Destructive Network Attacks Coming, Cyber Command Leader Says
Cyberthreats so far have been characterized as either exploitive or disruptive. Hackers are either trying to steal secrets or launch denial of service attacks that degrade networks, he said.
These will one day escalate to sabotage, he said at the "Maneuvering in Cyberspace" conference, the first the command has hosted since it became active one year ago.
"It's coming in my opinion. It is a question of time. People say, 'that's two years out,' or 'that's five years out.' What we don't know is how far out it is — an attack in cyberspace," he said. It could be against physical infrastructure like power grids or dams. Or it could be against mobile platforms or other sectors of the economy. "We don't know what it will be," he added.
He recalled the massive denial of service attack on Estonia that forced one of the most technologically adept nations in Eastern Europe to shut off Internet access to the outside world. He likened that to two people having a conversation, but there are so many others speaking that they can't understand each other. The Estonia attack was just noise. A destructive attack would be like those people shooting guns at each other.
When asked if the United States should bolster its ability to launch its own cyber-attacks, Alexander said the the nation needs to get its defenses in order before it could even consider carrying out such an action. It would be like "throwing stones in a glass house," and it would have the potential to escalate into a real-world conflict where actual weapons are used, he said.
"Logically speaking, we are not in a position to do that," he said. "We have to defend our country better."
Meanwhile, as far as exploitation, the ex-filtration of data from U.S. companies continues on a massive scale. It is the "greatest raid on intellectual property" in history, he said. One company he did not name had lost $1 billion in technology it had taken it 20 years to develop, he said.
Lockheed Martin and Booz Allen Hamilton were recently infiltrated, but the only reason people know about it is "because they are good." The bad companies, of which there are hundreds of times more than those two examples, have no idea that they have been compromised, he said.