TAMPA, Fla. (Army News Service, Aug. 3, 2010) -- Protection of the nation's computer networks requires focus on four key areas, said the director of the National Security Agency.
During the first day of the 2010 Armed Forces Communications and Electronics Association's "LandWarNet" conference, Aug. 3, in Tampa, Fla., Gen. Keith B. Alexander, commander, U.S. Cyber Command and director of the National Security Agency, discussed both threats to the DOD computer network and suggestions on how to secure it.
Dynamic protection of the network, the general said, involves a four-pronged approach to protecting a network with as many as 7 million attached computers.
1: Hunt for malicious ware
First among those aspects, he said, is defending the network in the same way the Army might protect an area of land it has captured on the ground.
"Inside our networks, just like we would do in physical combat, we have to have folks that are hunting inside our networks," he said. "Give the system administrators, our network operators, weapons to hunt inside our networks for malicious software and malicious actors, to destroy them".
2: Protect network borders
At the edges of the network, where users interface with network capabilities, there needs to be systems in places that can provide real-time notification of malicious activity to those that are charged with protecting it, he said.
"We have to have an interactive device at the boundary," he said. "And that interactive device capability has to be able to talk to those network hunters inside our network and our foreign intelligence capabilities and law enforcement and others outside our network".
3: Partner with stakeholders
Also key to protecting the network, he said, is to have strong partnerships with stakeholders in the network. That includes allies and other government agencies.
"We have to, with our allies, be able to see what is going on with the global network so we can provide real-time indications and warning to our defensive capabilities".
4: Establish ROE
Finally, he said, those protecting the network need to be able to defend it when threats arise. That means they are equipped with rules of engagement to allow them to know what they are allowed to do, both defensively and offensively, without having to endure costly efforts to propose plans for defense and to seek approval for actions they should take.
"We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us," he said. "You need autonomous decision logic that's based on the rule of law, the legal framework, to let network defenders know what they are allowed to do in the network's defense".
The general spoke to what was claimed as a record audience of attendees at this year's LandWarnet conference. An estimated 9,000 Soldiers and information technology experts from the private sector are in attendance at the three-day event.
Know the threat
The general spoke at length about the threats to military networks. He said the threat environment today affects more than 7million computers on more than 1,500 individual DOD networks.
"On any given day, our networks are probed over 250,000 times an hour," he said. That comes to about six million times a day. Additionally, over 140 foreign intelligence organizations are actively attempting to penetrate U.S. computer networks. And according to a figure by the network security company, Symantec, the cost of cybercrimes have exceeded $1 trillion, he added.
Threats to the network have evolved, he said, from exploitative threats, to disruptive threats, to destructive threats.
Using networks to take money or information, for instance, is exploitative. To deny service to networks is disruptive. In 2007, for instance, the national networks in Estonia were nearly shut down by distributed denial of service attacks, suspected to be the doing of unhappy Estonians of Russian descent voicing outrage at the removal of a bronze statue of a World War II Soviet soldier. U.S. Army
