Panetta, Alexander stress urgency of cyberdefense

Defense Department officials have long tried to call attention to  the threats in cyberspace, the importance of partnerships to combat them and the need for  legislation that ties it all together. In separate appearances last week, two top DOD leaders reiterated those themes  and offered a rare glimpse into the Pentagon’s cyber arsenal and the policies surrounding it.

Speaking in New York on Oct. 11, Defense Secretary Leon Panetta touted progress DOD has made in improving defenses, detecting sources of attacks and attempts, and developing governance for U.S. military action in cyberspace.

We defend. We deter. And if called upon, we take decisive action,” Panetta said, according to a DOD transcript.  “In the past, we have done so through operations on land and at sea, in the skies and in space. In this new century, the United States military must help defend the nation in cyberspace as well.”

Pentagon officials traditionally have focused on talking cyber defense, but Panetta, while noting the department’s emphasis on deterrence, made clear that the military is working on more comprehensive approaches – including an improved ability to track the enemy.

“Our cyber adversaries will be far less likely to hit us if they know we will be able to link them to the attack, or that their effort will fail against our strong defenses. The department has made significant advances in solving a problem that makes deterring cyber adversaries more complex: the difficulty of identifying the origins of an attack,” Panetta said. “Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests.”

That ability is backed by a growing capacity for offensive measures, the secretary noted.

“If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the president,” Panetta said. “For these kinds of scenarios, the department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.”

Offensive and defensive capabilities are subject to guidance that is evolving along with the cyber landscape. Panetta said rules of engagement for cyberspace are close to being finalized and will offer comprehensive governance for digital operations.

“The new rules will make clear that the department has a responsibility not only to defend DOD’s networks, but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace,” he said. “These new rules will make the department more agile and provide us with the ability to confront major threats quickly.”

Panetta also called for partnership between the government, military, private sector and international stakeholders, underscoring the importance of sharing information – especially when it comes to critical infrastructure. Those remarks were echoed by Army Gen. Keith Alexander, commander of U.S. Cyber Command and director of the National Security Agency, at a separate event on the same day.

“Ninety percent of cyberspace is owned and operated by industry. But the government depends on that space to operate,” Alexander said at the GEOINT conference in Florida, noting that currently there are barriers to sharing critical information. “That’s a problem…how do you do that? The answer is, ‘Well, we can’t do that easily.”

Both Alexander and Panetta pointed to cybersecurity legislation as being particularly crucial to helping prevent a “cyber Pearl Harbor.” Alexander expressed optimism that Congress would take up the issue again in the next session, warning that a failure to do so could result in a rash response if and when a cyber incident does occur.

“We need to solve this before there’s a big problem…because after there’s a big problem, we’re going to race to the wrong solution,” he said.

Panetta appeared to back the presidential executive order on cybersecurity that officials, including Homeland Security Secretary Janet Napolitano, have said is close to fruition.

“There is no substitute for comprehensive legislation, but we need to move as far as we can in the meantime,” he said. “We have no choice because the threat we face is already here. Congress has a responsibility to act. The president has a constitutional responsibility to defend the country.”