Feeds

NSA head confirmed as chief of US cyber command

Cry havoc, and unleash the .mil dogs of war

Combat fraud and increase customer satisfaction

The US government, after some delay, has formally confirmed in post the head of its now-forming military Cyber Command. Keith B Alexander, head of the NSA, has been promoted to four-star general* and will now head the new cyber forces as well as his current agency.

The Cyber Command will be based alongside the NSA, perhaps the world's most powerful crypto and intercept agency, at Fort Meade in Maryland.

The new command, which will be subordinate to US Strategic Command (STRATCOM), was created last June and it was hoped that Alexander would be in post before now. However, in the USA top jobs of this sort must be confirmed by Congress and in this case the legislators took their time. Many expressed concerns over control of the possible offensive capabilities of the nascent US military cyber forces, or worried that they might present threats to Americans' privacy or civil liberties.

Alexander, during his confirmation hearings, stressed that in his view the cyber forces' mission was primarily that of protecting American networks rather than striking at those of others.

“This command is not about an effort to militarize cyberspace,” he said at a Washington hearing last month. “Rather, it’s about safeguarding our military assets.”

Specifically, according to the Department of Defense, Cyber Command will be responsible for securing and policing the .mil domain. The wider .gov domain is the responsibility of the Department of Homeland Security.

“We are pleased that the Senate has moved forward with his confirmation,” Pentagon spokesman Bryan Whitman said in a statement issued yesterday. “General Alexander brings to the job the leadership to stand up this command, and the skills and expertise that will be critical to the new command in dealing with security challenges in the cyber domain.”

The separate US services are setting up their own cyber forces too, and are expected to draw heavily on NSA/Cyber Command expertise and doctrine. The US Navy cyber force is the 10th Fleet; the US 24th Air Force is also in the process of forming up. The cyber airmen have lately announced the creation of a "cyber wings" chest badge to be worn by qualified digital warriors.

Despite Alexander's soothing talk of network defence, there is no doubt that the US cyber forces are also developing the capability to do unto others. One of the main sub-units of the 24th AF, for instance, is the 67th Network Warfare Wing - whose stated mission is to "execute computer network exploitation and attack" as required. It is also worth noting that Pentagon tech agency DARPA is currently developing a "Cyber Range" in which to test-fire the terrible digital weapons of tomorrow.

The NSA probably has some interesting capabilities already. Not everyone always remembers this, owing to its large number of civilian employees and its involvement in crypto standards used almost universally in commercial IT, but the NSA has always been an arm of the US military. Formally it is a "combat support agency" of the DoD. ®

Bootnote

*Full general, as opposed to a mere lieutenant-general (three stars), major-general (two stars - yes, a major-general is junior to a lieutenant-general, it's because once upon a time the rank was sergeant-major-general) or brigadier (one star).

The USA still has five-star generals too, equivalent to the now disused British rank of field-marshal.

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.