The Senate Armed Services Committee held a hearing today to discuss the nominations of Lt. Gen. Keith Alexander to head U.S. Cyber Command and Vice Admiral James Winnefeld to head NORTHCOM and NORAD. During the hearing, Alexander told Committee members that he was a technology buff and already had an iPad.
The Committee members asked a series of questions of Alexander and Winnefeld regarding the roles that each believe they will play if confirmed.
CYBERCOM is being established as a result of observed attempts to probe DoD systems, according to Alexander.
“One of the underlying principles“¦for standing up this command“¦[is] hundreds of thousands of probes everyday,“ he said.
The probes, while not necessarily breaches of the system, demonstrate a marked increase in attempts by hackers to infiltrate DoD systems.
“We saw it as very serious. We have been alarmed by the increase, especially in this year,“ Alexander told Committee members.
Unlike some confirmation hearings that appear adversarial, several Senators expressed their appreciation for the service and skill of the nominees. “The NSA is a national treasure,“ said Sen. Joe Lieberman.
Sen. James Inhofe told Gen. Alexander “I'm glad that you're doing what you're doing.“
Alexander discussed CYBERCOMs role in the case of a massive cyber attack against U.S. networks. He said the CYBERCOM would plan to come to the aid of federal civilian systems and the private sector in the case of a large scale cyber attack.
However, Alexander continued to highlight the central role the DHS will play in securing the civilian networks and coordinating with the private sector.
“It is absolutely important to have DHS provide security for those networks,“ Alexander said.
Gen. Alexander also discussed the changes that have been made to the current structure of cybersecurity operations. Previously, the teams were split between offensive and defensive capabilities. One of the main lessons learned in war games was that the offensive operators were incredibly effective. NSA decided to bring some of the offensive individuals on board to the defensive team to enhance cybersecurity efforts, according to Alexander.
He also highlighted the need to provide a defense-in-depth structure rather than a perimeter defense. “That's absolutely important because the adversary is always going to try to penetrate our network,“ Alexander said.
The testimony also demonstrated the importance of public-private partnerships to secure the nation's critical infrastructure.
“The key issues that come on the table“¦are that most of our infrastructure is owned and operated by private industry,“ Alexander said. “If we are going to be effective“¦we need to have great partnerships.“
Alexander also said that the government will need to leverage the capabilities of the private sector. While he believes that many CEOs are seeing the current threat landscape, he sees increasing cooperation as “education process.“
Central to educating the private sector, is operating in a transparent environment.
“What are the rules and how are we operating?“ Alexander told Committee members. “We need to be transparent in how we do it.“
Alexander sees transparency as incredibly important.
“I think that first, transparency is important, particularly in the cyber arena,“ he said. “We have to show what we are doing.“
He was also asked to comment on Howard Schmidt's assertion that cyber war does not exist.
“In general terms I do think a cyber war could exist“¦as part of a larger military campaign,“ Alexander said. “In cyberspace you can not only jam, you can do a lot more to information.“