More rhetoric is coming out of Washington regarding the use of malware as an auxiliary weapon to bombs and bullets. National Security Agency leader Gen. Keith Alexander told a House Armed Services Committee yesterday that his new Cyber Command will be ready to retaliate should the United States critical infrastructure come under cyberattack.
“I would like to be clear that this team, this defend-the-nation team, is not a defensive team,” Alexander said.
The proclamation that the United States will be prepared to go on the offensive comes less than two months after the announcement that the Pentagon will bolster the Department of Defense’s Cyber Command to nearly 5,000; the group currently stands at around 900. The Pentagon’s strategy includes the formation of national mission forces that will secure critical infrastructure systems, combat mission forces that will help field commanders strategize and execute in cyberspace, and cyber protection forces that will concentrate their efforts on the DOD’s networks, a Washington Post report said.
Alexander, bolstered by a spate of recent attacks on the nation’s leading banks on top of the attacks on Saudi oil producer Aramco last summer, painted a dire picture for the committee yesterday.
“If you look at industry, especially the antivirus community and others, they believe it’s going to grow more in 2013,” Alexander said of the threat. “And there’s a lot that we need to do to prepare for this.”
The Aramco attack did not impact oil production for the Saudi company, but it did damage more than 30,000 workstations. Alexander’s remarks were another shot across the bow of Iran, China and other nations implicated in cyberattacks against American interests. In October, former defense secretary Leon Panetta identified the same aggressors by name in a speech, in addition to calling for legislation that would force private critical infrastructure operators to overhaul their security initiatives, as well as a cry for better information sharing between the public and private sectors.
Panetta’s declaratory policy also put the U.S. on the record with a public statement by a senior official that sanction and economic threats would inevitably run their course.
Alexander’s plan, laid out before the committee yesterday, called for the formation of 13 teams capable of carrying out attacks against foreign aggressors.
“This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace,” Alexander said. “Thirteen of the teams that we’re creating are for that mission alone.”
He also called for more intelligence on attacks from Internet service providers to provide visibility into network-based attacks, a move that would require the liability protection in order to share attack data.
This week, Chinese officials said they’d be willing to discuss recent attacks against American companies attributed to China.
Reuters quoted China Foreign Ministry spokeswoman Hua Chuying: “China is willing, on the basis of the principles of mutual respect and mutual trust, to have constructive dialogue and cooperation on this issue with the international community including the United States to maintain the security, openness and peace of the Internet. In fact, China is a marginalized group in this regard, and one of the biggest victims of hacking attacks.”
China, meanwhile, accused the United States of hacking into a pair of Chinese military websites and other strategic interests. The U.S. and Israel are also accused of being behind the Stuxnet attacks against an Iranian uranium enrichment facility.