NSA Chief: Don't Dump Essential Security Tools

Iris Scans: Security Technology In Action

The head of the U.S. Cyber Command had come to talk about the state of cybersecurity in America. But Gen. Keith Alexander, who also directs the National Security Agency, took the offensive, delivering an impassioned defense of NSA practices Wednesday, in the wake of recriminations over the agency's collection and handling of Americans' phone records.

He also asked government and industry executives, gathered at a cybersecurity summit in Washington, for their support in maintaining the NSA's data-collection and surveillance efforts.

"In the last week, over 950 people were killed in Kenya, Iraq, Yemen" and elsewhere in the world as a result of terrorist attacks, he said. "We've been fortunate to have avoided that in the U.S., but it's not just because of luck," he added, referring to the work of analysts and agents at the NSA, the FBI, the Department of Homeland Security and other agencies.

Alexander said the data gathering and analytic tools the U.S. intelligence community has assembled since the Sept. 11, 2001 attacks have been instrumental in averting at least 54 terrorist attacks in the U.S. and overseas. But in light of growing demands by legislators and privacy advocates to end the NSA's data collection practices, he acknowledged, "We're going to have a debate in this country on do we give up those tools. I'm concerned we're going to make the wrong choice."

[ Is the NSA tapping your smartphone? Read NSA Vs. Your Smartphone: 5 Facts. ]

The NSA director tried to dispel what he called sensationalized media reports about the NSA's activities, explaining that when the NSA collects phone records, it only sees the phone numbers, time of day and duration of each call. "There is no content and no names," he said, insisting NSA analysts are not collecting the content of America's communications.

"We'd need a warrant to do that," said Alexander, pointing to provisions in the Foreign Intelligence Surveillance Act (FISA), authorized in 2008. Warrants are issued when Americans are shown to be in contact with foreign targets overseas, and that occurred fewer than 300 times in 2012, he said. Alexander acknowledged that NSA analysts had made technical and operational errors that counted as conduct violations, but insisted that over the past decade, "we've had only 12 willful violations" where individuals used NSA systems wrongfully, mainly in pursuit of foreign nationals, and "we held them accountable."

Information released by former NSA contractor Edward Snowden has exposed the NSA to criticism that NSA analysts have been able to skirt FISA rules. Lawmakers, including Sens. Patrick Leahy (D-Vt.) and Ron Wyden (D-Ore.), have introduced legislation that would end the program that allows the NSA to collect domestic phone records. Turning to cybersecurity concerns, Alexander warned that this past year's distributed denial of service attacks on Wall Street and South Korean banks reflect the ever-increasing sophistication and skill of the nation's adversaries in cyberspace.

"The most important thing we can do is train our people with the technical skills that really matter," he said, noting that a third of the workforce at U.S. Cyber Command has gone through advanced technical training this year, with the rest of the workforce due to complete training by 2015. Part of that training includes Cyber Guard and Cyber Flag exercises, involving teams from the NSA, the Department of Homeland Security, the FBI and the National Guard that focus on joint operations in cyberspace.

"This is a threat we have to address," and it's one [that] senior military officials are taking seriously, as evidenced by their continued investment in cyber operations even as sequestration is forcing them to cut billions of dollars from their defense budgets, Alexander said.

"The thing we have to fix," he said, is "the need for a defensible architecture" across the Defense Department. "The legacy architecture we have today has a number of problems," most notably the difficulty of seeing what's going on across 15,000 IT and communications systems being maintained across the military.

Alexander is among the military's strongest advocates for moving toward a thin-client, cloud-based computing environment. He refuted the assumption that "having your information in 15,000 enclaves is somehow more defensible," arguing for the ability to centrally identify vulnerabilities, administer patches, monitor activity and protect the network from cyber attacks.

Alexander also appealed for support for legislation that would make it easier for the government and the private sector to share cyber threat information, but which faces opposition in Congress out of concern that such an arrangement would undermine civil liberties and impose added burdens on business.

"We can tell (banks and other businesses) how their systems went down and how bad they were hit, but if we can't share information with industry," which owns most of the nation's critical infrastructure, "we can't stop" the attacks without greater cooperation, he said.

As for actions the NSA has taken to address insider threats, following the Snowden leaks, Alexander said the NSA has instituted "a two-person rule" requiring two authorized individuals to be present whenever specific kinds of information are to be transferred from servers or onto removable media.