Alexander stresses need for network situational awareness

In one of his first public appearances since taking command of the Defense Department's new Cyber Command, Army Gen. Keith Alexander made clear that the military must bolster its ability to monitor many computer networks in real time.

DOD needs a sharable common operating picture (COP) across its networks to enable real-time responses to cyber threats, Alexander said. Situational awareness across DOD’s networks is often based on forensics generated after an incident has occurred, he said in a June speech at the Center for Strategic and International Studies.

"We do not have a COP, a common operating picture, for our networks," Alexander said. "We need to get there. We need to build that."

DOD is responsible for protecting more than 7 million devices, linked through 15,000 networks, with 21 satellite gateways and 20,000 commercial circuits, Alexander said. Unauthorized users probe DOD's networks about 250,000 times an hour, or more than 6 million times per day, he added.

Alexander said his mission won’t be easy, adding that in addition to problems of unknown vulnerabilities, strong adversary capabilities and weak situational awareness, officials also face a worrisome trend.

"A decade ago, network penetration seemed targeted mostly at exploiting data. In the last few years, we saw the bar of conduct lowered for computer network attacks,” he said, citing distributed denial-of-service attacks in Estonia and Georgia that impeded government functions. “Now there are hints that some penetrations are targeting systems for remote sabotage.”

Alexander benefits from his additional perspective as head of the National Security Agency, a position he will continue to hold in addition to leading the Cyber Command. On May 7, the Senate approved Alexander to become a four-star general and lead the new command. The command is designed to integrate the military’s offensive and defensive cyber capabilities, as Defense Secretary Robert Gates ordered in June 2009.

In response to a question after his remarks, Alexander said the need for greater situational awareness also applies to war zones, such as Iraq and Afghanistan.

"In a war zone, a commander has to have confidence in his command and control system," Alexander said. "Increasingly, our intelligence, our operations, our weapons platforms are all being brought together in cyberspace. We have to have confidence that that space is secure, and whoever is running that space for that commander in that area has to know" that it's secure.

Alexander also said it was important for the United States to establish rules of engagement for military action in cyberspace, an effort that’s under way. He said he thought engagement rules needed to be considered differently for wartime situations.

Alexander said officials also should:

• Share threat data at net speed.
• Synchronize the command and control of integrated defensive and offensive capabilities at net speed.
• Maximize national power to ensure that the United States and other countries can benefit from free movement in cyberspace.
• Continue to conduct international engagement and diplomacy efforts.
• Review military doctrine for appropriateness and effectiveness.
• Consider ways to keep people from exploiting cyberspace for illicit gain.
• Recruit, educate and retain a cadre of cyber experts.
• Be able to operate and adapt to situations at net speed.

Alexander said cyberspace is unique because it’s a man-made and increasingly contested domain. He also said the staffs of the Joint Functional Component Command for Network Warfare and the Joint Task Force-Global Network Operations were recently consolidated.

"Our Department of Defense must be able to operate freely and defend its resources in cyberspace,” he said. “We will do this as we do it in the traditional military domains of land, sea, air and space.”