With at least 5,000 new pieces of malware show up online a day, simply deploying a firewall and fixing things when they break isn’t good enough, according to U.S. Cyber Command and National Security Agency head Gen. Keith B. Alexander.
“We can no longer depend on a static defense,” said Alexander, spoke at the University of Tulsa on Monday, The Tulsa World reports. He noted that as electricity and water systems become increasingly computerized and interconnected, they too could be brought down by a cyber attack.
Alexander spoke of the electric grid in the Northeast that collapsed in 2003 because of software anomalies. He also mentioned the Sayano-Shushenskaya hydroelectric dam in Russia, which suffered a turbine failure in 2009 and killed 75 people because its stability software was down.
Concern about civil liberties often emerges in talks about cybersecurity, and Alexander said he and his team worry about it, too.
“We’re not asking for one over the other; we should have both civil liberties and protection,” he said. “As Americans, we should demand it.”
NSA’s cyber activities are both defensive and offensive in nature, though the general said he could not offer details on particular offensive operations. He did say the rules of computerized warfare are still being determined, such as what happens when an attack is routed through an adversarial country, a neutral nation or the United States, itself.
“These are issues we have to work our way through, because the laws and boundaries aren’t clear,” he said.