Defense not enough in cyber security

Tulsa World
Published: 4/26/2011 

Gen. Keith B. Alexander, commander of the U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service, says at least 5,000 new bits of malicious code show up on the Internet every day.

Alexander, who spoke Monday at the University of Tulsa, said these constant new threats mean that simply throwing up a computer firewall and fixing things when they break isn’t good enough.

“We can no longer depend on a static defense,” he said.

And it’s not just individual computers or companies that could be vulnerable. Alexander noted that as utilities such as electricity and water systems grow increasingly computerized and interconnected, they too could be brought down by a cyber attack.

Already some utilities have experienced outages because of computerization. Alexander pointed out that the electric grid in the Northeast went down in 2003 because of software anomalies, and the Sayano-Shushenskaya hydroelectric dam in Russia suffered a catastrophic turbine failure in 2009 that killed 75 people because its stability software was down.

Alexander said protecting U.S. infrastructure is a priority, though the fragmented nature of the various technologies used by different utility companies make the effort challenging.

“If we only protect the military networks and not the infrastructure, then we’ll have a great network that won’t be able to talk to anyone,” he said.

Worries about civil liberties often come up in discussions about computer security, and Alexander said he and his team are concerned about it, too. He added that the NSA “doesn’t go through people’s emails.”

“We’re not asking for one over the other; we should have both civil liberties and protection,” he said. “As Americans, we should demand it.”

Alexander said his agency’s cyber activities are both defensive and offensive in nature, though he said he could not elaborate on particular offensive operations. He did note that the rules of computerized warfare are still being determined, such as what happens when an attack is routed through a hostile nation, a neutral country or the United States itself.

“These are issues we have to work our way through, because the laws and boundaries aren’t clear,” he said.


One thought on “Defense not enough in cyber security

  1. Quit being stupid. Find another architecture. Have you
    ever heard of aliens. (Damn, this Woodbridge wine is good!)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s