Cyber threats top the list of military, intelligence concerns
Government officials across Washington this week are agreeing that threats to cyber assets pose one of the biggest risks to national security, according to high-level Defense Department and intelligence community officials.
In a March 12 Senate Armed Services Committee hearing, Gen. Keith Alexander, commander of U.S. Cyber Command and director of the National Security Agency, warned lawmakers that cyber attacks from a growing "roster of actors" threaten U.S. interests now and in the future. His testimony came on the same day as the director of national intelligence released a report citing cyber as the chief concern in an annual report on top global threats.
"When you look at the strategic landscape from our perspective, it's getting worse," he told committee members. "Cyber effects are growing."
Alexander continued his calls on Congress to pass legislation to complement the administration's executive order, reiterating the need for real-time information to better be shared between the government and private critical infrastructure operators. He also said laws are necessary to establish a clear chain of command when it comes to government response to cyber attacks.
"It takes a team to operate in cyberspace," Alexander said. "But at times I think in talking about the team approach, we're not clear on who's in charge when."
To that end, the commander did note that work is ongoing in mapping out rules of engagement for military operations in cyberspace. That work is being done in addition to ramped up recruiting, training and the creation of mission teams that will defend the U.S. against national-level cyber threats and operate in cyberspace. The teams will include 13 teams focused on conducting offense and 27 teams to help combatant commands with offensive planning.
Alexander said the first one-third of those teams will stand up by September of this year, the second one-third next September and the final third a year from that.
Kehler said that at STRATCOM, efforts are under way to collaborate with CYBERCOM and prepare for cyber operations, but much remains to be done – and both generals agreed that sequestration poses readiness concerns for those preparations.
"In general terms...we need to be better at exercising against threats," Kehler said, adding that working with Alexander and his command, as well as red-teaming exercises, is part of the ongoing process. "We have a ways to go before we can put the punctuation mark at the end of the sentence."
The generals' comments come just as Director of National Intelligence James Clapper released his office's Worldwide Threat Assessment. This year's assessment marks a shift for the annual report, in which the most critical concerns center on cyber threats rather than the traditional dangers associated with physical warfare.
"Threats are more diverse, interconnected, and viral than at any time in history," Clapper wrote in the introduction to the assessment. "Attacks, which might involve cyber and financial weapons, can be deniable and unattributable. Destruction can be invisible, latent and progressive."
The report cites as top dangers cyber espionage and other crime, critical infrastructure threats, information control and governance, and erosion of U.S. security and economy due to the penetration of foreign actors into American networks.
The assessment goes on to note the shifting nature of global security risks – and what that means for the future as digital and physical domains continue to become inextricably linked.
"The growing use of cyber capabilities to achieve strategic goals is also outpacing the development of a shared understanding of norms of behavior, increasing the chances for miscalculations and misunderstandings that could lead to unintended escalation," the report stated. "In response to the trends and events that happen in cyberspace, the choices we and other actors make in coming years will shape cyberspace for decades to come, with potentially profound implications for U.S. economic and national security."