Agencies aim to bolster cybersecurity
Friday, September 24, 2010
The White House is reviewing whether to ask for new authorities for the Defense Department and other government agencies to ensure that the nation's critical computer systems are protected in the event of a major attack, the commander of the Pentagon's new Cyber Command said Thursday.
If an adversary were to penetrate the U.S. power grid or other critical systems with an "unknown capability," those systems probably would "shut down," Gen. Keith Alexander told members of the House Armed Services Committee.
The Cyber Command is tasked with protecting only military computer networks. "It is not my mission to defend, today, the entire nation," Alexander said.
Deciding who should execute what role in defending the nation against cyberattack is a thorny issue, complicated by the fact that the agency tasked with assisting the private sector - the Department of Homeland Security - lags behind the Defense Department in personnel, resources and capabilities.
Alexander said the White House is discussing how to form a team with the FBI, the Cyber Command, DHS and other agencies to "ensure that everybody has the exact authorities and capabilities that they would need to protect the country." The White House may have to ask Congress for new authorities.
The $120 million Cyber Command was launched in May and will be fully operational on Oct. 1.
It has the authority to defend the military networks, and if directed by the president, to attack adversaries. It works side by side with the National Security Agency, the electronic spy organization, which has authority to penetrate foreign networks for surveillance purposes. Using this ability, former officials said, it has been able to detect never-used malicious software that an adversary might be planning to use in an attack.
Alexander, who also directs the NSA, sought to reassure lawmakers that the agency and the Cyber Command respect privacy and civil liberties. He said that allaying those concerns requires "transparency" and ensuring that the public understands the functions of the NSA and the Cyber Command.
He added: "What we can't do is say, 'Here's a specific threat we're defending against and how we're defending against it, because the adversary will have in three days a way to work around it."
At a roundtable with reporters on Wednesday, Alexander advocated creation of a "secure" network for government computer systems and those of critical sectors, such as the power grid.
That strategy - walling off critical computer networks from the rest of the Internet - "is probably where you're going to get to, and it makes a lot of sense," he said.
But some in industry were skeptical.
It would be impractical and "unbelievably expensive," said Joe Weiss, a cybersecurity expert. who has researched the issue.
"It would be very difficult to try to interconnect all these different companies, including the government," Weiss said. "This isn't just one entity where you walk a wire around Potomac Electric. You have all the neighboring utilities that you need to connect to. You would also have all the other major industrial operations - and with Smart Grid, conceptually, every homeowner. This is not simple."