WASHINGTON (Reuters) - The U.S. Defense Department must be able to operate freely in cyberspace amid dangers of “remote sabotage,” an Army general tapped to streamline offensive and defensive computer operations said on Thursday.
The potential for sabotage and destruction is “something we must treat very seriously,” General Keith Alexander said in his first public remarks since the new U.S. Cyber Command was activated on May 21.
“In short, we face a dangerous combination of known and unknown vulnerabilities, strong adversary capabilities and weak situational awareness,” he told an audience at the Center for Strategic & International Studies, a private research group in Washington.
“Our Department of Defense must be able to operate freely and defend its resources in cyberspace,” Alexander said.
U.S. foes will find the weakest link and exploit it, whether it is public or privately owned and operated, he said.
“America’s very wealth and strength make it a target in cyberspace,” Alexander said.
Senior aides to President Barack Obama are weighing such issues as how the laws of warfare apply to a digital attack routed through a neutral country, he said.
“What we don’t have is the precision in those standing rules of engagement, yet, that we need,” Alexander said.
He referred to “distributed denial-of-service attacks” that interfered with government functions in Estonia in 2007 and in Georgia in 2008.
Although information systems were able to resume functioning after the attacks stopped, they show that “the potential for sabotage and destruction is now possible,” he said.
Alexander also heads the Pentagon’s communications-intercepting National Security Agency, or NSA.
He said new rules for U.S. military operations in cyberspace were being prepared by the Defense Department’s policy office, subject to approval by the “deputies committee,” the highest level interagency body dealing with national security issues.
Defense Department systems are probed by unauthorized users roughly 250,000 times an hour, or more than 6 million times a day, Alexander said.
Defense Secretary Robert Gates began streamlining U.S. military cyber operations “as a result of serious intrusions into our classified networks” in late 2008, he said.
The new Cyber Command is aimed at synchronizing offensive and defensive cyber capabilities “as well as the need to leverage NSA’s intelligence capabilities to support our understanding of the threat and our ability to respond it,” he added.
Until recently, the military’s cyber efforts were run by a loose web of joint task forces “spread too far and too wide, geographically and institutionally, to be effective,” Deputy Defense Secretary William Lynn said in a guest piece in the Wall Street Journal on Thursday.
“Now cyber attacks can strike in less than the blink of an eye,” Lynn wrote. “In the face of this threat, the U.S. military must be ready to defend our country at network speed.”
More than 100 intelligence agencies and foreign militaries are actively trying to penetrate U.S. systems and weapons-system blueprints are among the documents that have been compromised, Lynn said.
Editing by Eric Walsh