Chief of the U.S. Cyber Command says the United States is not adequately prepared for a serious cyber attack.
Army General Keith Alexander, who also serves as the Director of the National Security Agency and the Chief of the Central Security Service, said in terms of preparation for a cyber attack on a critical part of its network infrastructure, the U.S. was at a three on a scale of one to ten.
The problem of defending the nation from a cyber attack is complicated, Alexander told the Aspen Institute's annual security forum on Thursday. It is not just a question of preparing the Department of Defense or federal networks. Private industry also has to be defended.
"Industry has a variety of capabilities," Alexander said. While networks serving the financial community are well-defended, other sectors need help.
Key to developing a strong cyber security infrastructure is educating its users, Alexander said. "We have a great program, it's jointly run by [the National Security Agency] and [the Department of Homeland Security] working with over 100 different colleges and universities to set up an information assurance/cyber security portfolio," he said.
Ensuring people who did not grow up in the Internet age are security-aware is one of the major challenges facing those who secure the network, Alexander said.
The number of exploits of mobile technology has almost doubled over the past year, he said, and many people do not realize that phones are tied into the same digital network infrastructure as computers.
Alexander defined exploits as the means that a hacker uses to penetrate a system, including mobile phones or tablets, to potentially steal files and credentials or jump to another computer.
"The attack surfaces for adversaries to get on the Internet now include all those mobile devices," Alexander said. And mobile security lags behind that of cyber security for land-line devices like desktop computers.
Alexander said the Department of Defense, in concert with agencies like the Department of Homeland Security and the Federal Bureau of Investigation, works together with industry to secure network devices.
Several nations are capable of serious cyber attacks, he explained, but anyone who finds vulnerabilities in the network infrastructure could cause tremendous problems.
Industry and government must work as a team to combat these threats, Alexander said.
The Cyber Command chief said he was most concerned about the shift to destructive attacks from disruptive attacks. "Those are the things that will hurt our nation."
Destructive attacks are designed to destroy parts of the network infrastructure, like routers or servers, which would have to be replaced in order to resume normal operations, Alexander said. In some cases this could take weeks or months.
Congress is considering bills that would give the Department of Homeland Security a greater role in setting performance requirements for network industries. "What we need to do is come together and form best practices," according to Alexander.
Government-civil partnerships open up the possibility that the U.S. can accomplish things in cyber space that no other nation has the capability to accomplish, he said.
"Get cyber legislation in there, bring industry and government together, and now we have the capability to say 'You don't want to attack us. We can stop it and there are other things that we can do to really make this hurt.'"
"The key is having a defensible capability that can survive that first onslaught," Alexander said.
by RTT Staff Writer
For comments and feedback: email@example.com