[Vision2020] Pentagon creating teams to launch cyberattacks as threat grows

Wed Mar 13 12:17:01 PDT 2013

Back to previous page
------------------------------
   Pentagon creating teams to launch cyberattacks as threat grows By Ellen
Nakashima<http://www.washingtonpost.com/ellen-nakashima/2011/03/02/ABdt4sM_page.html>,
Published: March 12

The Pentagon’s Cyber Command will create 13 offensive teams by the fall of
2015 <http://tinyurl.com/bgbh6b3> to help defend the nation against major
computer attacks from abroad, Gen. Keith Alexander testified to Congress on
Tuesday, a rare acknowledgment of the military’s ability to use
cyberweapons.

The new teams are part of a broader government effort to shield the nation
from destructive attacks over the Internet that could harm Wall Street or
knock out electric power, for instance.

But Alexander warned that budget cuts will undermine the effort to build up
these forces even as foreign threats to the nation’s critical computer
systems intensify. And he urged Congress to pass legislation to enable the
private sector to share computer threat data with the government without
fear of being sued.

As he moves into his eighth year as director of the National Security
Agency and his third year as head of the fledgling Cyber Command, Alexander
told the Senate Armed Services Committee that the strategic-threat picture
is worsening. “We’ve seen the attacks on Wall Street over the last six
months grow significantly,” he said, noting there were more than 160
disruptive attacks on banks in that period.

Describing an attack on Saudi Arabia’s national oil company, he said: “Last
summer, in August, we saw a destructive attack on Saudi Aramco, where the
data on over 30,000 systems were destroyed. And if you look at industry,
especially the anti-virus community and others, they believe it’s going to
grow more in 2013. And there’s a lot that we need to do to prepare for
this.”

The U.S. intelligence community has indicated that the assaults on the
banks and Saudi Aramco were the work of Iran <http://wapo.st/UyTfTc> in
retaliation for U.S. financial sanctions imposed to deter Iran from
pursuing a nuclear weapons program.

Alexander’s remarks came as U.S. intelligence officials elsewhere on
Capitol Hill testified about the growing cyberthreat. At a national
security threat hearing, Director of National Intelligence James R.
Clapper Jr. called on China to stop its
“cyber-stealing”<http://www.washingtonpost.com/world/national-security/us-publicly-calls-on-china-to-stop-commercial-cyber-espionage-theft-of-trade-secrets/2013/03/11/28b21d12-8a82-11e2-a051-6810d606108d_story.html>of
corporate secrets from U.S. networks.

Alexander said the 13 teams would defend against destructive attacks. “I
would like to be clear that this team . . . is an offensive team,” he said.

Twenty-seven other teams would support commands such as the Pacific Command
and the Central Command as they plan offensive cyber capabilities. Separate
teams would focus on protecting the Defense Department’s computer
networks. He said the first third of the forces, which officials have said
will total several thousand civilians and uniformed personnel, will be in
place by September and the second third a year later.

Some teams are already in place, Alexander said, to focus on “the most
serious threats,” which he did not identify.

But he said uncertainty about the budget is affecting the ability to fill
out the teams. About 25 percent of the Cyber Command’s budget is being held
up by congressional wrangling over the fiscal 2013 budget, he said. And
across-the-board cuts that took effect March 1 are forcing civilian
furloughs. “By singling out the civilian workforce, we’ve done a great
disservice,” said Alexander, noting that one-third of the command workforce
is made up of Air Force civilians.

He said some cybersecurity recruits have taken a salary cut to work for the
government, only to be faced with a furlough. “That’s the wrong message to
send people we want to stay in the military acting in these career fields.”

The attacks hitting the banks are “distributed denial of service
attacks<http://tinyurl.com/a2r73v3>”
— or barrages of network traffic against Web site servers — that are best
handled by the Internet service providers, he said. The issue is “when does
a nuisance become a real problem” that forces the government to act, he
said. The administration is debating that now, he said.

To detect major attacks on industry, the department needs to see them
coming in real time, Alexander said. The Internet service providers are
best positioned to provide that visibility, but they lack the authority to
share attack data with the government, he said. In particular, he said, the
companies need legal protection against lawsuits for sharing the data.

* *

-- 
Art Deco (Wayne A. Fox)
art.deco.studios at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.fsr.com/pipermail/vision2020/attachments/20130313/2afea1f1/attachment.html>