NSA Chief: Cyber Becoming More Perilous

At Hearing, DoD CIO Takai Also Outlines 2-Prong Cloud Defense

By , March 21, 2012.
NSA Chief: Cyber Becoming More Perilous

Army Gen. Keith Alexander, the head of the U.S. military's Cyber Command and National Security Agency, painted a bleak picture with mounting challenges to the Defense Department's and nation's IT systems.

See Also: The Evolution of Advanced Malware

"In framing my comments on our progress at Cyber Command, I have to begin by noting a worrisome fact: cyberspace is becoming more dangerous," Alexander said in testimony delivered to the House Armed Services Subcommittee on Emerging Threats and Capabilities.

At that same hearing on President Obama's $37 billion Defense Department IT budget request, which includes $3.4 billion for IT security, DoD Chief Information Officer Teresa Takai said the department will employ a two-prong approach - securing the perimeter as well as the data - as information and services are moved to standardized cloud computing platforms. "We're going to be able to better protect as we get more standardized," Takai said.

Data Center Consolidation

DoD's cloud initiative is part of the department's consolidation of data centers, from more than 770 to about 655 in less than two years. "Core data centers will be used for information services and applications that must be available broadly across DoD, and for the department's outward-facing applications and services required for interaction with industry and the public," the CIO said. "These will, in fact, become the initial DoD cloud computing instantiation."

As DoD fortifies its cloud offerings, Takai recognizes breaches will occur. "We need to be able to protect at the information level," she said. "That is why we're focusing very much on identity management so we know who is in the cloud. And, we're also linking that to what information that particular individual has access. It's really both of those that gives us assurance so that as we move to that kind of an architecture, we will be able to better protect our information."

Alexander concurred: "The IT infrastructure of the future - the STIn (Security Technical Implementation) virtual cloud environment - will make it a much more defensible architecture. I think that's the key to the future."

Anxiety over Cyber Destruction

Addressing the cyberthreats the nation faces, Alexander characterized them as three-fold:

  • Exploitation, such as the theft of intellectual property;
  • Disruption, such as the distributed denial of service attacks that disabled government IT in Estonia and neighboring nations;
  • Destruction. "What we're concerned about is shifting from exploitation to disruptive attacks to destructive attacks," Alexander said. "Those attacks that could destroy equipment are on the horizon and we have to be prepared for them."

It's not that advancements haven't been made in cyber protection over the past year since the military stood up the Cyber Command. Alexander said organizations are better in identifying botnets, although he quickly added that didn't mean the computing environment is getting safer. "Now," the four-star general said, "the more sophisticated cyber criminals are shifting toward stealthier, targeted thefts of sensitive data they can sell ... targeting (organizations) with similar malware, often spread by clever phishing e-mails that hit an information security system at its weakest point - the user."

Subcommittee Chairman Mac Thornberry, the Texas Republican who leads House cybersecurity efforts, lamented the deteriorating security in cyberspace. "Despite the successes of Cyber Command over the past year, which I do not discount, it still seems to me that the dangers to our nation in cyberspace are growing faster than our ability to protect the country," he said.

The panel's ranking Democrat, Jim Langevin of Rhode Island, said that despite increased awareness of cyber vulnerabilities, many in the public and Congress don't fully recognize the potential for damage posed by a breached or disrupted network.

Social Media Can Cause Damage

Alexander said it's not just bold attacks on critical IT infrastructure that worries him; social media and mobile devices present additional security challenges. "Real and potential adversaries can and do learn a great deal about our personnel, procedures and deployments by monitoring the use that our people make of popular social media," he said. "As our military goes wireless, these threats to our weapons systems, communications, databases and personnel demand attention."

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Gulshan Rai to Head Cybersec at PMO

Sources say Dr. Gulshan Rai, CERT-In's chief, will soon be named special secretary at the PMO to...

Latest Tweets and Mentions

ARTICLE Gulshan Rai to Head Cybersec at PMO

Sources say Dr. Gulshan Rai, CERT-In's chief, will soon be named special secretary at the PMO to...

The ISMG Network