NSA Director Says Security Standards Are Necessary for Critical Cyber Networks, Information Sharing is Not Enough
March 27, 2012
WASHINGTON, D.C.—The head of the military’s Cyber Command said Tuesday that information-sharing among critical infrastructure owners and operators is not enough to protect their cyber networks against attacks from rival nations, criminals, terrorists, and pranksters. Information sharing combined with security standards are needed to confront the growing cyber threat, said General Keith Alexander.
Alexander, who also leads the National Security Agency (NSA), told the Senate Armed Services Committee (SASC) that the Department of Homeland Security (DHS) is the proper agency to collaborate with industry to secure the most critical cyber networks. NSA collects and analyzes information to protect the nation from foreign attacks and is responsible for protecting the cyber networks of the federal government, including the military.
“I do think we have to have some set of standards,” Alexander said. When asked if information sharing was the “crux" of securing critical infrastructure, Alexander responded, “not actually...” adding that security standards for critical infrastructure and better information sharing were both necessary.
He also stated that, “I think the lead for working with critical infrastructure and helping them defend and prepare their networks should lie with DHS.”
The General’s comments translate into powerful support for the Cybersecurity Act of 2012, S. 2105, introduced last month by Senators John D. (Jay) Rockefeller IV, D-W.Va., Joe Lieberman, ID-Conn., Susan Collins, R-Maine, and Dianne Feinstein, D-Calif. That legislation gives DHS the authority to collaborate with the private sector to establish security standards for the nation’s most important cyber networks, for instance, those that keep the electricity on, the water running, or our transportation systems functioning properly. The bill also calls on private companies to share threat information with DHS.
Alexander warned that “every day the probability of an attack increases as more tools and capabilities are out on the network.”
###