INTERNET - Cyberwars Update

"Cyberwar Chief Calls for Secure Computer Network" by THOM SHANKER, New York Times 9/23/2010

The new commander of the military’s cyberwarfare operations is advocating the creation of a separate, secure computer network to protect civilian government agencies and critical industries like the nation’s power grid against attacks mounted over the Internet.

The officer, Gen. Keith B. Alexander, suggested that such a heavily restricted network would allow the government to impose greater protections for the nation’s vital, official on-line operations. General Alexander labeled the new network “a secure zone, a protected zone.” Others have nicknamed it “dot-secure.”

It would provide to essential networks like those that tie together the banking, aviation, and public utility systems the kind of protection that the military has built around secret military and diplomatic communications networks — although even these are not completely invulnerable.

For years, experts have warned of the risks of Internet attacks on civilian networks. An article published a few months ago by the National Academy of Engineering said that “cyber systems are the ‘weakest link’ in the electricity system,” and that “security must be designed into the system from the start, not glued on as an afterthought.”

General Alexander, an Army officer who leads the military’s new Cyber Command, did not explain just where the fence should be built between the conventional Internet and his proposed secure zone, or how the gates would be opened to allow appropriate access to information they need every day. General Alexander said the White House hopes to complete a policy review on cyber issues in time for Congress to debate updated or new legislation when it convenes in January.

General Alexander’s new command is responsible for defending Defense Department computer networks and, if directed by the president, carrying out computer-network attacks overseas.

But the military is broadly prohibited from engaging in law enforcement operations on American soil without a presidential order, so the command’s potential role in assisting the Department of Homeland Security, the Federal Bureau of Investigation or the Department of Energy in the event of a major attack inside the United States has not been set down in law or policy.

“There is a real probability that in the future, this country will get hit with a destructive attack, and we need to be ready for it,” General Alexander said in a roundtable with reporters at the National Cryptologic Museum here at Fort Meade in advance of his Congressional testimony on Thursday morning.

“I believe this is one of the most critical problems our country faces,” he said. “We need to get that right. I think we have to have a discussion about roles and responsibilities: What’s the role of Cyber Command? What’s the role of the ‘intel’ community? What’s the role of the rest of the Defense Department? What’s the role of D.H.S.? And how do you make that team work? That’s going to take time.”

Some critics have questioned whether the Defense Department can step up protection of vital computer networks without crashing against the public’s ability to live and work with confidence on the Internet. General Alexander said, “We can protect civil liberties and privacy and still do our mission. We’ve got to do that.”

Speaking of the civilian networks that are at risk, he said: “If one of those destructive attacks comes right now, I’m focused on the Defense Department. What are the responsibilities — and I think this is part of the discussion — for the power grid, for financial networks, for other critical infrastructure? How do you protect the country when it comes to that kind of attack, and who is responsible for it?”

As General Alexander prepared for his testimony before the House Armed Services Committee, the ranking Republican on the panel, Howard P. McKeon of California, noted the Pentagon’s progress in expanding its cyber capabilities.

But he said that “many questions remain as to how Cyber Command will meet such a broad mandate” given the clear “vulnerabilities in cyberspace.”

The committee chairman, Rep. Ike Skelton, Democrat of Missouri, said that “cyberspace is an environment where distinctions and divisions between public and private, government and commercial, military and nonmilitary are blurred.” He said that it is important “that we engage in this discussion in a very direct way and include the public.”