Risk
9/23/2010
09:21 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cyber Command Director: U.S. Needs To Secure Critical Infrastructure

General Keith Alexander says the new U.S. Cyber Command will work to protect the nation's key industries and defense networks from devastating cyber attacks.

General Keith Alexander, director of the new U.S. Cyber Command and the National Security Agency, is advocating the creation of a "secure, protected zone" in which critical infrastructure like the financial industry, the power grid and the defense industrial base would operate on the Internet, he said in an interview with select group of reporters Wednesday afternoon ahead of his testimony to the House Armed Services Committee on Thursday morning.

Though Gen. Alexander noted that such a solution was just one that is on the table, he stressed that the federal government, including U.S. Cyber Command, will likely be part of a team approach to helping protect the nation's critical infrastructure from devastating cyber attacks.

The White House, he said, is leading a group to look at cybersecurity policy and at the authorities currently in place to protect the nation's networks, including critical infrastructure networks.

"The question is, how do we do it," Alexander said. "Doing it, technically, is fairly straightforward. Getting everybody satisfied is the harder thing." Any such plan, he said, would leave the commercial Internet, "where our kids might communicate," untouched.

For today, Cyber Command's role is limited strictly to defending Department of Defense networks from cyber attacks and standing ready to execute offensive cyber operations on command, and as directed help the Department of Homeland Security defend broader government networks. The White House and Congress will ultimately lead the way in better defining any broader role that Cyber Command will have.

That said, Alexander confirmed that his team has taken part in analysis of the recent Stuxnet worm that successfully attacked several power plant control systems worldwide earlier this summer.

Alexander is also already working on plans to help protect the defense industrial base, a key task in the wake of successful attacks against defense contractor networks over the past few years that have stolen sensitive information. "It gets to, how do we provide them a level of protection analogous to what the government would have, so that their secrets aren't going to be stolen," he said.

U.S. Cyber Command is slated to formally reach full operating capability on October 1, and Alexander plans Thursday morning to inform Congress of the progress being made at Cyber Command as well as the military service components that will support it. About 1,000 military, civilian, and contractor employees work in Cyber Command today, supporting, among other things, an always-on joint operations center to direct the defense and operations of DoD networks.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

CVE-2014-2716
Published: 2014-12-19
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.