Risk
10/20/2011
04:09 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

NSA Chief Plays Offense on Cloud, Cybersecurity

Cloud has become a key part of the NSA's IT strategy, said Gen. Keith Alexander. Coming soon: A DOD offensive strategy for responses to cyberattacks and threats.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
Cloud computing will make the intelligence community more secure and efficient, NSA director and U.S. Cyber Command commander Gen. Keith Alexander said Thursday.

In a speech in Baltimore before security professionals and a subsequent interview with InformationWeek and other media, Alexander touted the cloud as a key part of the intelligence community's IT strategy.

He said that cloud computing--his remarks indicated that he was largely speaking about private cloud computing--will help deliver better information to soldiers and intelligence professionals where and when they needed it, cut costs, and at the same time provide the NSA and Department of Defense with better insights into its networks, since consolidation is one prerequisite of a robust cloud strategy.

"When you think about the cloud, look at what Google, Amazon are doing with the technology," he said. "It's absolutely superb. We need to go from our legacy databases to the cloud."

Security, Alexander acknowledged, is a key concern in the cloud, but he said that the cloud also brings advantages in terms of what he termed "collapsing the enclave." Today, he said, the military and Cyber Command often have too little insight into what is going on in isolated and segmented military and intelligence networks to understand if they are in fact secure. A broader cloud infrastructure, he added, would both enable his organizations to get a better end-to-end view of their networks and be able to put security measures and virtual segments in place to maintain security.

Alexander also championed cloud computing as an example of a technology that will help the DOD fulfill its IT efficiencies requirements, part of major wider push to make the DOD more efficient in order to reinvest money elsewhere in the military. Other initiatives there include thin clients.

In addition to his remarks on cloud computing, Alexander also gave an update on Cyber Command and the latest cybersecurity threats, noting that the DOD would soon have new strategic guidance and rules of engagement for the cyber world that include an offensive cyber strategy for "reasonable, proportional responses" to cyberattacks and threats.

The DOD has already put out its initial operational guidelines, but that will soon be followed additional doctrine from the Joint Chiefs of Staff and then Cyber Command, Alexander said. "We are working on a set of rules for cyber," he said. "The laws of armed warfare do apply."

An offensive strategy that would inform decisions like when and how to go after botnets will likely be part of the broader doctrine, Alexander said. "The advantage is on the offense," he said, adding that part of the question is who will play that role. "Is it the FBI? Is it the NSA? Is it the military or is it the Internet service providers? Somebody can turn that off."

Alexander also said that he is continuing to push for better information sharing between the government and private sector, particularly of sensitive cyber information, and said that information sharing processes are being examined as part of a pilot with defense contractors.

Our annual Federal Government IT Priorities Survey shows how agencies are managing the many mandates competing for their limited resources. Also in the new issue of InformationWeek Government: NASA veterans launch cloud startups, and U.S. Marshals Service completes tech revamp. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
10/25/2011 | 1:37:35 AM
re: NSA Chief Plays Offense on Cloud, Cybersecurity
I am curious as well to hear about some of the rules for cyber warfare that he is talking about towards the end of the article. With attribution being much more problematic online as opposed to the physical world where we can see much more clearly who fired a missile, how do we respond as a government to a cyber-attack?
Brian Prince, InformationWeek contributor
JBURT000
50%
50%
JBURT000,
User Rank: Apprentice
10/23/2011 | 3:56:52 PM
re: NSA Chief Plays Offense on Cloud, Cybersecurity
The emergence of intelligent agents like Watson and Siri will increase the desire for data.
GPS000
50%
50%
GPS000,
User Rank: Apprentice
10/21/2011 | 10:52:15 AM
re: NSA Chief Plays Offense on Cloud, Cybersecurity
Interesting to note defense chiefs and intelligence analysts feel moving sensitive data and information onto the cloud will help improve efficiencies and enhance security of defense and military organizations.Just viewed an informative video, Technology Benefits of cloud computing focusing on operational efficiencies and cost savings offered by cloud computing, @http://bit.ly/pY4d6k
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5700
Published: 2014-09-22
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some o...

CVE-2014-0484
Published: 2014-09-22
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-3595
Published: 2014-09-22
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVE-2014-3635
Published: 2014-09-22
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows remote attackers to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one m...

Best of the Web
Dark Reading Radio