Cyber Command Chief Pushes for Info-Sharing Laws Amid Privacy Concerns

By Eric Beidel

By Eric Beidel
With a looming presidential election likely to stymie any progress on key issues this year by Congress, the military’s cybersecurity chief nonetheless called on lawmakers to pass legislation that would spur government and industry to share information on network attacks.
Army Gen. Keith Alexander, commander of U.S. Cyber Command and director of the National Security Agency, sought to alleviate concerns about privacy rights during a July 9 speech to a standing-room only crowd at the American Enterprise Institute in Washington, D.C.
“We can do protection of civil liberties and privacy and cybersecurity as a nation,” Alexander said.
Lawmakers currently have before them four major pieces of legislation, all of which focus on information sharing. Alexander hopes that Congress can sort through the mess to determine how government agencies and industry can share information and do so “in such a way that the American people know that we’re protecting civil liberties and privacy.”
The idea that the NSA’s new Utah Data Center will be leafing through trillions of personal emails is “bologna,” he said.
Security companies such as McAfee and Symantec have a number of ways to evaluate malware that could infect systems, but “they’re not reading your email, per se, to see that,” Alexander said.
The general expressed concern about attacks on critical infrastructure such as the power grid and financial system. The government has to rely on the private sector to tell them what’s hitting those systems, he said.
“If the critical infrastructure community is being attacked by something, we need them to tell us at network speed. It doesn’t require the government to read their mail or your mail,” Alexander said. “It’s like a missile coming into the United States . . . we’re actually trying to figure out when the nation’s under attack and what we need to do about it.”
Speaking during a panel discussion after the general’s speech, Cato Institute Director of Information Policy Studies Jim Harper suggested that the leader of Cyber Command may be simplifying the concerns about privacy rights. Most of the cybersecurity bills have language that would allow them to take precedence over other laws, Harper said.
“It disturbs me to think that health privacy law, financial privacy law, the Electronic Communications Privacy Act, the E-Government Act, contract law, torts, go on, go on, go on — none of those would apply when information sharing for cybersecurity purposes is involved,” he said. “Surely we can write more precise legislation than that, and I think Gen. Alexander could serve the discussion well by asking not to have provisions like that in legislation.”
Other experts on the panel suggested that apocalyptic rhetoric has made it seem as if the United States were in imminent danger of a crippling cyber-attack, but that the reality is much different.
“The idea of a bolt-from-the-blue nation-state attack on the U.S. infrastructure strikes me as being very unrealistic,” said Adam Segal, senior fellow for counterterrorism and national security studies at the Council on Foreign Relations.
The Stuxnet virus unleashed on Iran’s nuclear facilities has been labeled the most sophisticated attack in history, he noted.
“But from my point of view it actually did not do that much harm,” Segal said. “We’re not talking about, as far as I can tell, truly strategic implications on the Iranian nuclear program. Perhaps it set it back 18 months. Perhaps it set it back two years.”
The threat of intellectual property, however, is all too real, Alexander said. Hackers from China and elsewhere are getting away with U.S. proprietary information in what the general called the greatest transfer of wealth in history.
“That’s our future disappearing in front of us,” he said.
And the longer the country goes without solid authorities and laws on information sharing, the greater the chance of an overreaction when something bad does happen, Alexander said.
“This cybersecurity legislation coming up is going to be absolutely vital to the future of our country,” he said.

Topics: Business Trends, C4ISR, Cybersecurity, Defense Department, DOD Leadership, DOD Policy, Homeland Security, Infotech, Infotech

Comments (0)

Retype the CAPTCHA code from the image
Change the CAPTCHA codeSpeak the CAPTCHA code
Please enter the text displayed in the image.