The nation’s defenses against cyber threats are too static and reactive, and instead need to be more active by providing early warnings of attacks that intelligence and other capabilities can offer, while also being able to operate inside networks to “look for adversaries,” the U.S. military cyber chief said.
Current cyber defenses basically consist of applying patches to fix breaches in network security and then waiting for a breach to occur again before applying another fix, Gen. Keith Alexander, director of the National Security Agency and commander of U.S. Cyber Command, said recently at the annual Armed Forces Communications and Electronics Association (AFCEA) Homeland Security Conference in Washington. The nation can’t have this type of static defense for cyber space, he said.
Alexander also spoke last week at the annual RSA information security conference in San Francisco, where he cited the need for active defenses in cyber space. However, he offered a bit more substance at the AFCEA event about what it takes to be more proactive in cyber security.
For one, “and perhaps most importantly,” it means having intelligence to warn that something is going to attack a network, in particular the most critical networks, Alexander said. The “intelligence community provides signatures, classified, to those who can protect (networks) to ensure that we know everything that we can to protect our systems.”
It also means understanding what is happening at the boundary of a network and “how that appears inside our network,” he said.
Alexander also said that our “red teams and blue teams” need to be trained to operate inside our networks to hunt adversaries.
These active defenses also have to be extended beyond the military domain to protect all critical infrastructures, he said.
A key element to extending the nation’s capabilities in active defense across the various domains is a partnership begun last fall between the Department of Defense (DoD) and the Department of Homeland Security (DHS) to bolster cooperation between the two organizations in the area of cyber security, Alexander said. The agreement also allows the two departments to leverage each other’s expertise in cyber-security-related fields, he said.
Extending the active defenses to other critical infrastructures is the role of DHS with DoD in support, Alexander said. He also said that the White House, with the help of various government agencies–including DoD, DHS, the Justice Department, and the intelligence community–is leading efforts to extend defenses of critical infrastructure, with efforts underway to define the relationships between government and the private sector for cyber security.
“I think that is a key step forward,” Alexander said. “We have to create a set of private-public relationships for a secure zone…for our nation’s most critical networks.”
Basically it comes down to developing a strategy for protecting the government and then extending that to protecting the most critical infrastructure, Alexander said. These partnerships will help address issues with civil liberties and privacy, he added.
A key capability that is lacking in boosting the nation’s cyber defenses is situational awareness, Alexander said. Currently there is no common view of cyber space, with much of the data about events incomprehensible and none if it showing “what’s going on right now,” he said.
“What you’re getting is history and forensics,” Alexander said. “We need situational awareness.”
Part of the way to address this is boosting demand for more secure technology, Alexander said. For the military, this also means creating the “capacity.”
The military needs to build the “capacity” for doing what it takes to “operate and defend its network in wartime,” he said.