Gen. Keith Alexander, chief of the U.S. Cyber Command, told an audience the country needs clear rules of engagement to protect cyberspace as the nation confronts emerging threats.
Gen. Keith Alexander, head of the U.S. Cyber Command, called for the
establishment of clear rules of engagement for cyberspace as the
country deals with the prospect of "remote sabotage."
Alexander spoke June 3 before an audience at the Center for
Strategic and International Studies, a think tank in Washington,
DC. In comments to the crowd, Alexander, who is also director of the
National Security Agency (NSA), said the realities of securing the
Internet require the government have a framework in place to guide its responses to attacks
"What the department is looking at," he said, "are what are the
standing rules of engagement that we have? Do those comport with the
laws, the responsibilities that we have? Can we clearly articulate
those so that people know and expect what will happen? And I think we
have to look at it in two different venues, what we're doing here in
peacetime and what we need to do in wartime to support those units that
are in combat."
He noted there may need to be different sets of rules governing U.S.
responses in different situations, such as a direct attack from a
country the U.S. is at war with or an adversary using a neutral country
to bounce their attack through.
"It's not unlike warfare, where...you have armed conflict going in one
state and somebody attacks from a neutral state," he said. "There are
laws of land warfare that deal with that. We now have to look at that
in light of cyberspace."
Increasingly, systems are being targeted for remote sabotage, as
opposed to distributed denial-of-service attacks like those that targeted Georgia and Estonia
few years ago, he said. Dealing with the threats will require a "unity
of effort" and "a commitment of dedicated resources," he said.
Alexander officially took the reigns for the Cyber Command May 7
In April, Alexander told the Senate Armed Services Committee Cyber
Command would not seek to -militarize' the Internet. He reiterated
however that the government would look to strike a balance between
national security and civil liberties.
"The hard part," he explained, "is we can't go out and tell
everybody exactly what we did or we give up a capability that maybe
extremely useful in protecting our country and our allies...You say,
-I'm defending my computer system using the following steps: one, two,
three, four.' The adversary will say, -thank you, one, two, three,
four, now I know how to get around it,' and within a day, they're
through. That's the problem that we face, and so I think the real key
to the issue - how do we build the confidence that we're doing it right
with the American people, with Congress and everybody else?"