. "We've got to do a better job at defending [our networks], and that's why we put U.S. Cyber Command together," Alexander said. Cyber Command's budget was about $120 million this fiscal year, and will be about $150 million in fiscal 2011, mostly going to contracts.

More broadly, Alexander applauded efforts underway in Congress and the White House to look at how laws and policy need to be changed to address today's cybersecurity problems. "The laws we did 35 years ago are laws now that we need to update," he said, noting that legal and policy changes will likely need to go through revisions to get them just right, and that explaining the changes to the American people will be a key part of the process. "We can protect civil liberties and privacy and still do our mission."

"This is one of the most critical problems our country faces," Alexander said. "We're losing money today, and there is a real probability in the future this country will be hit by a destructive attack. We need to be ready for it."

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Cybercrime has become a well-organized business, complete with job specialization, funding, and online customer service. Dark Reading editors speak to cybercrime experts on the evolution of the cybercrime economy and the nature of today's attackers.