Military’s Cyber Commander Swears: “No Role” in Civilian Networks

Noah Shachtman
Noah Shachtman Former Brookings Expert, Executive Editor - The Daily Beast

September 23, 2010

If your business gets hacked, don’t bother calling the U.S. military’s new Cyber Command. Sure, the unit has some of the government’s top geeks — and is oh-so-conveniently co-located with the network infiltration experts at the National Security Agency. But Cyber Command is too busy trying to shore up the Pentagon’s digital defenses. Plus, they’re not even sure helping your company out would be legal, yet.

“Right now, we do not have a role,” new Cyber Command chief Gen. Keith Alexander tells reporters in a rare on-the-record interview. “Within the United States, I do not believe that’s where Cyber Command should or will operate.”

Changing that, Alexander adds, “is a decision the White House needs to make.”

Of course, it’s often hard to define where one national border begins and another ends on-line. The White House and Congress are both working on legal and policy re-writes which could alter where and how Cyber Command’s forces could wage information combat. Besides, Alexander already has forces that are operating domestically. He’s also the head of the NSA, which today works with American companies to secure their networks.

Debates have raged for years in military and policymaking circles about what a Cyber Command might do: drop logic bombs on adversaries, protect the Pentagon’s networks, seal up civilian vulnerabilities, or some combination of all three. As recently as this spring, Cyber Command officials were floating the idea of helping rescue pwned government and civilian networks, much like the military contributes to disaster recovery efforts like the Gulf of Mexico oil spill.

There’s also been a parallel discussion about how much the military should do to defend utilities, banks, and other so-called “critical infrastructure” that’s in private hands. Deputy Defense Secretary William Lynn recently proposed that the Pentagon establish some sort of hacker-free on-line space for these industries. The companies could opt to join, or they could face the “wild wild west of the unprotected internet.”

Alexander likes the general outlines of Lynn’s proposal. “So you’re going to have what I’ll call a secure zone, a protected zone to have your government and critical infrastructure to work in this part. And then we have the zone over here where my kids and I talk,” he says.

But Alexander notes that his new military unit couldn’t be a part of that operation. “Cyber Command only works inside the DOD [Department of Defense] networks today, and that’s all our authorities allow us to do — defend and operate within our networks,” he says. “We cannot go out.”

Well, except when they can.

Alexander adds that his command “stand[s] ready to execute the full spectrum of cyber operations on command. And stay prepared to defend our nation’s freedom of action in cyberspace.”

“In an area of hostilities, under an execute order, we could be given additional authority,” he continues. And if directed, Cyber Command could “help DHS defend their networks,” as well.

Then there’s the funny paradox that comes from Alexander running two organizations at once. His 1,000-person, $150 million-a-year military unit may be not currently be allowed into civilian U.S. networks, but his hush-hush (and much, much larger) intelligence agency has been operating inside the American telecommunications infrastructure for decades.

Alexander responds by pointing out that the NSA really is a pair of organizations under one roof. “Remember, NSA has two functions,” he says. There are the eavesdroppers in the signals-intelligence directorate. And there’s the information-assurance directorate, the guys who make sure government (and sometimes corporate) networks systems are hacker- and eavesdropper-free. (That’s why a small handful of observers have called for the NSA to be split in two.)

But the lines between the two halves of the NSA — and between Cyber Command and the NSA — aren’t always so bright. Alexander says that his two organizations will draw on one other’s expertise. “We couldn’t afford to replicate an NSA to do what we’re doing. It’d be fiscally irresponsible,” he says. “So, from my perspective, it’s a good deal. Plus, I didn’t have to move out of my office.