Legislation, partnership with industry are critical to bolster underpowered U.S. cyber defenses, according to the Cyber Command's chief.
The United States isn’t ready for a serious cyber attack, and though defenses are getting stronger, there is still more work to be done, according to Gen. Keith Alexander, U.S. Cyber Command commander and National Security Agency director.
The country rates only a 3 on a scale of 1 to 10 in cyber-readiness, Alexander said.
The complexities of defending public and private networks against potential attacks on critical infrastructure are part of the problem, as well as a Cold War-era mentality that is slow to dissipate, Alexander said July 26 at the Aspen Institute’s annual security forum in Aspen, Colo.
In the new era of warfare, a partnership becomes more critical than ever to combat a versatile threat against cyberspace’s multi-faceted landscape.
“If we were to be completely candid here, the reality is that industry is getting hacked [and] government is getting hacked. What we need to do is come together and form best practices,” Alexander said in Aspen, per a Defense Department release. “When we put together this ability for our nation to work as a team in cyber space, what that allows us to do now is do things that other countries aren’t capable of doing in defending the nation.”
Mobile technology is also increasing cyber dangers, with mobile attacks nearly doubling over the past year, according to Alexander, who declined to offer a specific number of attempts on U.S. networks at the Aspen appearance.
“The attack surfaces for adversaries to get on the internet now include all those mobile devices,” Alexander said, adding that mobile security isn’t as comprehensive as more traditional desktop computer and landline defenses.
In a July 27 New York Times report, Alexander indicated there was a 17-fold increase in malicious attempts on critical infrastructure between 2009 and 2011.
At his Aspen Institute appearance, Alexander called on Congress to help spur improvements in U.S. cyber defense.
“Today, the offense clearly has the advantage,” he said. “Get cyber legislation in there, bring industry and government together, and now we have the capability to say ‘You don’t want to attack us. We can stop it and there are other things that we can do to really make this hurt,’” he said. “The key is having a defensible capability that can survive that first onslaught.”