The Washington Post

Cybersecurity chief urges action by Congress

The director of the National Security Agency made a fresh appeal Monday for cybersecurity legislation to enable the sharing of threat data between the private sector and the government, asserting that the NSA and other agencies were not interested in reading Americans’ e-mails.

Gen. Keith Alexander, who also heads U.S. Cyber Command, said such data-sharing was necessary if the NSA and Cyber Command are to defend the nation against a cyberattack from a foreign adversary. A major concern among civil liberties advocates is that data turned over to the government might violate citizens' privacy

“The key thing in information sharing that gets misunderstood is...we're not talking about taking our personal e-mails and giving those to the government,’’ Alexander said to an audience at the American Enterprise Institute.

Rather, he said, the information sought is more technical, such as the Internet Protocol address the malware was coming from, or the computer port number it passed through. Also crucial, he said, is to have that data at “network speed,” or as it is being detected. “If we know it at network speed, we can respond to it,” he said.

Exactly what Cyber Command or any other government agency might do, and the rules and authorities that govern such actions are being debated now, he said.

Several cybersecurity bills are pending in Congress, with Senate leadership expressing the intent to bring a package of cyber legislation to the floor this month. Senate Democrats and Republicans are hashing out a compromise on that legislation, which includes an effort to require critical private sector industries such as power, water and transportation, to set and meet network security standards

On Monday, Alexander also said that standards were necessary, but “the hard part” was figuring out how to set them. He pointed as a possible model to the SANS Institute's 20 Critical Security Controls, a set of baseline measures that federal and commercial information security officers came up with under the auspices of the SANS education and research institute.

He acknowledged the uphill battle the legislation faces in an election year. But he said he did not want to face the alternative: acting in a crisis, and having to get “hauled down” to the Hill to explain why the government was not able to prevent a major cyberattack.

Comments
Show Comments
0 Comments
Washington Post Subscriptions

Get 2 months of digital access to The Washington Post for just 99¢.

A limited time offer for Apple Pay users.

Buy with
Cancel anytime

$9.99/month after the two month trial period. Sales tax may apply.
By subscribing you agree to our Terms of Service, Digital Products Terms of Sale & Privacy Policy.

Get 2 months of digital access to The Washington Post for just 99¢.

Most Read
Read stories based on reporting for “Trump Revealed,” a broad, comprehensive biography of the life of the president-elect.

politics

Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing