Protection of the nation’s computer networks requires focus on four key areas, said the director of the National Security Agency.
During the first day of the 2010 Armed Forces Communications and Electronics Association’s “LandWarNet” conference Aug. 3, in Tampa, Fla., Gen. Keith B. Alexander, commander, U.S. Cyber Command and director of the National Security Agency, discussed both threats to the Defense Department computer network and suggestions on how to secure it.
Dynamic protection of the network, the general said, involves a four-pronged approach to protecting a network with as many as 7 million attached computers.
First among those aspects, he said, is defending the network in the same way the Army might protect an area of land it has captured on the ground.
“Inside our networks, just like we would do in physical combat, we have to have folks that are hunting inside our networks,” he said. “Give the system administrators, our network operators, weapons to hunt inside our networks for malicious software and malicious actors, to destroy them.”
At the edges of the network, where users interface with network capabilities, there needs to be systems in places that can provide real-time notification of malicious activity to those that are charged with protecting it, he said.
“We have to have an interactive device at the boundary,” he said. “And that interactive device capability has to be able to talk to those network hunters inside our network and our foreign intelligence capabilities and law enforcement and others outside our network.”
Also key to protecting the network, he said, is to have strong partnerships with stakeholders in the network. That includes allies and other government agencies.
“We have to, with our allies, be able to see what is going on with the global network so we can provide real-time indications and warning to our defensive capabilities.”
Finally, he said, those protecting the network need to be able to defend it when threats arise. That means they are equipped with rules of engagement to allow them to know what they are allowed to do, both defensively and offensively, without having to endure costly efforts to propose plans for defense and to seek approval for actions they should take.
“We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us,” he said. “You need autonomous decision logic that’s based on the rule of law, the legal framework, to let network defenders know what they are allowed to do in the network’s defense.”
The general spoke to what was claimed as a record audience of attendees at this year’s LandWarnet conference. An estimated 9,000 Soldiers and information technology experts from the private sector are in attendance at the three-day event.
The general spoke at length about the threats to military networks. He said the threat environment today affects more than 7 million computers on more than 1,500 individual DOD networks.
“On any given day, our networks are probed over 250,000 times an hour,” he said. That comes to about six million times a day. Additionally, over 140 foreign intelligence organizations are actively attempting to penetrate U.S. computer networks. And according to a figure by the network security company, Symantec, the cost of cybercrimes have exceeded $1 trillion, he added.
Threats to the network have evolved, he said, from exploitative threats, to disruptive threats, to destructive threats.
It is destructive attacks against networks, said Alexander, that have him concerned the most.
“It’s only a small step to go from disrupting to destroying parts of the network,” he said. “If you think about our nation, our financial systems, our power grids — all of that resides on the network. Our government, our Defense Department, our intelligence community, all reside on the network. All of them are vulnerable to an attack like that. Shutting down that network would cripple our financial system.”
|
|
|
Protection of the nation’s computer networks requires focus on four key areas, said the director of the National Security Agency.
During the first day of the 2010 Armed Forces Communications and Electronics Association’s “LandWarNet” conference Aug. 3, in Tampa, Fla., Gen. Keith B. Alexander, commander, U.S. Cyber Command and director of the National Security Agency, discussed both threats to the Defense Department computer network and suggestions on how to secure it.
Dynamic protection of the network, the general said, involves a four-pronged approach to protecting a network with as many as 7 million attached computers.
First among those aspects, he said, is defending the network in the same way the Army might protect an area of land it has captured on the ground.
“Inside our networks, just like we would do in physical combat, we have to have folks that are hunting inside our networks,” he said. “Give the system administrators, our network operators, weapons to hunt inside our networks for malicious software and malicious actors, to destroy them.”
At the edges of the network, where users interface with network capabilities, there needs to be systems in places that can provide real-time notification of malicious activity to those that are charged with protecting it, he said.
“We have to have an interactive device at the boundary,” he said. “And that interactive device capability has to be able to talk to those network hunters inside our network and our foreign intelligence capabilities and law enforcement and others outside our network.”
Also key to protecting the network, he said, is to have strong partnerships with stakeholders in the network. That includes allies and other government agencies.
“We have to, with our allies, be able to see what is going on with the global network so we can provide real-time indications and warning to our defensive capabilities.”
Finally, he said, those protecting the network need to be able to defend it when threats arise. That means they are equipped with rules of engagement to allow them to know what they are allowed to do, both defensively and offensively, without having to endure costly efforts to propose plans for defense and to seek approval for actions they should take.
“We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us,” he said. “You need autonomous decision logic that’s based on the rule of law, the legal framework, to let network defenders know what they are allowed to do in the network’s defense.”
The general spoke to what was claimed as a record audience of attendees at this year’s LandWarnet conference. An estimated 9,000 Soldiers and information technology experts from the private sector are in attendance at the three-day event.
The general spoke at length about the threats to military networks. He said the threat environment today affects more than 7 million computers on more than 1,500 individual DOD networks.
“On any given day, our networks are probed over 250,000 times an hour,” he said. That comes to about six million times a day. Additionally, over 140 foreign intelligence organizations are actively attempting to penetrate U.S. computer networks. And according to a figure by the network security company, Symantec, the cost of cybercrimes have exceeded $1 trillion, he added.
Threats to the network have evolved, he said, from exploitative threats, to disruptive threats, to destructive threats.
It is destructive attacks against networks, said Alexander, that have him concerned the most.
“It’s only a small step to go from disrupting to destroying parts of the network,” he said. “If you think about our nation, our financial systems, our power grids — all of that resides on the network. Our government, our Defense Department, our intelligence community, all reside on the network. All of them are vulnerable to an attack like that. Shutting down that network would cripple our financial system.”
