Weak situational awareness, in part, means that key defense IT systems remain exposed to remote sabotage. "The potential for sabotage and destruction is now possible and something we must treat very seriously," Alexander said in a speech Thursday at the Center for Strategic and International Studies, a public policy research institute.
At the CSIS, Alexander also defended the NSA's protection of civil liberties and privacy, saying that transparency - albeit done in secrecy - will safeguard citizens' rights.
With 7 million machines linked by 15,000 networks, unauthorized users probe Department of Defense systems 250,000 times an hour, that's more than 6 million times a day, Alexander said. Knowing who's behind these probes occurs after the fact. "Often times, our situational awareness is, indeed, forensics, which means that something has happened ... policing up after the fact versus mitigating it in real time. So the requirement, from my perspective: We need real-time situational awareness in our networks, to see where something bad is happening and to take action there at that time."
Alexander said the military lacks a common operating picture of its networks. "We need to get there," he sad. "We need to build that."
In his remarks, the general praised the "superb people" at the newly formed cyber command and NSA in tackling that and other cybersecurity demands, but said the greatest challenge facing military cyber defenders will be recruiting, training and retaining a cadre of cyber experts to ensure the military can operate effectively in cyberspace for the long term. Other challenges he outlined, as identified in a recent quadrennial defense review, are developing a comprehensive DoD approach to cyber operations, centralizing cyber operations command and enhancing partnerships with other agencies in government and the private sector that supports military operations.
Indeed, he said, defending private networks linked with the military's systems is among the cyber command's responsibilities. "The military's networks are not neatly bounded by those ending in the .mil," he said. "We rely on private-sector networks and capabilities, hence ensuring that those partners and allies' networks are secured is a key concern because the flow of information crossing these networks is significant and sensitive. Our adversaries will find our weakest link and exploit it, whether it is public or privately owned and operated."
Alexander spent several minutes of his presentation defending charges that the NSA is insensitive to the privacy rights and civil liberties of Americans. During the Bush administration, in the battle against Islamic terrorist, the NSA conducted wiretaps of American citizens without gaining warrants. Alexander said the situation today is different, as the agency works with Congress and the courts.
"If you take 9/11, a tragic event for our country, the question is, how do we ensure that we don't have another terrorist attack and we don't give up our civil liberties and privacy?" he asked.
Obviously, Alexander said, the NSA cannot publicly disclose much of what it does to protect the nation and its IT infrastructure, otherwise our enemies would know how to subvert our systems. The way to avoid mistakes of the past is for the NSA to be transparent, he said, not necessarily publicly, but to Congress and the courts.
"The way to do this in the future: transparency at the classified level between Congress, the court and the administration on what we're doing so that all three agree 100 percent that this is the right way," Alexander said. "We spend a lot of time with the court, with Congress and the administration, with the oversight committees, to ensure they know what we're doing, why are we doing it, and debate it there in a classified setting, and then with the court, go forward with the court and say what we're trying to do."