Likely Cyberwar Chief Wants to Play Defense, Not So Much Offense
Lt. Gen. Keith Alexander is up before the Senate Armed Services Committee this morning. (As I type, he’s giving his opening statement.) He’s the head of the National Security Agency and he’s been nominated to become the first-ever head of the military’s new Cyber Command. And he’s giving some indication he’s not going to focus, if confirmed, on attacking enemy cyber-infrastructure. His priority, he testified, will be on “building the capacity, capacity and critical partnerships required to build our operational networks. This command is not about efforts to militarize cyberspace.” He’ll remain, however, at NSA, and it’s unclear how that mix will work in practice.
Over at Danger Room, Nathan Hodge reads through Alexander’s answers to prepared questions and notices that Alexander indicated he doesn’t want to attack enemy civilian infrastructure. Nathan:
[C]yber attacks threatened civilian networks and the financial system. It’s unclear if the military could retaliate in kind. In a series of written answers to questions from senators (.pdf), Alexander said, “It is difficult for me to conceive of an instance where it would be appropriate to attack a bank or a financial institution, unless perhaps it was being used solely to support enemy military operations.”
Sen. Carl Levin (D-Mich.), the committee chairman, referred to CYBERCOM representing “uncharted territory” for the military and the country. He asked how CYBERCOM would operate in support of a regional combatant commander during a military action. “We have standing rules of engagement of how to defend our networks,” Alexander said. So CYBERCOM operates in a defensive capability, it would seem. “We don’t have the authority to go into a third country to launch an attack,” Alexander continued, should an adversary route a cyberattack from the infrastructure of a country that isn’t party to a hypothetical conflict.