New DOD cyber commander seeks better situational awareness

The U.S. military must bolster its ability to see and understand in real time what’s happening across its many computer networks, the head of the Defense Department’s Cyber Command said today.

Army Gen. Keith Alexander, the head of the new command that was activated May 21, said the Defense Department needs a common sharable, operating picture across its networks and to enable real-time response. Alexander said situational awareness across DOD’s networks is now often based on forensics generated after an incident has occurred. Alexander spoke at the Center for Strategic and International Studies in his first public remarks as head of the new command.

“We must first understand our networks and build an effective cyber situational awareness in real time through a common, sharable operating picture,” said Alexander, who also heads the National Security Agency. “We do not have a COP, a common operating picture, for our networks. We need to get there. We need to build that.”

DOD is responsible for protecting more than seven million machines, linked in 15,000 networks, with 21 satellite gateways and 20,000 commercial circuits, Alexander said. DOD’s systems are probed by unauthorized users approximately 250,000 times an hour or over six million times per day, he added.

The Senate approved Alexander to become a four-star general and lead the new command on May 7. The command is designed to integrate the military’s offensive and defensive cyber capabilities, and was ordered last June by Defense Secretary Robert Gates.

It's official: DOD Cyber Command activated

Cyber Command nominee lays out rules of engagement

“A decade ago network penetration seemed targeted mostly at exploiting data, in the last few years we saw the bar of conduct lowered for computer network attacks,” he said citing distributed denial-of-service attacks in Estonia and Georgia that impeded government functions. “Now there are hints that some penetrations are targeting systems for remote sabotage.”

In response to a question following his remarks, Alexander said the need for greater situational awareness also applies to war zones such as Iraq and Afghanistan.

“In a war zone, a commander has to have confidence in his command and control system, increasingly our intelligence, our operations, our weapons platforms are all being brought together in cyberspace,” Alexander said. “We have to have confidence that that space is secure, and whoever is running that space for that commander in that area has to know" that it's secure.

Alexander also said it was important for the U.S. to establish clear rules of engagement for military action in cyberspace, an effort that’s underway. He said he thought engagement rules needed to be considered differently for wartime and peacetime situations.

Alexander said officials also should:

• Share threat data at net speed.
• Synchronize command and control of integrated defensive and offensive capabilities at net speed.
• Leverage national power to ensure that the U.S. and other countries can benefit from free movement in cyberspace.
• Continue to conduct international engagement and diplomacy efforts.
• Review military doctrine for appropriateness and effectiveness.
• Consider ways to keep people from exploiting cyberspace for illicit gain.
• Recruit, educate and retain a cadre of cyber experts.
• Be able to operate and adapt to situations at net speed.

Alexander said cyberspace is unique because it’s a man-made and increasingly contested domain. He also said staff from the Joint Functional Component Command for Network Warfare and the Joint Task Force-Global Network Operations were recently consolidated.

“Our Department of Defense must be able to operate freely and defend its resources in cyberspace,” he said. “We will do this as we do it in the traditional military domains of land, sea, air and space.”