Cyber Command chief says military computer networks are vulnerable to attack

By Ellen Nakashima
Washington Post Staff Writer
Friday, June 4, 2010

The U.S. government is seeing "hints" that adversaries are targeting military networks for "remote" sabotage, the head of the Pentagon's recently launched Cyber Command said in his first public remarks since being confirmed last month.

"The potential for sabotage and destruction is now possible and something we must treat seriously," said Gen. Keith B. Alexander, who also heads the National Security Agency, the nation's largest intelligence agency. "Our Department of Defense must be able to operate freely and defend its resources in cyberspace."

Alexander spoke Thursday before more than 300 people at the Center for Strategic and International Studies in Washington.

In remarks afterward, Alexander said he is concerned about the safety of computer systems used in war zones. "The concern I have is when you look at what could happen to a computer, clearly sabotage and destruction are things that are yet to come," he said. "If we don't defend our systems, people will be able to break them."

James A. Lewis, director of CSIS's Technology and Public Policy Program, said advanced militaries are capable of destroying U.S. computer systems. "That wasn't true four years ago, but it's true now and Cyber Command will have to deal with it," he said.

The Cyber Command, launched last month at Fort Meade, was created by Defense Secretary Robert M. Gates to streamline the military's capabilities to attack and defend in cyberspace, supported by NSA's intelligence capabilities.

Alexander stressed that the Command will focus on protecting the U.S. military's 15,000 computer networks under oversight of the special Foreign Intelligence Surveillance Court, Congress and the administration. His remarks were aimed at assuaging concerns over the NSA's role in helping to protect civilian and private-sector networks, as well as fears of a "militarization" of cyberspace.

"We spend a lot of time with the court, with Congress, the administration, the oversight committees to ensure they know what we're doing and why we're doing it," Alexander said.

This is done in classified settings, he said, including before the surveillance court, set up as part of the effort to protect Americans from unwarranted government surveillance.

"The hard part is, we can't go out and tell everybody exactly what we did or we give up capability that may be extremely useful in protecting our country and our allies," he said.

Alexander's confirmation was delayed for months by congressional concerns over the command's role and scope of action, how its operations would affect Americans' privacy, and a lack of clarity over rules of the road in cyber warfare.

The rules are still being debated and formulated, he said. So are the rules of engagement for working with the Department of Homeland Security and private industry in protecting the private sector's systems, which is perhaps the most difficult challenge.

But Alexander has his hands full just hardening the military's systems. DOD systems are probed by unauthorized users more than 6 million times a day.

"While our front-line defenses are up to this challenge, we still have to devote too much of our time and resources to dealing with relatively mundane problems," such as poorly engineered software and missing patches, he said.

© 2010 The Washington Post Company