NSA director to testify at Senate hearing on cyber command unit
In an effort to protect the military's computer networks, the Obama administration is planning to put the leader of the nation's largest electronic spying agency in charge of a new military organization capable of launching attacks against enemy networks and power grids.
If confirmed by Senate, Lt. Gen. Keith Alexander, director of the National Security Agency, would take charge of the Pentagon's newly formed cyber command and preside over a virtual army of computer technicians and network warfare specialists.
But even as the Obama administration presses the importance of cybersecurity and hails its nominee as an aggressive and innovative military intelligence officer, Alexander's confirmation has been delayed for nearly six months. Lawmakers have questioned whether the head of the NSA should lead a military unit and what, exactly, that new unit will be empowered to do.
Alexander is set to testify before the Senate Armed Services Committee on Thursday but has already provided written responses to questions from lawmakers.
Among other things, he stated that, faced with a cyber attack, the military must be able to respond in kind. It is "reasonable to assume that returning fire in cyberspace" is lawful, as long as any actions comply with the laws of war, he said in a 32-page document.
At issue is how military and intelligence authorities guide the operations of any new cyber command. U.S. policies governing cyber attacks and counterattacks lag behind the military's ability to conduct them.
Part of the challenge is that in cyberspace, a line of computer code could be an attempt to spy, disrupt a network or defend it, and that same code might unintentionally knock out critical systems in countries far from the target. The ambiguity -- and the fact that there is no international consensus on what constitutes use of force in cyberspace -- means the risks of provoking international conflict are real, experts say.
Any offensive cyber action must be guided by orders from the secretary of defense and approved by the president, a senior defense official said.
He "can't simply get up one morning and say, 'I want to go attack something,' " the official said.
In his written responses, Alexander said that clandestine, offensive actions in cyberspace -- such as dismantling a Web site used by jihadists overseas -- are "traditional military activities" and should not be considered covert operations.
In the event of a cyber attack, the military must still be able to carry out conventional operations.
"Even with the clear understanding that we could experience damage to our infrastructure, we must be prepared to 'fight through' in the worst case scenario," he said.