Risk
5/11/2010
12:15 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Senate Confirms Military Cybersecurity Chief

Gen. Keith Alexander will head the U.S. Cyber Command, created to protect U.S. military networks from cyberattacks.

After a weeks-long delay to have questions answered about the Department of Defense's cybersecurity role, the Senate Friday unanimously confirmed National Security Agency director Keith Alexander as head of a new DoD command tasked with defending military networks from cyber attacks.

When it becomes fully operational in October, the U.S. Cyber Command will be headquartered at Fort George G. Meade in Maryland alongside NSA, and will report through the U.S. Strategic Command. Cyber Command will absorb two of the organizations currently leading much of the military's cyber-defense capabilities -- the Joint Functional Component Command for Network Warfare and the Joint Task Force for Network Operations.

Some final details of Cyber Command remain to be worked out, such as force size, which is currently being analyzed in a study due to be finished by the end of the summer.

"The Department of Defense requires a focused approach to secure its own networks, given our military's dependence on them for command and control, logistics, and military operations," Alexander said at his confirmation hearing last month. "If confirmed, my main focus will be on building the capacity, the capability, and the critical partnerships required to secure our military's operational networks."

In his confirmation hearing, Alexander brushed aside any suggestions that Cyber Command would militarize cyberspace, repeatedly saying that the new organization would focus on defense rather than offense. He said he would be working closely with the DoD's policy undersecretary to develop a comprehensive strategy, and with the Department of Homeland Security to develop a strategy that would be put in place to offer DoD support to protect federal civilian and critical infrastructure networks in the event of a national security crisis.

Some of the key challenges Alexander pointed to at the hearing included attribution of attackers and their intent, improving the security of DoD networks, partnering with the DHS and private industry in the event of major crisis, ensuring the protection of civil liberties, and navigating rules of war in situations where, unlike in traditional warfare, attackers can launch attacks from computers located in neutral third countries or route attacks through American-owned computers here in the United States.

While Alexander focused more on cyber-defense, he did say in written answers to Senators' questions that "under the right circumstances," Cyber Command would have the authority to use offensive cyber weapons against military command and control networks, weapons, power grids, transportation-related networks, national telecommunications networks, and even enemies' financial institutions.

In addition to the new job, Alexander, a graduate of the U.S. Military Academy at West Point, will stay on as director of NSA. However, NSA will remain distinct from Cyber Command in identity and mission.

President Obama nominated Alexander in October. Throughout his career, Alexander has held numerous military leadership roles, including deputy chief of staff for the Army, director of intelligence for the U.S. Central Command, and deputy director for requirements, capabilities, assessments, and doctrine for the Joint Chiefs of Staff. As part of the shift, Alexander also received a fourth star and has been promoted from Lt. General to General.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.