Risk
9/23/2010
09:21 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cyber Command Director: U.S. Needs To Secure Critical Infrastructure

General Keith Alexander says the new U.S. Cyber Command will work to protect the nation's key industries and defense networks from devastating cyber attacks.

The command is collocated at Maryland's Fort Meade with the National Security Agency, which Alexander also leads. Alexander characterized the collocation as critical to Cyber Command's success, since NSA can provide both the technical talent key to protecting defense networks and the intelligence key to helping attribute attacks to particular people, organizations or nations.

Each military service has a unit that will support Cyber Command's mission. Among them, the Army Forces Cyber Command will reach full operating capability along with U.S. Cyber Command on October 1, and the 24th Air Force recently passed an inspector general audit of its own operating capability and is thus well on its way to full capability as well.

Alexander said that he has done some scenario walkthroughs with the Department of Defense, the White House and other federal agencies, noting that from a military perspective, he likes to run wargames to better understand capabilities and authorities. "I don't want to fail in meeting the expectations of the American people, the White House and Congress when something happens in cyberspace, and they say, 'well, where was Cyber Command on this?'"

In fact, U.S. Cyber Command was born out of decisions made in the aftermath of Operation Buckshot Yankee, the military's 14-month response to a worm that spread on defense networks via flash drive in 2008, exfiltrating military information along the way to what Pentagon leaders, including Alexander, say was a foreign nation state. "We've got to do a better job at defending [our networks], and that's why we put U.S. Cyber Command together," Alexander said. Cyber Command's budget was about $120 million this fiscal year, and will be about $150 million in fiscal 2011, mostly going to contracts.

More broadly, Alexander applauded efforts underway in Congress and the White House to look at how laws and policy need to be changed to address today's cybersecurity problems. "The laws we did 35 years ago are laws now that we need to update," he said, noting that legal and policy changes will likely need to go through revisions to get them just right, and that explaining the changes to the American people will be a key part of the process. "We can protect civil liberties and privacy and still do our mission."

"This is one of the most critical problems our country faces," Alexander said. "We're losing money today, and there is a real probability in the future this country will be hit by a destructive attack. We need to be ready for it."

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7441
Published: 2015-05-29
The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.

CVE-2014-9727
Published: 2015-05-29
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.

CVE-2015-0200
Published: 2015-05-29
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors.

CVE-2015-0751
Published: 2015-05-29
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.

CVE-2015-0752
Published: 2015-05-29
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?