U.S. lawmakers had a chance to pose questions to the director of the National Security Agency on Wednesday but declined to ask him about reports that the agency plans to install malware on millions of computers.
General Keith Alexander did not volunteer information about the reported NSA program to deploy tens of thousands of copies of surveillance malware on computers and networking devices around the world.
Committee members didn’t ask him about it, either. Instead, committee members praised the soon-to-retire Alexander for his years of service at the NSA and Cyber Command. “A grateful nation salutes you,” said Representative Jim Langevin, a Rhode Island Democrat.
Alexander was testifying before a subcommittee of the House Armed Services Committee, where he talked about the need for U.S. Cyber Command, the sister agency to the NSA, to get real-time cyberthreat information from U.S. businesses.
Representative Vicky Hartzler, a Missouri Republican, asked if the subcommittee would address questions about holding a briefing on the latest leaks by former NSA contractor Edward Snowden, the source of the reports on the agency’s malware plan.
Wednesday’s hearing was focused on Cyber Command, not NSA issues, said Intelligence Subcommittee Chairman Mac Thornberry, a Texas Republican. The committee would schedule a classified intelligence briefing “where we can go deeply into the damage done to our national security” by the Snowden leaks, he said.
Alexander’s main focus at the hearing was to advocate for legislation that would allow U.S. businesses to share cyberthreat information with Cyber Command and other government agencies. He called on Congress to pass legislation that would protect businesses from lawsuits if they accidentally overshare information.
“We have to have a way to understand when Wall Street is under attack,” Alexander said. “Right now, we get it after the fact. We get called up, it’s not real time, and as a consequence, we can’t defend them.”
The government and businesses need to be able to share cyberthreat information “at network speed,” he said.
Some privacy and digital rights groups have questioned information-sharing legislation, saying it could allow businesses to share personal information unrelated to cyberattacks.