The Tampa Tribune / TBO.com
Military News
When Keith Alexander arrived in Tampa in 1998 to take over as director of intelligence for U.S. Central Command, he spent the first six days walking around MacDill Air Force Base, checking out his new surroundings.
“Then on the seventh day — and this isn’t biblical — but on the seventh day, al-Qaida bombed the two embassies, and it all went down hill after that and I never saw the sun again while I was here.”
Things have changed since then. Alexander, who went on to run the National Security Agency and serve as the first commander of U.S. Cyber Command before retiring last year as a general, is calling for government and industry to keep up with the rapid evolution in technology.
Advancements have enabled governments, violent extremists and criminal organizations to steal secrets, personal information and funds and threaten networks relying on computers.
Speaking Tuesday to a room full of cybersecurity experts, military personnel, faculty, professors and students at the University of South Florida, Alexander said that the U.S. is not doing enough to protect itself in cyberspace.
To help fix the problem, he urged Congress to pass the Cyber Security Sharing Information Act of 2015. And he called for the development of systems that are defendable on many levels, not just at initial entry.
“We are the nation that invented the internet,” Alexander said. “We ought to be the first to secure it.
Alexander was keynote speaker at the opening of a two-day conference called FC2, put on by the Florida Center for Cybersecurity at the University of South Florida.
Alexander delivered his speech, titled “Staying Ahead of the Curve: Securing a Nation Amid Change,” at USF’s Marshall Student Center.
The legislation, stalled in Congress, would require timely sharing of classified and declassified cyber threat indicators held by the federal government with private entities, non-federal government agencies, state, tribal, and local governments.
The measure also calls for sharing unclassified indicators with the public.
This would allow government and industry to work together, said Alexander, who as CEO and president of the private IronNet CyberSecurity now provides strategic vision to corporate leaders on cybersecurity through development of cutting edge technology, consulting, education and training.
Pointing to last year’s cyber attack on Sony by North Korea, Alexander noted that Sony is not allowed to attack back — “it would create a ground war” — and needs to depend on government to respond.
“How can the government do that if it can’t see what is hitting Sony’s network? They have to have the ability to share with the government at network speed, and that takes legislation.”
The U.S. also should have done a better job, Alexander said, of protecting its own data in the recent hack by the Chinese of the federal Office of Personnel Management database, which exposed personal identifying information of millions of people.
“We should have defended the network better,” he said. “Don’t let them steal it.”
At the same time, Alexander, said it is important to protect privacy and civil liberties. He recalled when Geoffrey Stone, a board member of the American Civil Liberties Union, took part in a review of the NSA ordered by President Barack Obama in the wake of the Edward Snowden disclosure of the agency’s activities.
Stone, Alexander said, eventually came to see that the agency was indeed protecting civil liberties as well as national security.
The two co-wrote an op-ed piece in May for the Christian Science Monitor, calling for “new legislation that would restore the American people’s trust in our intelligence agencies and ensure both legitimacy and support for critical intelligence collection.”
Still, the legislation is opposed by groups like the Electronic Frontier Foundation, which works to defend civil liberties in the digital world. The legislation touted by Alexander is “a privacy invasive surveillance bill that must be stopped,” the foundation says.
Alexander, who was NSA director from 2005 to 2014 and became the first command of Cybercom in 2010 until retirement in 2014, kicked off the first day of the FC2 conference, which brings together cyber experts from academia, government, the military and industry.
The issues they face include countering cyber threats in banking, healthcare and insider negligence.
With failures including the breach of systems at Target and Home Depot, Sony and the Office of Personnel Management, the Pentagon and Centcom’s social media accounts, protecting against the threats is big business.
Globally, the cyber defense industry will be worth about $150 billion by 2019, said Sri Sridharan, chief operating officer for the Florida Center for Cybersecurity.
The conference has been a boon to the center’s efforts to attract students and businesses, said Rhonda Hunter, the assistant program director with the center’s Cyber Academy.
“A lot of businesses are interested in partnerning,” Hunter said. “They realize the importance of doing so, to protect their own interests.”
The North Korean attack on Sony, Alexander told a small group of reporters after his speech, was closer to cyber warfare than the Chinese hack of the federal personnel records.
“If a nation state is intent on doing harm and does harm, that is something I think that has to be considered.”
He declined to talk about whether he considers to be cyber warfare the Stuxnet virus attacks that disabled portions of the Iranian nuclear program and were said to be a joint effort by the U.S. and Israel.
The attacks took place in 2009 and 2010, while Alexander was running the NSA.
“That’s an interesting question,” he said.
But there are documented cases of cyber warfare, Alexander told the audience. He pointed to attacks on computer systems in Estonia that he considers the work of Russian intelligence and in Georgia as Russian troops were entering the country.
The conference is scheduled to wrap up Wednesday with FC2’s first-ever Research Symposium. Last year, the Florida Center for Cybersecurity awarded $500,000 in seed grants for research projects designed to draw the attention of investors interested in commercializing and launching new businesses.
That’s part of the center’s mission to help grow the cybersecurity industry and drive economic development in Florida.
Original URL: http://www.tbo.com/list/military-news/cyber-expert-urges-open-talk-between-government-business-20151013/
