The head of the new U.S. Cyber Command said he has no intention of “militarizing” the Internet, but does want the Pentagon to defend the internet from malicious attacks.
General Keith Alexander has been warning that the nation needs to protect its critical infrastructure against inevitable destructive cyber attacks. He reiterated the Defense Department’s stance that the Internet should not be militarized, but government industry networks need more oversight and protection, including extending military computer defenses to privately held parts of the IT infrastructure that are key to the nation functioning.
“Everybody says, ‘I don’t want the intel community or the military in my networks.’ Well, here’s my comment: The only ones who aren’t in your networks are us,” Alexander said. “We see this as something absolutely vital to the future of our country. Cybersecurity for government and critical infrastructure is key to the security of this nation, and we’ve got to do that right. We can do that and protect civil liberties and privacy.”
Alexander said private operations the government wants to defend include companies that supply defense department equipment. He also said the military network’s “secure zone” needed to be extended to all critical resources in partnerships with the private sector. Deputy Defense Secretary William Lynn also recently said that DoD would like to broaden the department’s reach to allow an exchange between cybersecurity personnel in government and industry.
“We already share unclassified threat information on a limited scale with defense companies whose networks contain sensitive information,” Lynn said to an audience of private sector IT security experts at the RSA Security conference. “How to share classified signatures and the technology to employ them across the full range of industrial sectors that support the military and underpin the economy is a pressing policy question…The real challenge at this point is developing the legal and policy framework to do so.”
Another idea that has been floated around the Defense Department is for the National Security Agency (NSA) to monitor select corporate dot.com domains, in an attempt to prevent vulnerabilities from defense contractors.
However, Alexander said that current mood of having the military defend private networks’ cybersecurity is conflicted. On the one hand, government and industry want to take advantage of NSA’s technical capabilities, but only with ironclad civil liberties assurances.