WASHINGTON: NSA director and Cyber Command chief Gen. Keith Alexander stepped into the lion’s den today to address the Chamber of Commerce, which helped kill cybersecurity legislation Alexander had strongly backed.
Over and over, Alexander reassured the business-dominated audience at the Chamber’s cybersecurity conference today that the government sought to work together with industry as a “team” through “discussion” to secure the nation’s networks “in a way that is acceptable, and perhaps more importantly fiscally acceptable, to industry.” Over and over, he emphasized that “we don’t need the government in our networks to do this.” In other words: don’t fret about us; don’t fight against us; we won’t push a cybersecurity solution that business (read the chamber) finds intrusive or unaffordable.
Both the White House and the Chamber of Commerce itself have suffered cyber attacks lately, Alexander noted: “We all have a problem and we all ought to be part of the solution.”
(Alexander’s conciliatory remarks were immediately followed by a fiery speech from House intelligence committee chairman Rep. Mike Rogers).
The general also discussed the Defense Department’s cybersecurity doctrine, which he said is in its “early stages,” while continuing to stress that cyberattack is in the US toolkit. “Candidly speaking, if your defense is only to try to block you will never be successful,” Alexander said. A sufficiently massive and sophisticated distributed denial of service (DDOS) attack could shut down any Internet service provider (ISP), he said. “So what’s the alternative? To stop it before it happens,” he said. Part of our defense has to consider offensive measures like that to stop it from happening.”
But Alexander didn’t write defense off as impossible. He expressed optimism that cloud computing — in effect, consolidating the Defense Department’s scattered networks into a smaller number of centralized servers, with most users relying on subordinate, low-capacity systems called “thin clients” — would make them easier to protect. “That’s more defensible,” he said.
Currently, “the Defense Department has 13,000 enclaves [i.e. distinct networks]; think of applying patches to all that… you’ll never get them all done at the same time,” Alexander said. “With the thin-virtual-[client] cloud environment, you can push those out at network speed.” He particularly touted the National Security Agency’s own Accumulo program, built in-house at NSA from open-source software without going to industry — an approach which has come under heavy criticism in Congress.
Ultimately, though, these topics were only excursions from the central theme Alexander hammered home again and again: That government wants to work with industry to secure cyberspace without intruding into private information or interfering with business operations.
“You are the foundation for the nation, business,” Alexander extolled the assembled industry executives “You are what makes this country great. We can’t afford the military and the government without great business — and we’re getting the death of a thousand cuts with the theft of intellectual property.”