Alexander: Cybercom activates National Mission Force HQ
WASHINGTON, Sept. 25, 2013 – U.S. Cyber Command has activated the headquarters for its Cyber National Mission Force, the one of its three forces that would react to a cyber attack on the nation, Army Gen. Keith B. Alexander, Cybercom’s commander, said at the National Press Club today.
The other two forces are the Cyber Combat Mission Force that is assigned to the operational control of individual combatant commanders, and the Cyber Protection Force that helps operate and defend the Defense Department’s information environment.
Speaking at the 4th Annual Cybersecurity Summit, the general, who is also director of the National Security Agency, said Cybercom teams are now fully operational and working side by side with NSA to defend the nation.
“We will ensure that we have the best force anywhere in the world,” Alexander said.
Federal, military and industry officials listened as the general detailed five aspects of cybersecurity that NSA and Cyber Command are working to improve.
“Look at what’s happened in the past year,” Alexander said. “Over 300 distributed denial-of-service attacks on Wall Street. We saw destructive attacks in August 2012 against Saudi Aramco and RasGas [Co. Ltd.].”
There’ve also been “destructive” cyberattacks against South Korea, he added.
“What that says to me is that this is going to pick up. It’s going to get worse and we have to get a number of things done to protect this country,” Alexander said.
The top priority, he said, is a trained and ready force.
“The best [force] in the world -- that’s what the American people expect of our military and of our intelligence community and that’s what we’re doing. Why? In this area, technical skills really matter,” the general said. “So we’re engaged in a multiyear effort with the services to train our forces.”
The Army, Navy and Marines trained about a third of the force in 2013 and they will train a third in 2014 and another third in 2015, he said.
“That’s a huge step forward and the service chiefs have stood up and pushed those forces forward despite sequestration and despite all the battles that are going on in the Pentagon,” Alexander said. “They’ve stood up and they’ve all agreed that this is a threat that we have to address for the good of the military and our nation.”
Cybercom also is conducting exercises such as Cyber Guard and Cyber Flag, the general said. These include the combatant commands, the National Guard, the reserves and interagency participation to develop the tactics, techniques and procedures and working relationships needed to conduct operations in cyberspace.
“Cyber Command provides cyber support elements to every combatant command today,” Alexander said. “We’re refining our operational concepts and our command and control. And I think … coming up with the operational concepts and the command and control is absolutely vital to the future.’
The second area critical to cybersecurity, especially in the Defense Department, is to move from the legacy information technology architecture in use today to a defensible architecture, the general said.
In fact, the Defense Information Systems Agency, working with Cybercom, NSA and the services, is beginning to implement a Joint Information Environment that will eventually upgrade the DOD legacy system.
“I think the cloud architecture that’s been pushed forward for the Joint Information Environment and the intelligence community’s IT environment is where our nation needs to be,” Alexander said. “A thin [or very minimalized] virtual cloud environment offers some great capabilities for the future.”
In such an environment, he explained, patching for many computers could be done at network speed with 100-percent accuracy, essentially fixing an entire network within minutes.
“You could remove humans from the loop in that [operation] and put them where you need them -- protecting the networks,” the general said.
In this environment, he said, “we can break down each system we see being scanned by an adversary and put it in a new place. You can jump networks, you can jump databases, and you can jump your phone system, [making] it very difficult for adversaries to exploit them.”
Shared situational awareness is a third area of critical importance to the nation, Alexander said, describing it as a common way for people to understand events that happen in cyberspace.
“Ask the IT people to draw you a picture of a recent exploit into your network,” the general said. He then drew examples in the air to demonstrate the likely confusion that would ensue with no common framework.
“How does it look? How are we going to fix it?” he asked.
Such a framework will be even more important, the general said, when “forces in cyberspace must ask questions like, ‘Where is the adversary coming from? Where are they getting into the country? What is Cyber Command’s role? What is NSA’s role? How do our allies see that? How do we work together?’”
The answer is, he said, “nobody sees it today. We don’t have the shared situational awareness we need and this is going to be a key capability for the future.”
As a result, Alexander said, Cybercom, NSA and the Defense Department are developing a common operational picture and will share it with the FBI, the Department of Homeland Security, the CIA, with all the combatant commands, and with some U.S. allies.
The fourth area that’s critical in cybersecurity is that government must work with industry, the general said.
“Industry owns and operates 85 percent to 90 percent of our networks,” Alexander said. But the government, led by the president, he added, has to be responsible for defending the country from attack and for attacking back.
“We have to share what we know about [cyber] threats and [industry] has to tell us what they see. This is where the Internet service providers are critical. Not just here but with our allies and others,” the general said.
“But we have to work with industry because we can’t see the threat,” he added. “And if we can’t see it we can’t respond to it.”
Government and industry must come together and figure out how that will work, Alexander said, adding that industry is critical to defending the United States in cybersecurity, and U.S. allies are critical partners in this.
“If we can’t share information with industry,” he said, “we won’t be able to stop it.”
The fifth area that’s critical to the United States in cybersecurity involves authorities, Alexander said.
“We need to work with Congress on additional legislation regarding cybersecurity and private industry -- specifically, how we will share information and how we will provide liability protection to them,” he said. “Those are the key issues that have to come out of this.”
Rules of engagement also must be clarified, the general said, including what is expected of Cybercom.
“This is a difficult topic,” he said. “We don’t want NSA and Cyber Command doing something irresponsible. On the other hand, we don’t want NSA and Cyber Command waiting for the authorities while Wall Street is taken down in [a] cyber[attack]. So we have a dilemma. How do we work that?”
He said officials at Cyber Command and NSA are working within the Defense Department and the interagency to study the authorities and processes needed.
“It very closely follows what you would expect us to do if this were a missile attack on our country,” Alexander said. “How do we go through those authorities? How do we set up the conference calls? How do we go to the secretary of defense and the president and get the authorities we need and give them the options?”
He added, “We’re working our way through that and I think the government has done a great job moving that forward.”