Date: Fri May 24 19:44:37 2013

...

I am proud of this record of success but aware that more needs to be done by Cyber Command as part of the larger cyber enterprise that includes the National Security Agency/Central Security Service (NSA/CSS), the Service cyber components, and the Defense Information Systems Agency (DISA). I foresee five challenges over the coming year that Cyber Command will face and continue to address. Those areas are the following:

1. Concept for Operating in Cyberspace: Every domain, by definition, has unique features that compel military operations in it to conform to its physical 12 or relational demands. ...
2. Cybersecurity Responsibilities: Defending the nation in cyberspace requires a coordinated response among several key players from throughout the government. ...
3. Trained and Ready Force: At present we are critically short of the skills and the skilled people we as a Command and a nation require to manage our networks and protect U.S. interests in cyberspace.
4. Defensible Architecture: Our current information systems architecture in the Department of Defense was not built with security uppermost in mind, let alone with the idea of operationalizing it to enable military missions. Instead, we have seven million networked devices in 15,000 DoD network enclaves. Our vision is to fashion that architecture into an operational platform, not just a channel for communications and a place for data storage. To do so, our DoD cyber enterprise, with the Department�s Chief Information Officers, DISA, and Cyber Command helping to lead the way, will build a common cloud infrastructure across the Department and the Services that will not only be more secure but more efficient�and ultimately less costly in this time of diminishing resources�than what we have today. ...
5. Global Visibility Enabling Action: We cannot wait for the implementation of that vision of a defensible architecture, however, to improve our situational awareness. Our commanders and our Services need to know what�s happening inside and outside our networks, but at present we cannot even develop a definitive picture of the 15,000 DoD network enclaves and lack the capability to easily understand what is happening as it occurs. Furthermore, we must know in real time when and how the internet and the overall cyber environment inside and outside the United States are threatened in order to counter those threats.

...

General Keith B. Alexander, USA, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service

********************************************

CYBERCOM continues to play an essential role operating and defending DOD's information networks. Moving forward, we must continue to improve situational awareness and clarify the global roles, responsibilities, expectations, and authorities that contribute to stable and effective deterrence and assurance. Effective defensive and offensive preparation begins with situational awareness. Threats in cyberspace are anything but static, and a useful defensive strategy or capability existing one moment may be ineffective mere seconds later, and improved relationships and technical capabilities allow us to better understand the dynamic cyber environment. Gaining this awareness and then acting quickly and effectively requires improving the complex interagency and international relationships. Cyber security requires the entire government�s effort. No single agency or department can effectively address the threats we face in cyberspace; we must constantly evaluate relationships an d operational constructs to address constantly evolving threats. The recent Defense Industrial Base (DIB) Pilot program is a great example of the benefits of partnership and the type of activity we look forward to furthering in the future.

...

General C. Robert Kehler, USAF, Commander, U.S. Strategic Command

UNITED STATES SENATE COMMITTEE ON ARMED SERVICES

Tuesday, March 27, 2012
9:30 AM
Room SD-106
Dirksen Senate Office Building
OPEN*

To receive testimony on U.S. Strategic Command and U.S. Cyber Command in review of the Defense Authorization Request for Fiscal Year 2013 and the Future Years Defense Program.

Archived Webcast

General C. Robert Kehler, USAF
Commander, U.S. Strategic Command

General Keith B. Alexander, USA
Commander, U.S. Cyber Command
and
Director, National Security Agency/Chief, Central Security Service

http://armed-services.senate.gov/e_witnesslist.cfm?id=5283

DOD Needs Industry�s Help to Catch Cyber Attacks, Commander Says

By Lisa Daniel

American Forces Press Service

WASHINGTON, March 27, 2012 � The Defense Department needs private-sector cooperation in reporting computer network attacks in real time to stop what has been the �greatest transfer of wealth in history� that U.S. companies lose to foreign hackers, the head of U.S. Cyber Command told a Senate committee today.

Army Gen. Keith B. Alexander, who also is the National Security Agency director, told the Senate Armed Services Committee that he supports legislation that would require private companies to report attacks, and added that such reporting needs to happen before an attack is complete.

�We need to see the attack,� he said. �If we can�t see the attack, we can�t stop it. We have to have the ability to work with industry -- our partners -- so that when they are attacked, they can share that with us immediately.� Many cyber defense bills have stalled in Congress over concerns about privacy, overregulation and the military�s role in cyber protection, Alexander and the senators noted.

The general compared the current situation, where DOD computers receive some 6 million threatening probes each day, to a missile being fired into U.S. airspace with no radars to see it. �Today, we�re in the forensics mode,� he said. �When an attack occurs, we�re told about it after the fact.�

Alexander added, though, that industry should be monitoring their own systems with help from Cyber Command and the Department of Homeland Security. �I do not believe we want the NSA or Cyber Command or the military in our networks, watching it,� he said.

Alexander explained the federal partnership of U.S. cyber security as one in which Homeland Security leads in creating the infrastructure to protect U.S. interests, Cyber Command defends against attacks, FBI conducts criminal investigations, and the intelligence community gathers overseas information that could indicate attacks.

�Cyber is a team sport,� he said. �It is increasingly critical to our national and economic security. � The theft of intellectual property is astounding.�

The Defense Department�s request of $3.4 billion for Cyber Command in fiscal 2013 is one of the few areas of growth in the DOD budget, senators noted. The command has made progress toward its goals of making cyber space safer, maintaining freedom of movement there, and defending the vital interests of the United States and its allies, Alexander said. The command also is working toward paring down the department�s 15,000 separate networks, he said.

Cyber threats from nations -- with the most originating in China -- and non-state actors is growing, Alexander said.

�It is increasingly likely, as we move forward, that any attack on the U.S. will include a cyber attack,� he said. �These are threats the nation cannot ignore. What we see � underscores the imperative to act now.�

http://www.defense.gov/news/newsarticle.aspx?id=67713