Cyber Com

Cyber Com

Hearing on pending nominations.

Lieutenant General Keith Alexander

They got the right guy to head this new cyber force.

Former NSA head, and head of many Intelligence units.

He talked about uncharted areas in policy

and getting the mission right.

He mentioned some areas of complexity,

translation; areas they don't have answers for

yet.

Attribution and neutrality issues of great complexity.

Spoke of areas of responsibility of NSA, DOD, DHS,

Norad and North com.

Spoke to the legacy of perimeter security vs

Security in Depth used now.

Spoke of cyber space as one network.

And of some cyber attacks that would be

equivalent of WMD. Developing rules of 

engagement. 

And how the net would still work if several

nodes were taken down.

Senator spoke of how there is no value

in having cyber war as eveybody looses.

And how the theory of MAD would apply,

Mutually assured destruction. Just like

with nuclear weapons.

And how the Lieut.General couldn't see

cyber war in and of its self. But only as

part of State attack.

And of how in a sustained attack NSA

would join in against the cyber attack.

Or as example would join in in case of 

an attack on the American Electrical grid

if asked.

And how they might not have the authority

to cyber counterattack into a neutral state or against

American PC's because of privacy and attribution

issues.

Also how it was the responsibility of DHS

to defend Fed and civilian networks.

My concerns were numerous and seminal.

If you have to call a meeting to deal with

a cyber attack, you just lost. Maybe even if

you have to make a phone call first, you

may have lost.

Cyber attacks happen at the speed of light.

If attacked from a American PC or from a 

neutral state one has the right of self defense.

There are three ways to deal with massive

DDOS attacks, penetrate the attacking PC and back

track the C2 live in real time, take them off line

and a third method I won't speak about public.

They still don't have the defensive responsibility

paradigm straight yet. 

They defend in depth against penetration for DOD

networks but do not defend the civilian networks.

They could find themselves with a secure Intra net,

and a dead WWW connection.

Confliker could take out all 13 Internet nodes at

once. Their secure Intra nets would be dead in

the water with the WWW down.

Cyber Pearl Harbor.

COW's will work very well to track and

trace scope of an attack. ( Cyber Over Watch )

They must come up with SOP, policys that

are activated in case of attack, there won't

be time to request authority.

Speed of light. Need SOP.

The MAD policy does not apply to terrorist

or possibly in the case of Iranian 13th Imam.

The nominations should have been approved

today, they didn't seem to have a sense of the

gravity of the situation.

Cyber Defcon 1.

Gerald

Internet Anthropologist

Backgrounders:

Advance Q & A for Nominees. 32 pages

Video of Armed Services Committee SD G50 Q&A, 2 hrs.

.