"The most important thing we can do is train our people with the technical skills that really matter," he said, noting that a third of the workforce at U.S. Cyber Command has gone through advanced technical training this year, with the rest of the workforce due to complete training by 2015. Part of that training includes Cyber Guard and Cyber Flag exercises, involving teams from the NSA, the Department of Homeland Security, the FBI and the National Guard that focus on joint operations in cyberspace.
"This is a threat we have to address," and it's one [that] senior military officials are taking seriously, as evidenced by their continued investment in cyber operations even as sequestration is forcing them to cut billions of dollars from their defense budgets, Alexander said.
"The thing we have to fix," he said, is "the need for a defensible architecture" across the Defense Department. "The legacy architecture we have today has a number of problems," most notably the difficulty of seeing what's going on across 15,000 IT and communications systems being maintained across the military.
Alexander is among the military's strongest advocates for moving toward a thin-client, cloud-based computing environment. He refuted the assumption that "having your information in 15,000 enclaves is somehow more defensible," arguing for the ability to centrally identify vulnerabilities, administer patches, monitor activity and protect the network from cyber attacks.
Alexander also appealed for support for legislation that would make it easier for the government and the private sector to share cyber threat information, but which faces opposition in Congress out of concern that such an arrangement would undermine civil liberties and impose added burdens on business.
"We can tell (banks and other businesses) how their systems went down and how bad they were hit, but if we can't share information with industry," which owns most of the nation's critical infrastructure, "we can't stop" the attacks without greater cooperation, he said.
As for actions the NSA has taken to address insider threats, following the Snowden leaks, Alexander said the NSA has instituted "a two-person rule" requiring two authorized individuals to be present whenever specific kinds of information are to be transferred from servers or onto removable media.