Calling cyber policy and preparation, “one of the most critical problems our country faces,” head of the U.S. Cyber Command Gen. Keith Alexander offered a nuanced position yesterday in congressional testimony on what do in the event of a crippling attack on the nation’s computer networks.
On the one hand, Alexander, who is also the head of the National Security Agency, offered support for a secure zone that would encompass not only federal networks, but also private ones critical to the nation’s well-being, such as banks, power grids and defense companies working on vital technologies.
On the other hand, he seems well aware of the challenges of enacting such a policy. And until it is put in place, it appears private computer networks will largely be on their own.
“I think we have to have a discussion about roles and responsibilities: What’s the role of Cyber Command? What’s the role of the ‘intel’ community? What’s the role of the rest of the Defense Department? What’s the role of DHS? And how do you make that team work? That’s going to take time,” Alexander is quoted in The New York Times.
Add to that the question of what exactly would be included under the dot-secure umbrella, who has the authority to set policy and questions about the potential trade-off between protecting computer networks and privacy, which is sacrosanct in doing business (or anything) on the web.
Alexander said the White House would take the lead in deciding how much the secure zone would cover. But the administration may have to seek new, expanded authority from Congress to do so.
So far, Alexander’s hands appear partly tied by this lack of a clear policy.
“I think doing it, technically, is fairly straight forward,” Alexander said in remarks to reporters before his testimony Thursday morning, according to a Reuters report. “The hard part is now … ensuring everybody’s satisfied with what we’re going to do.”