The National Security Agency‘s director told lawmakers Tuesday that the government should not launch cyber attacks at the discretion of individual military leaders, the Washington Post reports.
Army Gen. Keith Alexander, also head of the U.S. Cyber Command, told the Senate Armed Services Committee standards are needed regarding how military commanders should handle cyber attacks on networks outside their authority.
Alexander’s testimony comes a week after the Defense Department said it was working on rules in regard to how the military should react to a cyber attack.
Those rules would also address when it is appropriate to practice an active cyber defense versus defensive.
Defining those rules of engagement comes down to what military heads can defensively do that is analogous to a missile shoot-down, Alexander said.
When pursuing a computer in foreign space, the response may be more appropriate from the president or a head from the Pentagon versus military department heads taking action, Alexander said.
He said that the military is not allowed to take actions outside of its computer networks without permission.
Alexander told the panel that Cyber Command is working with the Joint Chiefs of Staff, the Joint Staff and the Pentagon to address authorization issues on computer networks that are being attacked.
He added that the National Security Council and other entities will help draft rules for cyber engagement.
Additionally, Alexander testified that the method to alert private companies and defense contractors to a breach is not fast enough to prevent theft.
He said that companies that provide essential services such as water or electricity should have to meet a set of security standards and share data on network attacks with the government, similar to the Pentagon’s pilot program sharing cyber information with contractors.
