Risk
5/11/2010
12:15 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Senate Confirms Military Cybersecurity Chief

Gen. Keith Alexander will head the U.S. Cyber Command, created to protect U.S. military networks from cyberattacks.

After a weeks-long delay to have questions answered about the Department of Defense's cybersecurity role, the Senate Friday unanimously confirmed National Security Agency director Keith Alexander as head of a new DoD command tasked with defending military networks from cyber attacks.

When it becomes fully operational in October, the U.S. Cyber Command will be headquartered at Fort George G. Meade in Maryland alongside NSA, and will report through the U.S. Strategic Command. Cyber Command will absorb two of the organizations currently leading much of the military's cyber-defense capabilities -- the Joint Functional Component Command for Network Warfare and the Joint Task Force for Network Operations.

Some final details of Cyber Command remain to be worked out, such as force size, which is currently being analyzed in a study due to be finished by the end of the summer.

"The Department of Defense requires a focused approach to secure its own networks, given our military's dependence on them for command and control, logistics, and military operations," Alexander said at his confirmation hearing last month. "If confirmed, my main focus will be on building the capacity, the capability, and the critical partnerships required to secure our military's operational networks."

In his confirmation hearing, Alexander brushed aside any suggestions that Cyber Command would militarize cyberspace, repeatedly saying that the new organization would focus on defense rather than offense. He said he would be working closely with the DoD's policy undersecretary to develop a comprehensive strategy, and with the Department of Homeland Security to develop a strategy that would be put in place to offer DoD support to protect federal civilian and critical infrastructure networks in the event of a national security crisis.

Some of the key challenges Alexander pointed to at the hearing included attribution of attackers and their intent, improving the security of DoD networks, partnering with the DHS and private industry in the event of major crisis, ensuring the protection of civil liberties, and navigating rules of war in situations where, unlike in traditional warfare, attackers can launch attacks from computers located in neutral third countries or route attacks through American-owned computers here in the United States.

While Alexander focused more on cyber-defense, he did say in written answers to Senators' questions that "under the right circumstances," Cyber Command would have the authority to use offensive cyber weapons against military command and control networks, weapons, power grids, transportation-related networks, national telecommunications networks, and even enemies' financial institutions.

In addition to the new job, Alexander, a graduate of the U.S. Military Academy at West Point, will stay on as director of NSA. However, NSA will remain distinct from Cyber Command in identity and mission.

President Obama nominated Alexander in October. Throughout his career, Alexander has held numerous military leadership roles, including deputy chief of staff for the Army, director of intelligence for the U.S. Central Command, and deputy director for requirements, capabilities, assessments, and doctrine for the Joint Chiefs of Staff. As part of the shift, Alexander also received a fourth star and has been promoted from Lt. General to General.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7912
Published: 2015-07-29
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory c...

CVE-2014-7913
Published: 2015-07-29
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corru...

CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

CVE-2015-2979
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!