By Ellen Nakashima
Checkpoint Washington (Washingtonpost.com), May 4, 2012
Gen. Keith Alexander, the head of the nation’s largest spy agency and its cyberwarfare command, is urging adoption of legislation to require companies providing critical services such as power and transportation to fortify their computer networks against cyber attacks.
Though he did not specify a particular bill, Alexander, commander of the U.S. Cyber Command and director of the National Security Agency, said in a letter Friday to Sen. John McCain (R-Ariz.) that “recent events have shown that a purely voluntary and market driven system is not sufficient” to protect such networks.
The words are likely to disappoint GOP opponents of government regulation and in particular of legislation pending in the Senate that would authorize the Department of Homeland Security to ensure certain critical networks meet minimum security requirements.
“Some minimum security requirements will be necessary to ensure that the core critical infrastructure is taking appropriate measures to harden its networks to dissuade adversaries and make it more difficult for them to penetrate those networks,” Alexander wrote, adopting the Obama administration’s position on the need cybersecurity legislation.
A legislative package cosponsored by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine), among others, is pending in the Senate that would do just that. But the Cybersecurity Act of 2012 faces stiff opposition from Republicans such as McCain, who have decried it as too burdensome on business. At a hearing earlier this year, McCain blasted the bill as turning DHS into a “super-regulator.” He warned it would lead to “unelected bureaucrats” foisting rules on companies would divert resources from developing security to complying with mandates.
But Alexander, who also stressed that the requirements not be too burdensome, pointed out that the Department of Defense relies on key industries such as power, transportation and telecommunications. Last year, he stated that the power sector is “at the bottom” of the list in cybersecurity. “It’s not a priority for them,” he said at a speech last year at the University of Rhode Island. “They don’t have expertise. They need government assistance.”
Further, he said, it is U.S. Cyber Command’s role to defend the nation from a cyber attack. He said the president can delegate authority to the Defense Secretary to use Cyber Command’s capabilities to defend the nation. And, he said, “much work remains to be done across both the public and private sectors” to deter adversaries in cyberspace.
Alexander also noted in his letter the need for greater sharing of cyber threat data from the private sector with the government. Several bills in both the House and the Senate would enable that. Right now, he said, “the limited, voluntary information sharing by the private sector inhibits the government’s ability to protect domestic cyberspace.”
Other administration officials have explicitly endorsed the Lieberman-Collins bill. They include Defense Secretary Leon Panetta, Joint Chiefs of Staff Chairman Gen. Martin E. Dempsey and Homeland Security Secretary Janet Napolitano.
Phi Beta Iota: We don’t make this stuff up. It is not possible to legislate good code. NSA cannot keep the Chinese from riding the electrical circuits into their own house, nor can NSA process more than 5% of what it collects, and it is incompetent at most languages actually needed to be effective — we’re not even sure NSA is serious about pattern analysis, which is supposed to be 80% of SIGINT. An honest government would shut down the “Cyber-Command” at the same time that it shuts down DHS, create the Open Source Agency, and strive to create a Smart Nation where open source everything provides the security that the government has no clue how to achieve. Put bluntly: it is INSANE to think for even a moment that NSA and Cyber-Command have anything at all to offer in the way of defense to private sector networks.
2002 The New Craft of Intelligence–What Should the T Be Doing to the I in IT? [Steele keynote to NSA in Vegas]
DefDog: The infamous ‘take down the Internet in 30 minutes’ hearing from 1998 — Tens of Billions Later, NSA and OMB Have Not Done Their Jobs, US Cyber is Wide Open and Unsafe at Any Speed + Meta-RECAP