The military's top cyber official this week made an urgent appeal for Congress to pass computer-security legislation, warning that the current legal framework discourages private-sector firms from sharing vital information about looming threats to the relevant government agencies and other businesses.
In remarks at a security conference hosted by Georgia Tech, Gen. Keith Alexander, the director of the National Security Agency and commander of U.S. Cyber Command, urged lawmakers to craft a statute that provides for an information-sharing system that would incorporate personal-privacy and civil-liberties protections while shielding businesses from liability for sharing sensitive threat data.
Alexander describes the current system for cybersecurity as fragmented, where different infrastructure operators monitor their narrow portion of the Internet ecosystem, while none has a holistic view. Through an act of Congress, Alexander envisions a system of automated information exchanges where threat information packaged in a "metadata-like format" is sent between businesses and government authorities at "network speed."
"I know the public thinks that we see everything. The reality is that we don't. So if Wall Street is going to be attacked, or is attacked, the chances of me seeing it ... are limited."
Gen. Keith Alexander
Director of the National Security Agency
and commander of U.S. Cyber Command
Information sharing is hardly the final solution to a complex and ever-changing set of threats, he admits, though he suggests that there may be no more critical starting point in the cybersecurity policy discussion.
"We need a way of seeing what's going on. So situational awareness in cyberspace is one of the most difficult issues," Alexander says.
"From my perspective, there's a lot of things that we need to do as U.S. Cyber Command, but first and perhaps the most important issue that I'll put on the table: We need legislation," he adds. "Why do we need legislation? Government does not see attacks on Wall Street. I know the public thinks that we see everything. The reality is that we don't. So if Wall Street is going to be attacked, or is attacked, the chances of me seeing it ... are limited."
Alexander's remarks came as the latest in a series of calls from senior administration and military officials for Congress to take up cybersecurity legislation. Already this year several committees have convened hearings, and various bills and draft proposals have been circulating on Capitol Hill.
Cybersecurity Policy Privacy Concerns
A central tenet of many of those proposals has been the information-sharing element that Alexander says is so crucial. Yet at the same time, privacy and civil-liberties advocates have raised concerns that bills like the bipartisan-backed Cyber Information Sharing and Protection Act (CISPA) could funnel troves of personal information about Internet users to the government with insufficient accountability and oversight.
Sign up for CIO Asia eNewsletters.