Alexander vows that DOD will have full cyber readiness by 2014

Responding to the alarming sophistication of both private sector and nation-state hackers, U.S. Cyber Command (USCYBERCOM) is intent on building a force of cyber-warriors within the next two years so that can deal with any and all challengers by 2014, according to USCYBERCOM Commander Gen. Keith Alexander.

“We are critically short of the skills and the skilled people we as a command and a nation require to manage our networks,” Alexander recently told the U.S. Senate Armed Services Committee. “In order to achieve our goals in this area by 2014, we must build a skilled force capable of full-spectrum cyber operations across a continuum of threats.”

The future cyber force will also take a much more aggressive stance against hackers than previously seen, according to Alexander. That posture was triggered by comments made by President Barack Obama in his International Strategy for Cyberspace, who warned a year ago on the release of the strategy that the United States will respond, when warranted, to hostile acts in cyberspace, as it would to any other threat to the country.

“We reserve the right to use all necessary means – diplomatic, informational and economic – as appropriate and consistent with international law,” Alexander said. “We will maintain the capability to conduct cyber operations to defend the United States, its allies and its interests, consistent with the Law of Armed Conflict.”

The U.S. military is playing a serious game of catch-up in the cyber realm, partly in reaction to numerous hacker victories during the past few years – both publicized and classified. “[We have seen] cyber capabilities in use that could damage or disrupt digitally controlled systems and networked devices, and in some cases we are not sure whether these capabilities are under the control of a foreign government,” Alexander said.

“Furthermore, we believe it is only a matter of time before some one employees capabilities that could cause significant disruption to civilian or government networks and to our critical infrastructure here in the United States,” he added.

One especially troubling breach for Alexander was the compromise last year of security tokens created and managed by the RSA Laboratories of Cambridge, Mass. These tokens are regularly used by the DOD and others to exchange data and information via two-factor authentication. “A penetration of the internal network that stored the RSA’s authentication certification led to at least one U.S. defense contractor being victimized by actors wielding counterfeit credentials.”

Fortunately, USCYBERCOM has been scoring some victories as it ramps up to fighting weight. It responded to the RSA tokens breach by replacing those token on computers throughout the DOD network. “Partly as a result of our actions, we have not seen any intrusions of DOD networks related to the RSA compromise,” Alexander said.

Cyber Command has also been especially vigilant about regularly occurring security problems with Adobe software, and widely used application throughout the Defense Department. Back in 2010, just when Cyber Command was being formed, the military was stung severely by security vulnerability in Adobe software that resulted in numerous intrusions on an array of DOD networks.

These days, Cyber Command has the wherewithal to be more proactive, and is better prepared against such potential attacks. “When another Adobe vulnerability was discovered in late 2011, Cyber Command quickly took action to ensure that no one would be able to use it against us,” Alexander said.

USCYBERCOM also has had similar luck against digital anarchist groups that have successfully terrorized some major corporations during the past few years. “The online collective that call itself Anonymous, to mention just one of these groups, announced several attempted attacks against Department of Defense information systems,” Alexander said. “Cyber Command was able to direct and integrate pro-active defensive cyber operations to successfully counter these threats.”

The bottom line is that while digital anarchists had a field day in the private sector in 2011, Cyber Command helped to “prevent any of these threat actors from having a similar effect against DOD networks,” Alexander said.

Cyber Command’s goal essentially is to ensure that a commander with a mission to execute has a full suite of cyber-assisted “potions” from which to choose, and that he can understand what effects they will produce for him, according to Alexander. Currently, Cyber Command can only offer such an intensive process with two of the combatant commanders at a time, although the goal is to be able to provide that kind of response for all combatant commanders.

“I can assure you that, in appropriate circumstances and on order from the National Command Authority, we can back up the department’s assertion that any actor contemplating a crippling cyberattack against the United States would be taking a grave risk,” Alexander said.