NSA leader urges cybersecurity protocols
The commander of the newly created U.S. Cyber Command said today the nation needs precise rules of engagement that would set the standards for a quick counterattack to a serious breach of U.S. military or civilian data networks.
It also would be helpful if there were international rules on how nations can respond to cyber attacks, Army Gen. Keith Alexander said.
Alexander took over the new command, which is primarily responsible for protecting the military's cyber networks, two weeks ago. He retains his duties as head of the National Security Agency, which conducts electronic surveillance of suspected adversaries and possible terrorists.
During an appearance at the Center for Strategic and International Studies, Alexander said his command is looking at current rules of engagement, how they conform to the laws and his responsibilities, and "how we can articulate those so the people know what to expect."
He said there probably need to be two sets of rules of engagement, one to cover peacetime situations and another for war. Alexander said the issue is complicated by the possibility that an adversary may use a neutral country's computers to launch the attack. In addition, there are differences between an attack on U.S. military systems and one against government or civilian networks.
"What we don't have is the precision in those standing rules of engagement that we need," he said. But that is being worked within the Pentagon and the administration, he added.
Asked about a Russian proposal for a "cyber arms limitation treaty," Alexander said he believed there should be international rules, but that they would have to be negotiated by the secretaries of State and Defense and the president.
International rules of engagement could provide a level of deterrence by letting potential adversaries know what the response to an attack could be like.
Alexander did not comment on legislation pending in Congress that would affect his new command.
One provision added to the fiscal 2011 Defense authorization bill in the House last week would mandate automated monitoring of networks to detect cyber attacks, and would create a National Office of Cyberspace in the White House.
Another bill approved by the Senate Commerce Committee would order an increased focus on cybersecurity within the government and efforts to raise public awareness of the threats.
In response to questions about concerns that NSA and Cyber Command could encroach on the privacy and civil rights of Americans, Alexander said he spends a lot of time on that issue.
"On civil liberties and privacy, the key issue is oversight," he said.
"The government, the court systems and Congress all need to play a role in that, to know that the actions we're taking conform to the law and protect the civil liberties and privacy of our people," the general said. "I do spend a lot of time with the court and with Congress, explaining exactly what we're doing, where we have issues, where there needs to be a change, what we can and cannot do."
The court he mentioned is the Foreign Intelligence Surveillance Court, which was created by a 1978 law and was enlarged by the 2001 PATRIOT Act. It was created to provide quick decisions on requests for warrants to conduct electronic surveillance of communications inside the United States.