Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/20/2011
04:09 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

NSA Chief Plays Offense on Cloud, Cybersecurity

Cloud has become a key part of the NSA's IT strategy, said Gen. Keith Alexander. Coming soon: A DOD offensive strategy for responses to cyberattacks and threats.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
Cloud computing will make the intelligence community more secure and efficient, NSA director and U.S. Cyber Command commander Gen. Keith Alexander said Thursday.

In a speech in Baltimore before security professionals and a subsequent interview with InformationWeek and other media, Alexander touted the cloud as a key part of the intelligence community's IT strategy.

He said that cloud computing--his remarks indicated that he was largely speaking about private cloud computing--will help deliver better information to soldiers and intelligence professionals where and when they needed it, cut costs, and at the same time provide the NSA and Department of Defense with better insights into its networks, since consolidation is one prerequisite of a robust cloud strategy.

"When you think about the cloud, look at what Google, Amazon are doing with the technology," he said. "It's absolutely superb. We need to go from our legacy databases to the cloud."

Security, Alexander acknowledged, is a key concern in the cloud, but he said that the cloud also brings advantages in terms of what he termed "collapsing the enclave." Today, he said, the military and Cyber Command often have too little insight into what is going on in isolated and segmented military and intelligence networks to understand if they are in fact secure. A broader cloud infrastructure, he added, would both enable his organizations to get a better end-to-end view of their networks and be able to put security measures and virtual segments in place to maintain security.

Alexander also championed cloud computing as an example of a technology that will help the DOD fulfill its IT efficiencies requirements, part of major wider push to make the DOD more efficient in order to reinvest money elsewhere in the military. Other initiatives there include thin clients.

In addition to his remarks on cloud computing, Alexander also gave an update on Cyber Command and the latest cybersecurity threats, noting that the DOD would soon have new strategic guidance and rules of engagement for the cyber world that include an offensive cyber strategy for "reasonable, proportional responses" to cyberattacks and threats.

The DOD has already put out its initial operational guidelines, but that will soon be followed additional doctrine from the Joint Chiefs of Staff and then Cyber Command, Alexander said. "We are working on a set of rules for cyber," he said. "The laws of armed warfare do apply."

An offensive strategy that would inform decisions like when and how to go after botnets will likely be part of the broader doctrine, Alexander said. "The advantage is on the offense," he said, adding that part of the question is who will play that role. "Is it the FBI? Is it the NSA? Is it the military or is it the Internet service providers? Somebody can turn that off."

Alexander also said that he is continuing to push for better information sharing between the government and private sector, particularly of sensitive cyber information, and said that information sharing processes are being examined as part of a pilot with defense contractors.

Our annual Federal Government IT Priorities Survey shows how agencies are managing the many mandates competing for their limited resources. Also in the new issue of InformationWeek Government: NASA veterans launch cloud startups, and U.S. Marshals Service completes tech revamp. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
10/25/2011 | 1:37:35 AM
re: NSA Chief Plays Offense on Cloud, Cybersecurity
I am curious as well to hear about some of the rules for cyber warfare that he is talking about towards the end of the article. With attribution being much more problematic online as opposed to the physical world where we can see much more clearly who fired a missile, how do we respond as a government to a cyber-attack?
Brian Prince, InformationWeek contributor
JBURT000
50%
50%
JBURT000,
User Rank: Apprentice
10/23/2011 | 3:56:52 PM
re: NSA Chief Plays Offense on Cloud, Cybersecurity
The emergence of intelligent agents like Watson and Siri will increase the desire for data.
GPS000
50%
50%
GPS000,
User Rank: Apprentice
10/21/2011 | 10:52:15 AM
re: NSA Chief Plays Offense on Cloud, Cybersecurity
Interesting to note defense chiefs and intelligence analysts feel moving sensitive data and information onto the cloud will help improve efficiencies and enhance security of defense and military organizations.Just viewed an informative video, Technology Benefits of cloud computing focusing on operational efficiencies and cost savings offered by cloud computing, @http://bit.ly/pY4d6k
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19631
PUBLISHED: 2020-01-24
An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. A read-only user can ac...
CVE-2020-5219
PUBLISHED: 2020-01-24
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the appli...
CVE-2019-18900
PUBLISHED: 2020-01-24
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions p...
CVE-2020-7226
PUBLISHED: 2020-01-24
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
CVE-2012-6302
PUBLISHED: 2020-01-24
Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox.