But Alexander warned that budget cuts will undermine the effort to build up these forces even as foreign threats to the nation’s critical computer systems intensify. And he urged Congress to pass legislation to enable the private sector to share computer threat data with the government without fear of being sued.
As he moves into his eighth year as director of the National Security Agency and his third year as head of the fledgling Cyber Command, Alexander told the Senate Armed Services Committee that the strategic-threat picture is worsening. “We’ve seen the attacks on Wall Street over the last six months grow significantly,” he said, noting there were more than 160 disruptive attacks on banks in that period.
Describing an attack on Saudi Arabia’s national oil company, he said: “Last summer, in August, we saw a destructive attack on Saudi Aramco, where the data on over 30,000 systems were destroyed. And if you look at industry, especially the anti-virus community and others, they believe it’s going to grow more in 2013. And there’s a lot that we need to do to prepare for this.”
The U.S. intelligence community has indicated that the assaults on the banks and Saudi Aramco were the work of Iran in retaliation for U.S. financial sanctions imposed to deter Iran from pursuing a nuclear weapons program.
Alexander’s remarks came as U.S. intelligence officials elsewhere on Capitol Hill testified about the growing cyberthreat. At a national security threat hearing, Director of National Intelligence James R. Clapper Jr. called on China to stop its “cyber-stealing” of corporate secrets from U.S. networks.
Alexander said the 13 teams would defend against destructive attacks. “I would like to be clear that this team . . . is an offensive team,” he said.
Twenty-seven other teams would support commands such as the Pacific Command and the Central Command as they plan offensive cyber capabilities. Separate teams would focus on protecting the Defense Department’s computer networks. He said the first third of the forces, which officials have said will total several thousand civilians and uniformed personnel, will be in place by September and the second third a year later.
Some teams are already in place, Alexander said, to focus on “the most serious threats,” which he did not identify.
But he said uncertainty about the budget is affecting the ability to fill out the teams. About 25 percent of the Cyber Command’s budget is being held up by congressional wrangling over the fiscal 2013 budget, he said. And across-the-board cuts that took effect March 1 are forcing civilian furloughs. “By singling out the civilian workforce, we’ve done a great disservice,” said Alexander, noting that one-third of the command workforce is made up of Air Force civilians.
He said some cybersecurity recruits have taken a salary cut to work for the government, only to be faced with a furlough. “That’s the wrong message to send people we want to stay in the military acting in these career fields.”
The attacks hitting the banks are “distributed denial of service attacks” — or barrages of network traffic against Web site servers — that are best handled by the Internet service providers, he said. The issue is “when does a nuisance become a real problem” that forces the government to act, he said. The administration is debating that now, he said.
To detect major attacks on industry, the department needs to see them coming in real time, Alexander said. The Internet service providers are best positioned to provide that visibility, but they lack the authority to share attack data with the government, he said. In particular, he said, the companies need legal protection against lawsuits for sharing the data.