Risk
5/11/2010
12:15 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Senate Confirms Military Cybersecurity Chief

Gen. Keith Alexander will head the U.S. Cyber Command, created to protect U.S. military networks from cyberattacks.

After a weeks-long delay to have questions answered about the Department of Defense's cybersecurity role, the Senate Friday unanimously confirmed National Security Agency director Keith Alexander as head of a new DoD command tasked with defending military networks from cyber attacks.

When it becomes fully operational in October, the U.S. Cyber Command will be headquartered at Fort George G. Meade in Maryland alongside NSA, and will report through the U.S. Strategic Command. Cyber Command will absorb two of the organizations currently leading much of the military's cyber-defense capabilities -- the Joint Functional Component Command for Network Warfare and the Joint Task Force for Network Operations.

Some final details of Cyber Command remain to be worked out, such as force size, which is currently being analyzed in a study due to be finished by the end of the summer.

"The Department of Defense requires a focused approach to secure its own networks, given our military's dependence on them for command and control, logistics, and military operations," Alexander said at his confirmation hearing last month. "If confirmed, my main focus will be on building the capacity, the capability, and the critical partnerships required to secure our military's operational networks."

In his confirmation hearing, Alexander brushed aside any suggestions that Cyber Command would militarize cyberspace, repeatedly saying that the new organization would focus on defense rather than offense. He said he would be working closely with the DoD's policy undersecretary to develop a comprehensive strategy, and with the Department of Homeland Security to develop a strategy that would be put in place to offer DoD support to protect federal civilian and critical infrastructure networks in the event of a national security crisis.

Some of the key challenges Alexander pointed to at the hearing included attribution of attackers and their intent, improving the security of DoD networks, partnering with the DHS and private industry in the event of major crisis, ensuring the protection of civil liberties, and navigating rules of war in situations where, unlike in traditional warfare, attackers can launch attacks from computers located in neutral third countries or route attacks through American-owned computers here in the United States.

While Alexander focused more on cyber-defense, he did say in written answers to Senators' questions that "under the right circumstances," Cyber Command would have the authority to use offensive cyber weapons against military command and control networks, weapons, power grids, transportation-related networks, national telecommunications networks, and even enemies' financial institutions.

In addition to the new job, Alexander, a graduate of the U.S. Military Academy at West Point, will stay on as director of NSA. However, NSA will remain distinct from Cyber Command in identity and mission.

President Obama nominated Alexander in October. Throughout his career, Alexander has held numerous military leadership roles, including deputy chief of staff for the Army, director of intelligence for the U.S. Central Command, and deputy director for requirements, capabilities, assessments, and doctrine for the Joint Chiefs of Staff. As part of the shift, Alexander also received a fourth star and has been promoted from Lt. General to General.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant