The U.S. Cyber Command must strike a balance between securing national security assets and protecting individual privacy, according to Lt. General Keith Alexander, currently serving as head of the NSA and the man nominated to run Cyber Command. Gen. Alexander also said in his remarks at his Senate confirmation hearing that many issues pertinent to Cyber Command’s operations are as yet undetermined.
If confirmed, Alexander said that he looks forward to working with DoD and Senate Armed Services Committee representatives to flesh out the command’s day-to-day operations.
The NSA chief noted that threats to defense computer systems have continued to multiply, “we’ve been alarmed by the increase this year,” he said, “and it’s growing rapidly.”
His first priority if confirmed, Gen. Alexander added, will be building capacity and capability to secure critical networks and increasing public education on the command’s purpose: “this command is not about an effort to militarize cyber space. Rather, it’s about safeguarding our military assets.” He also added that the command will be audited periodically, and will follow “a legal framework.”
Privacy is only one of several stymies to overcome, according to Gen. Alexander. Other problem areas include collaboration with the private sector and non-aligned states, and how to identify the perpetrator of a cyber attack.
Gen. Alexander said that Cyber Command will respond to cyber attacks under Title 10 of the U.S. Code and would follow standard rules of engagement, adding that foreign operations would require the authority of the U.S. combatant commander for that region with approval by the president. He noted that those scenarios become more complex if an attack originated in a neutral country, or used computers in the U.S., saying that in the latter case, Homeland Security would have jurisdiction but could ask Cyber Command for assistance.
On private sector cooperation, Gen. Alexander said “One of the things the administration is trying to address with [Homeland Security and the Defense Department] is how we do this with industry. That’s probably the most difficult issue, and one we will spend the most time working on.”
He added that while Homeland Security is responsible for the security of “dot-gov” domains, Cyber Command is responsible for “dot-mil,” and for advance warning of cyber threats to U.S. interests and providing people and capabilities to support any homeland threat. Since corporations own and operate most of America’s online infrastructure, Gen. Alexander says the government needs to work more closely with them. “They’re on the leading edge,” he said. “They have great capabilities and great talent. The government is going to have to leverage that talent.”