WASHINGTON – U.S. computer systems need more protection from attacks, but making networks less vulnerable must be done carefully to avoid disrupting people's online activities, the head of the military's Cyber Command said Thursday.
While achieving both goals will take time, it's necessary to protect systems at home and in war zones from a growing threat mounted by other countries and criminals, said Gen. Keith Alexander.
Alexander, who also is director of the National Security Agency, recommended creating a "secure zone" for computer systems covering federal agencies, financial networks and critical infrastructure.
He also told a House committee that he has sent a special operations unit to Afghanistan to help shore up the networks used by commanders and troops to communicate and run the war. Failure of the networks would make it harder to fight, he said. Transmitting intelligence to forces and working with allies depend on those communications.
The military is making progress on this front, he said.
Improving security for domestic networks is a thornier issue. The White House, Congress and industry leaders are at loggerheads over any hint of government control, regulation or influence over the Internet. They're struggling to come up with a solution that protects national security without appearing to limit or monitor the public's Internet use.
Alexander told a small group of reporters Wednesday evening that federal officials are hashing out how best to conduct cyberwarfare and how to respond to an attack that knocks out banking systems, shuts off electricity or takes control of a nuclear power plant.
"You could come up with what I would call a secure zone, a protected zone, that you want government and critical infrastructure to work in that part," said Alexander, who also testified Thursday before the House Armed Services Committee. "At some point it's going to be on the table. The question is how are we going to do it."
He said that setting up such a system "technically is fairly straightforward. The hard part is working through making sure everyone is satisfied with what we're going to do," and explaining it to the public.
Federal and commercial computer networks are scanned and attacked millions of times a day by hackers, criminals and other countries. Their goals are to steal money, ferret out sensitive data or disrupt and destroy critical operations.
Alexander said the administration's internal discussions are looking at whether federal agencies — including his Cyber Command, the FBI or the Department of Homeland Security — need new powers to take action during computer attacks.
As much as 85 percent of the nation's critical infrastructure is owned and operated by private companies, from nuclear and electric power plants to transportation and manufacturing systems.
In his session with reporters at the National Cryptologic Museum in Fort Meade, Md., home to some of the country's early computers, Alexander talked at length about the need for government to work with private industry to protect the systems that run daily life.
Under agreement with the reporters, his comments were not for release until the House hearing began.
He said that right now he does not see terrorist groups as a major cyberthreat, but that could change.
In his prepared testimony for the hearing, Alexander warned that deterring enemies in the cyberworld will not be easy and could take years to achieve.
He said it will require progress in the military's ability to defend its networks and strike back against the source of Internet attacks. The U.S., he said, must develop counterattacks "that adversaries know we will use if we deem necessary."
The House committee chairman, Rep. Ike Skelton, D-Mo., said Congress needs to know what the Pentagon wants. He noted that computer-based threats are daunting and will be a big part of the future of warfare.
Alexander reeled off the rapidly growing statistics of today's online culture: 1.9 billion Internet users; 4.6 billion cellular subscribers; an average of 247 billion e-mails sent each day this year; and $300 billion in intellectual property stolen over computer networks this year.
Alexander assumed control of Cyber Command in May. He said the budget for this year is about $120 million, and that probably will grow to about $150 million in 2011.
The money pays for about 1,000 military and civilian workers, including those who staff a 24-hours-a-day operations center that monitors and defends the Defense Department's computer networks.
With a nod to critics, Alexander pledged that the Cyber Command will comply with all privacy and civil liberties laws.
"We have to get this right, as I believe the security of our nation depends on it," he said.
Defense Department: http://www.defenselink.mil