Risk
10/20/2011
04:09 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

NSA Chief Plays Offense on Cloud, Cybersecurity

Cloud has become a key part of the NSA's IT strategy, said Gen. Keith Alexander. Coming soon: A DOD offensive strategy for responses to cyberattacks and threats.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
Cloud computing will make the intelligence community more secure and efficient, NSA director and U.S. Cyber Command commander Gen. Keith Alexander said Thursday.

In a speech in Baltimore before security professionals and a subsequent interview with InformationWeek and other media, Alexander touted the cloud as a key part of the intelligence community's IT strategy.

He said that cloud computing--his remarks indicated that he was largely speaking about private cloud computing--will help deliver better information to soldiers and intelligence professionals where and when they needed it, cut costs, and at the same time provide the NSA and Department of Defense with better insights into its networks, since consolidation is one prerequisite of a robust cloud strategy.

"When you think about the cloud, look at what Google, Amazon are doing with the technology," he said. "It's absolutely superb. We need to go from our legacy databases to the cloud."

Security, Alexander acknowledged, is a key concern in the cloud, but he said that the cloud also brings advantages in terms of what he termed "collapsing the enclave." Today, he said, the military and Cyber Command often have too little insight into what is going on in isolated and segmented military and intelligence networks to understand if they are in fact secure. A broader cloud infrastructure, he added, would both enable his organizations to get a better end-to-end view of their networks and be able to put security measures and virtual segments in place to maintain security.

Alexander also championed cloud computing as an example of a technology that will help the DOD fulfill its IT efficiencies requirements, part of major wider push to make the DOD more efficient in order to reinvest money elsewhere in the military. Other initiatives there include thin clients.

In addition to his remarks on cloud computing, Alexander also gave an update on Cyber Command and the latest cybersecurity threats, noting that the DOD would soon have new strategic guidance and rules of engagement for the cyber world that include an offensive cyber strategy for "reasonable, proportional responses" to cyberattacks and threats.

The DOD has already put out its initial operational guidelines, but that will soon be followed additional doctrine from the Joint Chiefs of Staff and then Cyber Command, Alexander said. "We are working on a set of rules for cyber," he said. "The laws of armed warfare do apply."

An offensive strategy that would inform decisions like when and how to go after botnets will likely be part of the broader doctrine, Alexander said. "The advantage is on the offense," he said, adding that part of the question is who will play that role. "Is it the FBI? Is it the NSA? Is it the military or is it the Internet service providers? Somebody can turn that off."

Alexander also said that he is continuing to push for better information sharing between the government and private sector, particularly of sensitive cyber information, and said that information sharing processes are being examined as part of a pilot with defense contractors.

Our annual Federal Government IT Priorities Survey shows how agencies are managing the many mandates competing for their limited resources. Also in the new issue of InformationWeek Government: NASA veterans launch cloud startups, and U.S. Marshals Service completes tech revamp. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
10/25/2011 | 1:37:35 AM
re: NSA Chief Plays Offense on Cloud, Cybersecurity
I am curious as well to hear about some of the rules for cyber warfare that he is talking about towards the end of the article. With attribution being much more problematic online as opposed to the physical world where we can see much more clearly who fired a missile, how do we respond as a government to a cyber-attack?
Brian Prince, InformationWeek contributor
JBURT000
50%
50%
JBURT000,
User Rank: Apprentice
10/23/2011 | 3:56:52 PM
re: NSA Chief Plays Offense on Cloud, Cybersecurity
The emergence of intelligent agents like Watson and Siri will increase the desire for data.
GPS000
50%
50%
GPS000,
User Rank: Apprentice
10/21/2011 | 10:52:15 AM
re: NSA Chief Plays Offense on Cloud, Cybersecurity
Interesting to note defense chiefs and intelligence analysts feel moving sensitive data and information onto the cloud will help improve efficiencies and enhance security of defense and military organizations.Just viewed an informative video, Technology Benefits of cloud computing focusing on operational efficiencies and cost savings offered by cloud computing, @http://bit.ly/pY4d6k
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.