If the United States wants to defend itself against cyberattacks, it needs to focus on four key areas, according to United States Cyber Command head and NSA Director Army Gen. Keith Alexander.
Speaking Tuesday on the first day of the Armed Forces Communications and Electronics Association's LandWarNet conference in Tampa, Fla., Alexander discussed the dangers to the country's military networks and what the U.S. must do to safeguard them.
The general said the threat of cyberattack affects more than 7 million different computers on more than 1,500 individual networks maintained by the Defense Department.
"On any given day, our networks are probed over 250,000 times an hour," said Alexander. That figure adds up to 6 million per day and includes more than 140 foreign spy organizations trying to infiltrate U.S. networks.
Attacks on the network have also grown from exploitative to disruptive to more destructive. And it's the destructive threats that worry the general.
"It's only a small step to go from disrupting to destroying parts of the network," he said. "If you think about our nation, our financial systems, our power grids--all of that resides on the network. Our government, our defense department, our intelligence community, all reside on the network. All of them are vulnerable to an attack like that. Shutting down that network would cripple our financial system."
To combat the growing threat of cyberattacks, the first priority is to have the right tools to hunt down the malware itself. That will require the DOD to protect its network the same way the Army protects an area of land, according to the general. "Give the system administrators, our network operators, weapons to hunt inside our networks for malicious software and malicious actors to destroy them," said Alexander.
Protecting network borders is another key goal. At points where users interact with the data, real-time notification of malware must be sent to the administrators in charge of protecting the network as well as foreign intelligence officials and law enforcement on the outside, Alexander said.
The government must also establish strong partnerships with key stakeholders, including allies as well as other federal agencies. "We have to, with our allies, be able to see what is going on with the global network so we can provide real-time indications and warning to our defensive capabilities," said Alexander.
Finally, those who protect the network must know what they can and can't do, both offensively and defensively, without having to seek approval for every action they take, according to Alexander.
"We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us," the general said. "You need autonomous decision logic that's based on the rule of law, the legal framework, to let network defenders know what they are allowed to do in the network's defense."
But that last point has been a key area of controversy as the U.S. has been struggling to determine what's okay and what's off limits when responding to foreign sources of cyberattacks. Are denial of service attacks acceptable in cyberwarfare? Are banks and electrical grids valid targets?
During a congressional committee hearing over Alexander's nomination to head U.S. CyberCom, the general was asked a series of questions (PDF) on how he might respond in cyberwarfare. But saying such information was classified, Alexander declined to answer those questions publicly.
About 9,000 soldiers and IT experts from the corporate sector are attending the three-day LandWarNet conference.