Alexander vows that DOD will have full cyber readiness by 2014

Experienced cyber-warrior force will be ready for any and all challenges

Responding to the alarming sophistication of both private sector and nation-state hackers, U.S. Cyber Command (USCYBERCOM) is intent on building a force of cyber-warriors within the next two years so that can deal with any and all challengers by 2014, according to USCYBERCOM Commander Gen. Keith Alexander.

“We are critically short of the skills and the skilled people we as a command and a nation require to manage our networks,” Alexander recently told the U.S. Senate Armed Services Committee. “In order to achieve our goals in this area by 2014, we must build a skilled force capable of full-spectrum cyber operations across a continuum of threats.”

The future cyber force will also take a much more aggressive stance against hackers than previously seen, according to Alexander. That posture was triggered by comments made by President Barack Obama in his International Strategy for Cyberspace, who warned a year ago on the release of the strategy that the United States will respond, when warranted, to hostile acts in cyberspace, as it would to any other threat to the country.

“We reserve the right to use all necessary means – diplomatic, informational and economic – as appropriate and consistent with international law,” Alexander said. “We will maintain the capability to conduct cyber operations to defend the United States, its allies and its interests, consistent with the Law of Armed Conflict.”

The U.S. military is playing a serious game of catch-up in the cyber realm, partly in reaction to numerous hacker victories during the past few years – both publicized and classified. “[We have seen] cyber capabilities in use that could damage or disrupt digitally controlled systems and networked devices, and in some cases we are not sure whether these capabilities are under the control of a foreign government,” Alexander said.

“Furthermore, we believe it is only a matter of time before some one employees capabilities that could cause significant disruption to civilian or government networks and to our critical infrastructure here in the United States,” he added.

One especially troubling breach for Alexander was the compromise last year of security tokens created and managed by the RSA Laboratories of Cambridge, Mass. These tokens are regularly used by the DOD and others to exchange data and information via two-factor authentication. “A penetration of the internal network that stored the RSA’s authentication certification led to at least one U.S. defense contractor being victimized by actors wielding counterfeit credentials.”

Fortunately, USCYBERCOM has been scoring some victories as it ramps up to fighting weight. It responded to the RSA tokens breach by replacing those token on computers throughout the DOD network. “Partly as a result of our actions, we have not seen any intrusions of DOD networks related to the RSA compromise,” Alexander said.

Cyber Command has also been especially vigilant about regularly occurring security problems with Adobe software, and widely used application throughout the Defense Department. Back in 2010, just when Cyber Command was being formed, the military was stung severely by security vulnerability in Adobe software that resulted in numerous intrusions on an array of DOD networks.

These days, Cyber Command has the wherewithal to be more proactive, and is better prepared against such potential attacks. “When another Adobe vulnerability was discovered in late 2011, Cyber Command quickly took action to ensure that no one would be able to use it against us,” Alexander said.

USCYBERCOM also has had similar luck against digital anarchist groups that have successfully terrorized some major corporations during the past few years. “The online collective that call itself Anonymous, to mention just one of these groups, announced several attempted attacks against Department of Defense information systems,” Alexander said. “Cyber Command was able to direct and integrate pro-active defensive cyber operations to successfully counter these threats.”

The bottom line is that while digital anarchists had a field day in the private sector in 2011, Cyber Command helped to “prevent any of these threat actors from having a similar effect against DOD networks,” Alexander said.

Cyber Command’s goal essentially is to ensure that a commander with a mission to execute has a full suite of cyber-assisted “potions” from which to choose, and that he can understand what effects they will produce for him, according to Alexander. Currently, Cyber Command can only offer such an intensive process with two of the combatant commanders at a time, although the goal is to be able to provide that kind of response for all combatant commanders.

“I can assure you that, in appropriate circumstances and on order from the National Command Authority, we can back up the department’s assertion that any actor contemplating a crippling cyberattack against the United States would be taking a grave risk,” Alexander said.

About the Author

Joe Dysart is a contributing writer for Defense Systems.

Reader Comments

Wed, Jul 25, 2012 TBG Missouri

A true cyber terrorist only has to be right once but the USCYBERCOM has to right 100% of the time. If they are part of DHS we all know they are rarely right in much of what they do. DHS and the balance of the federal government is reactive management which means simply when the cyber attack of the power supply to the Treasury, Wall Street, Pentagon, major financial institutions, insurance companies records facilities, phone companies, radio and television stations, and other key corporate headquarters is initiated America is Out of Business. The water and power supply of the US is totally taken for granted of by 98% of the people-but without one or both of them we loose control of our position in the world. Economic and Social melt down.

Sun, Jul 22, 2012

For those of us familiar with "battle calls" - this reminds me of "C2 by 92" - The question - what has changed in the last 20 years? The standards and jargon remain theoredical redoric. Our progress has come from our ability to share knowledge and adapt.

Wed, Jul 18, 2012 Jay D Washington DC

This article is most disturbing. Again, we are in an attack, attack attack mode. Now there is nothing wrong with being totally prepared to attack in Cyber Space. However, nothing is being done about protecting the US Critical Infrastructure....ie....transportation, financial, power grid....etc. The potential for a large scale attack on the US Critical Infrastructure is very very real. Who is addressing this issue? DHS? OK.....the plan is to encourage the private sector controlling our CI to work out their own solution and protect themselves, since the number one priority is to never add another regulation to the private sector. I fear we will all be sitting in the dark, with our bank accounts fried, and the only consolation is that we have a ton of Cyber Warriors ready to attack those responsible. Hopefully the retaliation attacks will be successful....but those responsible for the attacks will more than likely have taken their own CI protection more serious than we have......

Wed, Jul 18, 2012 Ernest Lawhorn

What if your unit doesn't see a needed for your cyber security or information assurance position and thusly, gives away the position, but not the job or duties? How can you get your position reinstated?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above