Gen. Keith Alexander reiterated his view that the federal government’s network architecture is not defensible against cyber-attacks, but added it can be if rebuilt using the latest cloud-computing technologies.
Alexander, director of the National Security Agency and commander of the U.S. Cyber Command, spoke Friday at a Northern Virginia Technology Council breakfast event in Tysons Corner, Va., where he said NSA is building a secure cloud with the hopes of doing just that.
“We have more than 15,000 enclaves in the Department of Defense, which are impossible to defend – there will be vulnerabilities,” Alexander said. “We need to bring the number to zero and can do so with cloud technology that can rapidly adapt to threats without the need of humans in the loop.”
Alexander added NSA has pushed the code for the secure cloud out to the open source community in hopes the nation’s developers can make it even stronger.
That secure cloud will be needed, Alexander said, especially in the mobile space where there is an increased desire for federal workers to use their smartphones for business applications.
Alexander said NSA is sensitive to that and believes going forward, smartphones can play a key role in the identity management aspect of cybersecurity.
“We are working to get a hardware root of trust that will ensure in the not-to-distant future that a smartphone will act in many ways as a person’s identity card,” Alexander said.
He said the Defense Information Systems Agency is working on a smartphone mobile device plan for the classified networks of DOD. Alexander said employees can access the SIPRnet and classified information, and in the next year or two will likely be able to access communications on a Top Secret level.
Other notes from Alexander’s presentation:
- Solving the cybersecurity issue means out-innovating the competition. Alexander compared it to the enemies stealing the plans for IBM’s Selectric typewriter, so to combat that, our innovators need to create the Internet. “We need to take a monumental leap ahead of our adversaries,” he said.
- When it comes to cyber, the military is putting its people through a rigorous 46-week training program using members from all of the military services. Alexander added even if some of the people trained do not have full military careers, they can take that knowledge to the private sector and help the government that way.
- Alexander further pushed the need for cyber legislation, saying it will greatly strengthen the nation’s cyber defenses. “We’re not trying to read your email,” he said, “but the ability to share information more freely and monitor the networks of critical infrastructure partners is key to defense.”
- NSA, the Department of Homeland Security and the FBI are doing a “hostage exchange program” with each other’s employees, allowing them to share best practices with one another “that’s paid huge dividends,” Alexander said. Those partnerships are key, especially during times such as the Boston Marathon bombing when several different agencies need to work together on a common mission.
- Alexander urged those interested to contribute to the Cybersecurity Framework the National Institute of Standards and Technology is developing as part of President Barack Obama’s cybersecurity executive order. “No one wants a bureaucratic framework wrapped in paper, so to do this right, we need your support,” he said.