The Defense Department needs private-sector cooperation in reporting computer network attacks in real time to stop what has been the “greatest transfer of wealth in history” that U.S. companies lose to foreign hackers, the head of U.S. Cyber Command told a Senate committee March 27.
Army Gen. Keith B. Alexander, who also is the National Security Agency director, told the Senate Armed Services Committee that he supports legislation that would require private companies to report attacks, and added that such reporting needs to happen before an attack is complete.
“We need to see the attack,” he said. “If we can’t see the attack, we can’t stop it. We have to have the ability to work with industry – our partners – so that when they are attacked, they can share that with us immediately.”
Many cyber defense bills have stalled in Congress over concerns about privacy, over regulation and the military’s role in cyber protection, Alexander and the senators noted.
The general compared the current situation, where DOD computers receive some 6 million threatening probes each day, to a missile being fired into U.S. airspace with no radars to see it. “Today, we’re in the forensics mode,” he said. “When an attack occurs, we’re told about it after the fact.”
Alexander added, though, that industry should be monitoring their own systems with help from Cyber Command and the Department of Homeland Security. “I do not believe we want the NSA or Cyber Command or the military in our networks, watching it,” he said.
Alexander explained the federal partnership of U.S. cyber security as one in which Homeland Security leads in creating the infrastructure to protect U.S. interests, Cyber Command defends against attacks, FBI conducts criminal investigations, and the intelligence community gathers overseas information that could indicate attacks.
“Cyber is a team sport,” he said. “It is increasingly critical to our national and economic security. … The theft of intellectual property is astounding.”
The Defense Department’s request of $3.4 billion for Cyber Command in fiscal 2013 is one of the few areas of growth in the DOD budget, senators noted. The command has made progress toward its goals of making cyber space safer, maintaining freedom of movement there, and defending the vital interests of the United States and its allies, Alexander said. The command also is working toward paring down the department’s 15,000 separate networks, he said.
Cyber threats from nations – with the most originating in China – and non-state actors is growing, Alexander said.
“It is increasingly likely, as we move forward, that any attack on the U.S. will include a cyber attack,” he said. “These are threats the nation cannot ignore. What we see … underscores the imperative to act now.”