NSA Head: Cyber Storms Ahead

Wednesday, March 28, 2012 @ 10:03 AM gHale

The head of the U.S. military’s Cyber Command and National Security Agency, saw what seemed like never ending cyber storms on the horizon with mounting challenges to the Defense Department’s and nation’s IT systems.

“In framing my comments on our progress at Cyber Command, I have to begin by noting a worrisome fact: Cyberspace is becoming more dangerous,” Army Gen. Keith Alexander said in testimony delivered to the House Armed Services Subcommittee on Emerging Threats and Capabilities.

System Security: IT Not So Sure
Security Wags: Network Resistance Futile
Data Breaches Focus on Money: Study
Agile Hackers will Break Security

At that same hearing on President Obama’s $37 billion Defense Department IT budget request, which includes $3.4 billion for IT security, DoD Chief Information Officer Teresa Takai said the department will employ a two-prong approach – securing the perimeter as well as the data — as information and services move to standardized cloud computing platforms. “We’re going to be able to better protect as we get more standardized,” Takai said.

DoD’s cloud initiative is part of the department’s consolidation of data centers, from more than 770 to 655 in less than two years. “Core data centers will be used for information services and applications that must be available broadly across DoD, and for the department’s outward-facing applications and services required for interaction with industry and the public,” Takai said. “These will, in fact, become the initial DoD cloud computing instantiation.”

As DoD fortifies its cloud offerings, Takai recognizes breaches will occur. “We need to be able to protect at the information level,” she said. “That is why we’re focusing very much on identity management so we know who is in the cloud. And, we’re also linking that to what information that particular individual has access. It’s really both of those that gives us assurance so that as we move to that kind of an architecture, we will be able to better protect our information.”

“The IT infrastructure of the future – the STIn (Security Technical Implementation) virtual cloud environment – will make it a much more defensible architecture,” Alexander said. “I think that’s the key to the future.”

Addressing the cyber threats the nation faces, Alexander characterized them as three-fold:
1. Exploitation, such as the theft of intellectual property
2. Disruption, such as the distributed denial of service attacks that disabled government IT in Estonia and neighboring nations
3. Destruction. “What we’re concerned about is shifting from exploitation to disruptive attacks to destructive attacks,” Alexander said. “Those attacks that could destroy equipment are on the horizon and we have to be prepared for them.”

It’s not that cyber protection advances have not occurred over the past year. Alexander said organizations are better in identifying botnets, although he quickly added that didn’t mean the computing environment is getting safer. “Now, the more sophisticated cyber criminals are shifting toward stealthier, targeted thefts of sensitive data they can sell … targeting (organizations) with similar malware, often spread by clever phishing emails that hit an information security system at its weakest point — the user,” he said.

Subcommittee Chairman Mac Thornberry, the Texas Republican who leads House cyber security efforts, lamented the deteriorating security in cyberspace. “Despite the successes of Cyber Command over the past year, which I do not discount, it still seems to me that the dangers to our nation in cyberspace are growing faster than our ability to protect the country,” he said.

The panel’s ranking Democrat, Jim Langevin of Rhode Island, said that despite increased awareness of cyber vulnerabilities, many in the public and Congress don’t fully recognize the potential for damage posed by a breached or disrupted network.

“Real and potential adversaries can and do learn a great deal about our personnel, procedures and deployments by monitoring the use that our people make of popular social media,” he said. “As our military goes wireless, these threats to our weapons systems, communications, databases and personnel demand attention.”

Leave a Reply

You must be logged in to post a comment.