Hearing on pending nominations.
Lieutenant General Keith Alexander
They got the right guy to head this new cyber force.
Former NSA head, and head of many Intelligence units.
He talked about uncharted areas in policy
and getting the mission right.
He mentioned some areas of complexity,
translation; areas they don't have answers for
Attribution and neutrality issues of great complexity.
Spoke of areas of responsibility of NSA, DOD, DHS,
Norad and North com.
Spoke to the legacy of perimeter security vs
Security in Depth used now.
Spoke of cyber space as one network.
And of some cyber attacks that would be
equivalent of WMD. Developing rules of
And how the net would still work if several
nodes were taken down.
Senator spoke of how there is no value
in having cyber war as eveybody looses.
And how the theory of MAD would apply,
Mutually assured destruction. Just like
with nuclear weapons.
And how the Lieut.General couldn't see
cyber war in and of its self. But only as
part of State attack.
And of how in a sustained attack NSA
would join in against the cyber attack.
Or as example would join in in case of
an attack on the American Electrical grid
And how they might not have the authority
to cyber counterattack into a neutral state or against
American PC's because of privacy and attribution
Also how it was the responsibility of DHS
to defend Fed and civilian networks.
My concerns were numerous and seminal.
If you have to call a meeting to deal with
a cyber attack, you just lost. Maybe even if
you have to make a phone call first, you
may have lost.
Cyber attacks happen at the speed of light.
If attacked from a American PC or from a
neutral state one has the right of self defense.
There are three ways to deal with massive
DDOS attacks, penetrate the attacking PC and back
track the C2 live in real time, take them off line
and a third method I won't speak about public.
They still don't have the defensive responsibility
paradigm straight yet.
They defend in depth against penetration for DOD
networks but do not defend the civilian networks.
They could find themselves with a secure Intra net,
and a dead WWW connection.
Confliker could take out all 13 Internet nodes at
once. Their secure Intra nets would be dead in
the water with the WWW down.
trace scope of an attack. ( Cyber Over Watch )
They must come up with SOP, policys that
are activated in case of attack, there won't
be time to request authority.
Speed of light. Need SOP.
The MAD policy does not apply to terrorist
or possibly in the case of Iranian 13th Imam.
The nominations should have been approved
today, they didn't seem to have a sense of the
gravity of the situation.