Senators Question Cyber Command's Role
The main focus of the U.S. Department of Defense's new Cyber Command will be protecting military networks, not engaging in cyberwarfare, the nominee to head the organization said Thursday.
Army Lt. Gen. Keith Alexander, faced with questions about the U.S. Cyber Command's role during a Senate hearing, said the Cyber Command would work with the U.S. Department of Homeland Security to defend private networks, but his primary role would be to defend the U.S. military's corner of cyberspace.
"If confirmed, my main focus will be on building the capacity, the capability and the critical partnerships required to secure our military's operational networks," Alexander told the Senate Armed Services Committee. "This command is not about efforts to militarize cyberspace. Rather, it is about safeguarding the integrity of our military's critical information systems."
Alexander said his main goal will be to "significantly" improve the way the U.S. military defends its networks. Department of Defense networks are probed by outsiders hundreds of thousands of times a day, he told senators.
Senator Joseph Lieberman, an Independent from Connecticut, asked Alexander how serious the attacks on U.S. military networks are.
"We saw [the attacks] as very serious," answered Alexander, who also serves as director of the U.S. National Security Agency. "We have been alarmed by the increase, especially this year, both in the critical infrastructure within the nation and within the Defense Department."
Still, some senators asked how far Cyber Command would be prepared to go to defend the military's networks. Attackers could be in one country and using comprised computers located in a second country to attack Defense Department networks in Afghanistan, said Senator Mark Udall, a Colorado Democrat.
"What is the ground we have to defend?" Udall said. "That server that's being attacked could be in any number of countries, and the attacker could be based in any number of countries. This raises some very thorny questions, does it not?"
Alexander agreed, saying it's sometimes difficult to pinpoint where attacks are coming from. "We are trained for proportional and discriminate [responses], but there are still a number of issues that are out there," he said.
Senator Carl Levin, a Michigan Democrat, questioned what authority Alexander would need to use offensive capabilities against a computer located in a neutral country. Such a scenario would be complicated, Alexander said, but he would seek authority from his superiors if a counterattack was necessary.
Cyber Command, announced by U.S. Secretary of Defense Robert Gates in June 2009, still needs its role more clearly defined, although some progress is being made, added Senator John McCain, an Arizona Republican.
"I have shared the concerns of Senator Levin and others about ensuring that the role, mission, legal authorities and rules of engagement that Cyber Command will employ are well thought out and understood," he said.