You are here: Home / Cyber Security / A look at General Alexander’s RSA Speech

A look at General Alexander’s RSA Speech

February 28, 2011 By

General Alexander is keeping busy at NSA/CYBERCOM

Last week, General Alexander (director of NSA and commander, USCYBERCOM) spoke at the RSA conference in San Francisco. He pointed out the the explosion of technology over the past 10 years. That users went from an average of 250MB of personal files, to over 128GB. The fact that 70% of Americans online are on Facebook – that 600M users worldwide are as well. This, mixed with the huge advances in programming (Watson and Deep Blue) lets us know that we do have the capability to protect and defend our advanced networks.

General Alexander reminded us of attacks on Estonia (2007) and Georgia (2008) as well Latvia, Lithuania, Azerbaijan and Kyrgyzstan. His concern is that some of those attacks might be used on the 15K DoD networks. These networks are scanned over 1 million times a day, yet receive 20k email attacks a month, thousands of independent network assaults. The DoD is scanning 92TB+ and 150B+ packets every day.

The biggest problem is that our public/private infrastructure is the backbone to the network. Additionally, there is a need to secure the defense industrial base. This was made certain by the USB flash drive issues in 2008. General Alexander states, ”Take combined talent and figure out how we secure the network.”  The “combined talent” is that in academia, private industry, and public servants.

He highlighted these needs for CYBERCOM;
  • Need to operate in Cyber Domain
  • Active Defense – key change for military networks and how they operate
  • How to protect critical infrastructure and key resources – have to partner w/ DHS + industry to develop critical infrastructure and key resources
  • Create lasting partnerships across the globe – there is only one internet and we are all plugged into it
  • Leverage technical dominance – the US is innovating and needs to continue to use those innovations to stay technically dominant
General Alexander feels that active defense is the key – we are facing an opponent that is performing guerrilla attacks on our networks. His vision of active defense has the following attributes;
  • Dynamic – ability to change due to the threat profile
  • Customized – tailored to individual agencies and missions
  • Countermeasures - capability to turn
  • Team-Based – multiple systems and organizations working together
    • hunt inside networks for capabilities
    • how we work on boundaries
    • responsibility on military and IC for early-warning and indications (how can this be done?
  • Needs to be more than anti-virus and patch management

The general brought up needs to have widespread cyber education. For our citizens and our civil servants (military and government). The people need to be educated on their role in cyberspace and how they can be a factor in this domain.

Lastly, General Alexander focused on how important STEM + R&D efforts will be to cyberspace dominance. STEM (Science, Technology, Engineering and Math) studies are needed to have educated work force.  R&D spending drives innovation. This ties in with his thoughts on a public/private partnership – pushing STEM + R&D needs to be done at academic, private and public levels, and must be concerted efforts.

Filed Under: Cyber Security, Events Tagged With: , , , , , , , , ,
About RyanKamauff

Ryan Kamauff is an ITIL-certified technology research associate with experience evaluating technologies and performing due diligence assessments on a wide variety of firms. He is a writer at CTOvision.com and a business school graduate with US Army operational experience both CONUS and in Iraq.

  • lefever

    nothing happens by accident-u find answers in least likely places-math is the key

  • T

    One of the biggest mistakes the DoD could make would be to operate from the assumption that all DIB organizations are at the same state of network security, and that DoD networks are more secure than DIB networks are. Helping DIB partners with threat awareness certainly is in the DoD's — and everyone else's — best interest; but audiences should be skeptical of DoD justifications to try removing the responsibility of DIB network security from DIB organizations themselves, or to make private enterprises — even defense contractors — dependent on the DoD for their network security.