US cyber security general plans online rules of engagement

General Alexander spoke of a dangerous combination of known and unknown vulnerabilities

General Keith Alexander, the commander of US Cyber Command (PDF), has used his first public speech (PDF) to detail his unit's plans in the event of an online attack.

Alexander said that US Cyber Command, which was set up to co-ordinate the Department of Defense (DoD) computer systems, is formulating two sets of rules of engagement for online attack by foreign powers, similar to those followed by other arms of the military.

"We should assume that foreign government actors in cyber space have considerably more resources and motivations than cyber criminals," he said.

"In short, we face a dangerous combination of known and unknown vulnerabilities, strong adversary capabilities and weak situational awareness."

The DoD has more than seven million computers to protect, linked up in 15,000 networks with 21 satellite gateways and 20,000 commercial circuits composed of countless devices and components.

The systems are probed by unauthorised users approximately 250,000 times an hour, or more than six million times a day, according to Alexander.

US Cyber Command is soliciting private enterprise to help support and protect the network, and is recruiting teams to do the job. "Cyber security is a team sport. We can't do this alone," said Alexander.

Alexander was asked about the security implications of IPv6 during the Q &A session after his speech at the Center for Strategic & International Studies. The bulk of US systems still use IPv4, and many have pointed out that this could pose a long-term security risk.

"I think there's a lot of folks looking at the transition from IPv4 to IPv6. I think it's something that we will have to do at some point," he said.

"I think that's still open for discussion, but clearly you're going to have to take some of the benefits of IPv6, [such as] the addressing."

When asked where he stood on the role of privacy in cyber security Alexander, who is also head of the National Security Agency (NSA), said that oversight by all three arms of government is strong and that the law is not being broken.

"Some say the Constitution is not a suicide pact, and I agree, but it's also not something [where] we're just going to throw out our civil liberties and privacy," he said.

"That's how our country was built. We want to ensure that we do our part. My responsibility, as the director of the NSA, is to ensure that what we do comports with law."