WASHINGTON—The Defense Department’s top cyber warrior made the case Monday for an expanded role for government agencies, including the Pentagon, in protecting critical private infrastructure from destructive online attacks and theft of intellectual property.
“The reality is to defend the country in this area is its going to take real-time capability and sharing, and it’s going to take the FBI, DHS, DOD and the [intelligence community] working together to make that happen,” said Gen. Keith Alexander, commander of U.S. Cyber Command and director of the National Security Agency.
Alexander listed a raft of statistics about a rising number of Internet-sourced attacks on government and private computer networks in the United States, quoting Defense Secretary Leon Panetta’s statement before Congress last month that an attack against public utilities and other infrastructure could amount to “another Pearl Harbor.”
Alexander said he believes terrorist groups like al-Qaida likely lack the ability now to mount devastating attacks against electric grids, nuclear power facilities and the like. But he said that such groups might be able quickly develop the necessary skills, given members with the right technical expertise.
Meanwhile, online thefts by network intruders, Alexander said in a point he has often made, are the “greatest transfer of wealth in human history.”
But the federal government currently lacks the authority to help utilities and others safeguard their systems and networks, Alexander said Monday to an audience at the American Enterprise Institute in Washington.
It’s up to Congress to decide how to codify such authority, including decisions about how to protect civil liberties, he said. But it’s not necessary for DOD or other agencies to actually monitor information contained in networks or flowing between them, Alexander said.
Some privacy advocates have charged that sophisticated monitoring programs like NSA’s Einstein 3, which watches Internet traffic for signatures of a cyberattack in process, give the government far too much reach into private data.
But if Congress charges government agencies with protecting private networks, DOD and others would only look for signs of attack—not snoop on private data, he said.
“One of the things we have to have, then, is if the critical infrastructure community is being attacked by something, we need them to tell us at network speed, “ he said. “It doesn’t require the government to read their mail, or your mail to do that.”