[Infowarrior] - Cyber-Command May Help Protect Civilian Networks

[Richard Forno]

Cyber-Command May Help Protect Civilian Networks

By Ellen Nakashima
Washington Post Staff Writer
Wednesday, May 6, 2009

http://www.washingtonpost.com/wp-dyn/content/article/2009/05/05/AR2009050504342_pf.html

The Pentagon is considering whether to create a new cyber-command that  
would oversee government efforts to protect the military's computer  
networks and would also assist in protecting the civilian government  
networks, the head of the National Security Agency said yesterday.

The new command would be headquartered at Fort Meade, the NSA's  
director, Lt. Gen. Keith B. Alexander, told the House Armed Services  
terrorism subcommittee.

Alexander, who is a front-runner to assume control of the command if  
it is created, said its focus would be to better protect the U.S.  
military's computers by marrying the offensive and defensive  
capabilities of the military and the NSA.

Through the command, the NSA would also provide technical support to  
the Department of Homeland Security, which is in charge of protecting  
civilian networks and helps safeguard the energy grid and other  
critical infrastructure from cyber-attack, Alexander said.

He stressed that the NSA does not want to run or operate the civilian  
networks, but help Homeland Security improve its efforts.

"So if we develop something we're going to use for the Defense  
Department, it makes no sense for [Homeland Security] to develop the  
same thing," he said in a short interview after the hearing. "They can  
leverage it . . . We have great technical people. We can provide them  
the support."

His remarks come as the White House is preparing to release a report  
based on a review of the government's cyber-security initiatives. The  
cyber-command idea was raised in a letter last year by then-Director  
of National Intelligence Mike McConnell to Defense Secretary Robert M.  
Gates.

As proposed by the Pentagon, the command would fall under the U.S.  
Strategic Command, which is tasked with defending against attacks on  
vital interests.

The NSA, which drew fire for its role in the Bush administration's  
program to monitor without a warrant Americans' e-mails and phone  
calls, has "phenomenal depth and expertise far beyond what is there at  
DHS," said Amit Yoran, a former top DHS cyber-security official now in  
the private sector.

But Yoran cautioned that the effort must be transparent. "DHS needs to  
be very, very cautious about its participation in a program like that  
because you could fundamentally erode the trust DHS needs in order to  
be successful in its broader security mission."

Any effort involving the NSA that goes beyond protecting the military  
networks requires careful legal analysis, he said.

Alexander said a host of questions must be resolved for the military  
and intelligence community to broaden their partnerships with other  
entities. "What is the framework for sharing threat signatures that  
are classified? How do we do it at network speed so that it's  
defensible? What's that legal framework and what's that operational  
framework? Those are areas that technically are easier to do than to  
set the legal framework up."

Already, he said, DHS officials have been invited to see how the NSA  
runs its cyber-security, he said. The idea would be to formalize that  
partnership.

"We could say, 'Here's the path we're going down,' " he said. "They  
can choose their own path, but at least they know one that's been  
tried and the problems and issues we've had."

To truly address the cyber-threat, the military must boost its  
partnership with the private sector as well as with DHS, he said at  
the hearing.

But the path forward has obstacles, he acknowledged. Say the NSA  
discovers a malicious computer code that an adversary is using, he  
said. If the government shares that classified information with, say,  
the antivirus industry, "how do we ensure that it's not given out so  
widely that our adversaries have it?" he said.

Post a Comment