WASHINGTON–The commander of the U.S. Cyber Command said that the federal government is working on a system now that would allow it to work with ISPs and others to help stop ongoing attacks against government and private networks by pushing intelligence and attack signatures to them.
Gen. Keith Alexander, who also is the director of the National Security Agency, said during a keynote speech at the SINET Innovation Showcase here Wednesday that the static defenses that have been in place on military, government and civilian networks since the dawn of the Internet age are no longer sufficient. Attackers have long since developed methods for subverting these systems and Alexander said that defenders have been playing catch-up for some time now, with poor results. He pointed to the attacks against RSA, Lockheed Martin, DigiNotar and others as links in a chain of intrusions that show the multitude of weak spots in today’s defenses.
“Some of these are companies that are world class at security and it’s still happening to them,” Alexander said. “Our experience says those are the ones who know they’ve been hacked. For every one of those, there are hundreds who don’t know.”
The disruptive attacks that are commonplace today, such as DDoS attacks, data theft and corporate espionage are a concern, Alexander said, but the larger issue for the government and some portions of the private sector are the Stuxnet-style attacks that involve some kind of physical damage in addition to network compromises.
“What I’m concerned about are the destructive attacks. Those are the things yet to come that cause us a lot of concern,” he said.
To help defend against such attacks, as well as other, more mundane yet still damaging, ones, Alexander said that the government is testing out a system now that has the capability to push real-time attack signatures and other information to ISPs and other organizations in key positions n order to head off ongoing operations.
“The adversary has all the advantage. They can scan and wait and if you make a mistake, they get in,” Alexander said. “That’s the dynamic we have to change. The intent would be to push signatures to the ISPs and if anything bad happens, we can update it dynamically with what we see. That’s a huge step forward and we’re having success with that. We need to communicate dynamically with our systems and our allies.”
Alexander also said that he believes the government has a role to play in helping organizations that have been attacked recover from those intrusions and figure out what happened and how.
“The government has a responsibility. We should come in on attribution and intent,” he said.
He also stressed that the security of our networks and the protection of privacy and civil liberties do not need to be opposing goals.
“The defense of our country in cyberspace is becoming increasingly a more difficult problem. I think we can do both and should do both and we should demand we get there. We can protect civil liberties and privacy and come up with a program to defend this country,” Alexander said.