Cyber War

Cybercom chief: Destructive cyber attacks are coming

July 10, 2012

The commander of the military’s new U.S. Cyber Command said digital attacks are evolving from disrupting network functions to destructive strikes.

Army Gen. Keith Alexander, the Cybercom commander who is also head of the National Security Agency electronic spy service, said current forms of attack emanate from nation states, criminals, hackers, and others, and mainly disrupt temporarily the work of computer networks and systems.

"What I am concerned about and what I think we really need to be concerned about is when these transition from disruptive to destructive attacks, and I think those are coming," Alexander said during remarks Monday to the American Enterprise Institute.

Such attacks are capable of destroying key elements of a system to the point where the equipment cannot be repaired and must be replaced, such as if a computer’s Basic Input Output System, or BIOS, or other system software is destroyed, he said.

"Those are coming up, and we have to be ready for that," the four-star general said.

Alexander said the number of cyber attacks on networks is growing. Last year, cyberattacks increased 44 percent and malicious software production increased by 60 percent.

Significantly, attacks on critical U.S. infrastructure—the networks that control such systems as the electrical power grid and financial system—rose from nine in 2009 to more than 160 in 2011.

Among the companies that have been hacked are Google, the government contractor Booz Allen, AT&T, Visa, MasterCard, and the U.S. Chamber of Commerce, he said.

Japanese companies Mitsubishi Heavy Industries and Nissan also were hacked.

"They're the ones that know they're being hacked," Alexander said. "Our experience is that when FBI and others look into it, they find out that there are more than a hundred companies, for every one that knows they've been hacked, that doesn't know they've been hacked. That's significant."

Alexander said the data theft is "the greatest transfer of wealth in history" that has been estimated to have cost U.S. companies $250 billion a year.

Deterring such attacks has grown more difficult because many attacks are not "nation-on-nation" strikes.

Some attacks are from unknown origins, but "either way, the outcome could be the same: You lose the financial sector or the power grid or your systems capabilities for a period of time. It doesn't matter who did it; you still lose that. So you've got to come up with a defensive strategy that solves that, from my perspective."

Alexander sidestepped a question about the threat to U.S. networks posed by Chinese hackers.

Asked about the Chinese cyber threat against the United States, Alexander said: "Yes. Did you want a longer answer?"

He then explained that the United States and China are the countries with the largest numbers of computers and related electronic devices.

"From my perspective, there's two issues that we have with that," he said. "One, there's the greatest probability, then, that those devices are going to be used for disruptive, destructive, and other forms, so we both have to get together and figure out a way forward."

He then noted that the theft of electronic intellectual property has been "astounding," with the majority presumably stolen by China. "And we've got to figure out how to stop that."

He noted that during a recent meeting, Secretary of State Hillary Clinton called for the United States and China to develop acceptable norms of behavior in cyberspace.

China’s government, in both public statements and private meetings, routinely denies having any involvement in foreign cyber attacks.

Other U.S. officials have said China is one of the most active foreign governments that use both military and civilian hackers to steal information and plan future digital attacks.

Alexander said he favors new legislation currently being debated on Capitol Hill that would boost information sharing on cyber attacks and allow the government to respond "at network speed" to attacks detected and reported by the private sector, which controls most critical infrastructure.

The legislation would require companies and Internet service providers "to tell us that that type of event is going on at this time, and it has to be at network speed if you're going to stop it."

The government needs to be able to see what is happening in real time, but the government does not need to be inside private networks, he said.

The prospect of passing legislation on cyber security this year could be limited by presidential politics, Alexander said.

Asked about U.S. offensive cyber attack capabilities, such as the Stuxnet virus that attacked Iran’s nuclear plant control systems, Alexander said: "I think the issues that we face in cyberspace, are different than the physical world, if you just think about the two. In cyberspace, this is an area where we have to look at, what are the alternatives?"

The offensive use of cyber weapons raises the question of "what are the means of potentially getting other countries to do something that they may or may not want to do?"

Cyber warfare is a capability that is "short of a war" and involves diplomatic, economic, and informational facets, and not only military, he said.

On terrorists’ potential use of cyber attacks, Alexander said he did not believe that groups such as al Qaeda currently are a "viable threat in that realm right now."