Last week, General Alexander (director of NSA and commander, USCYBERCOM) spoke at the RSA conference in San Francisco. He pointed out the the explosion of technology over the past 10 years. That users went from an average of 250MB of personal files, to over 128GB. The fact that 70% of Americans online are on Facebook – that 600M users worldwide are as well. This, mixed with the huge advances in programming (Watson and Deep Blue) lets us know that we do have the capability to protect and defend our advanced networks.
General Alexander reminded us of attacks on Estonia (2007) and Georgia (2008) as well Latvia, Lithuania, Azerbaijan and Kyrgyzstan. His concern is that some of those attacks might be used on the 15K DoD networks. These networks are scanned over 1 million times a day, yet receive 20k email attacks a month, thousands of independent network assaults. The DoD is scanning 92TB+ and 150B+ packets every day.
The biggest problem is that our public/private infrastructure is the backbone to the network. Additionally, there is a need to secure the defense industrial base. This was made certain by the USB flash drive issues in 2008. General Alexander states, ”Take combined talent and figure out how we secure the network.” The “combined talent” is that in academia, private industry, and public servants.
- Need to operate in Cyber Domain
- Active Defense – key change for military networks and how they operate
- How to protect critical infrastructure and key resources – have to partner w/ DHS + industry to develop critical infrastructure and key resources
- Create lasting partnerships across the globe – there is only one internet and we are all plugged into it
- Leverage technical dominance – the US is innovating and needs to continue to use those innovations to stay technically dominant
- Dynamic – ability to change due to the threat profile
- Customized – tailored to individual agencies and missions
- Countermeasures – capability to turn
- Team-Based – multiple systems and organizations working together
- hunt inside networks for capabilities
- how we work on boundaries
- responsibility on military and IC for early-warning and indications (how can this be done?
- Needs to be more than anti-virus and patch management
The general brought up needs to have widespread cyber education. For our citizens and our civil servants (military and government). The people need to be educated on their role in cyberspace and how they can be a factor in this domain.
Lastly, General Alexander focused on how important STEM + R&D efforts will be to cyberspace dominance. STEM (Science, Technology, Engineering and Math) studies are needed to have educated work force. R&D spending drives innovation. This ties in with his thoughts on a public/private partnership – pushing STEM + R&D needs to be done at academic, private and public levels, and must be concerted efforts.
Related posts:
I second the motion to increase public education about Internet security issues, and esp how to protect yourself. The General might like what I said about this in my essay “Internet Voting: The Great Security Scare.”* Lack of protection, and human activity, are the biggest threats, the security technology itself is trustworthy, when kept up to date.
*http://ssrn.com/author=1053589