WASHINGTON, D.C.–The United States has a responsibility to take a leadership role in securing the Internet against both internal and external attackers, a duty that the federal government takes very seriously, the country’s top military cybersecurity official said Tuesday. However, Gen. Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber Command, provided virtually nothing in the way of details of how the government intends to accomplish this rather daunting task.
In a speech at the Gov 2.0 Summit here, Alexander said that it is incumbent upon the U.S. government to play a major role in making both the public Internet and private, classified networks more secure and resilient to attack. He expressed confidence that the country’s information security apparatus was up to the task, but acknowledged the difficulty of securing the Internet, a network that many security experts see as hopelessly broken and flawed by design.
“We made the Internet and it seems to me that we ought to be the first folks to get out there and protect it,” Alexander said. “The challenge before us is large and daunting. But we have an obligation to meet it head-on.”
Many security and privacy experts have been critical of the efforts of both the Bush and Obama administrations’ cybersecurity efforts, especially in the way that the federal government approaches data sharing with private-sector organizations. The government also has come under fire for attempting to tell companies how to improve their security while suffering a slew of embarrassing intrusions on its own public and classified networks. The most well-known of these attacks is the compromise of a classified Department of Defense network through an infected USB drive in 2008.
It’s unlikely that any of Alexander’s comments Tuesday will do much to quiet those criticisms. Speaking mostly in generalities, Alexander emphasized the administration’s commitment to the Comprehensive National Cybersecurity Initiative, a plan developed by the Bush administration and recently partially de-classified by Obama administration officials. The strategy comprises a number of fairly basic components, such as intrusion detection and prevention and reducing the number of connections the government has to the Internet, that have been included in previous national security strategy plans.
While the CNCI has been called overly broad and basic, Alexander said that the government remains committed to implementing it and that the plan is a vital part of the administration’s efforts to better secure the country’s sensitive data. The NSA director also revealed that the Department of Defense’s networks see roughly 250,000 probes per hour.
“The Internet is fragile. Our economic and national security, privacy and civil liberties are fully dependent on the Internet,” he said. “It is critical we improve our security posture. The threats are real. Malicious actors a continent away can exploit our networks. They’re becoming better organized and sophisticated at exploiting weaknesses in our technologies.
“We must have a strategy to defend and deny and we must depend on cross-community expertise and teamwork,” Alexander said. “The CNCI must protect networks as a single entity and limit access to our sensitive data. We must do a better job at protecting our classified networks.”
Alexander also said that the NSA and other government agencies involved in information security efforts are working hard to respect the rights and civil liberties of citizens while going about their duties.
“Our citizens take a lot of interest in the government’s activities in this area, and I have an obligation to the law and the American people to ensure everything we do preserves and protects their rights while protecting our interests,” he said. “That’s an obligation that’s never compromised.”
Home page image via oreillyconf‘s Flickr photostream.