Main Defender of Vital Tech: IndustryMilitary Not Set to Protect Nation's Critical IT Infrastructure
"If an attack were to go against the power grids right now, the defense of that would rely heavily on commercial industry to protect it," Alexander said in testimony delivered to the House Armed Services Committee. Moments earlier, he explained: "It is not my mission to defend today the entire nation; our mission in cyber command is to defend the Defense Department networks. If we are tasked by the secretary or the president to defend those networks, we'd have to put in place capabilities to do that. But, to date, we could not."
Alexander, who also serves as director of the National Security Agency, said the cyber command is working the White House, Department of Homeland Security, FBI and others under the leadership of Cybersecurity Coordinator Howard Schmidt to create teams to explore how best to defend the nation's critical IT assets.
At a session with reporters on Wednesday, Alexander proposed the creation of a secure network where military, government and critical business IT systems would be isolated from the Internet.
The role of the military - or the government, for that matter - in defending vital privately owned networks is a sensitive topic. Despite the importance of the critical IT infrastructure to the nation's economic and physical well-being, many people in and out of government want to limit the government telling businesses how to run their networks. Also, under current law, it's DHS's responsibility, not the military's, to safeguard non-defense IT within U.S. borders.
Still, Alexander said, the Defense Department in which NSA - the nation's electronic-spy agency - is situated is studying ways on how best to defend the critical infrastructure. The organizations Alexander oversees - especially the NSA - arguably have the most skilled cybersecurity specialists in the government who advise civilian agencies, especially DHS, on IT defense. What remains unclear - something the White House and DHS are exploring - is what legal authority the civilian and/or military need to obtain to defend the critical IT infrastructure, he said, which could require congressional action.