Air Force Gen. Kevin Chilton of the U.S. Strategic Command warned a House Armed Services subcommittee this week that the country is still vulnerable to cyberattacks, according to a report in the Washington Post.
Chilton noted that the cyberattacks “potentially threaten not only our military networks, but also our critical national networks.”
It’s a story that Congress has heard before.
According to a recent CNN report, experts say major Websites such as the Pentagon and the Central Intelligence Agency are difficult to breach, as are the computer networks of large American banks. But experts concede a successful, large-scale attack on U.S. computer systems could hobble electric-power grids, transportation networks and industrial-supply chains.
We're Not Defended
Chilton agrees. The general first qualified that his command had the limited responsibility “to operate and defend the military networks only and be prepared to attack in cyberspace when directed.” He further emphasized to the subcommittee that he has not been asked to defend most government [non-military] Web sites – or the commercial and public infrastructure networks that keep the nation on the move.
Leaving behind those apparently unaccounted for non-military-but-government Websites, he added that “the broader question is who best could do this for the other parts of America – where we worry about defending power grids, our financial institutions, our telecommunications, our transportation networks, the networks that support them.”
That responsibility of protecting civilian networks currently rests with the Department of Homeland Security, Chilton noted.
But all that may change because at this critical time, a presidential-chartered study of cybersecurity is underway. The preliminary report from that study is expected next month.
Asked whether Homeland Security’s cyber role could fit under his command structure, Chilton qualified, that it did not fit today, but that may change after the 60-day review is completed.
In reality, government computer networks confront and defeat millions of attempted intrusions every day, Internet-security experts say.
The U.S. Department of Homeland Security created a National Cybersecurity Center this year to coordinate federal cyberdefense efforts and quicken responsiveness.
However, a recent Homeland Security Department intelligence report, obtained by The Associated Press, concluded that there are no effective means to prevent a coordinated attack on U.S. Web sites.
“When it comes to our government IT security, we're pretty strong in protecting against [attacks],” Homeland Security spokesman William R. Knocke told CNN. “But I wouldn't say ... we’re 100 percent impenetrable.”
Operational control over defending military networks or launching a cyberattack against an enemy is currently the bailiwick of Lt. Gen. Keith B. Alexander, the head of the National Security Agency (NSA).
NSA, according to Chilton, already has a role in information security, and the agency’s support “has been instrumental in our efforts to operate and particularly to defend our networks.”
Combining oversight of cyber defense and offense made sense, Chilton said, “because they’re so interconnected. . . . As you consider offensive operations, you want to make sure your defense are up.”
Also, he said, giving NSA those jobs adds the intelligence support the Pentagon needs to defend its networks.
Meanwhile, a comprehensive plan to ensure overall national cybersecurity remains elusive and yet bound up in bureaucracy.
As Internet News reported this week: “Part of the difficulty in shoring up national cybersecurity is the ongoing debate over who is – and should be – in charge of federal cybersecurity.”
That debate came to a head last week when Rod Beckstrom, director of the National Cybersecurity Center, resigned his position, citing the large role of the National Security Agency.
“The National Cybersecurity Center is the only national body created to fulfill the responsibility to protect networks across the civilian, military and intelligence communities,” Beckstrom said. “It is the group responsible for pulling together the composite operating picture and situational awareness across government, and has the only national coordination authority on cybersecurity issues.”
“At present, responsibilities and authority are splintered across a variety of agencies, including the Department of Homeland Security, the National Security Agency and the FBI,” noted Internet News.
“Those agencies operate in extensive partnerships with IT companies in the private sector on the cybersecurity front. Broadly drawn, the relationship has the government spelling out the requirements, and the industry providing the technology.”
During a panel discussion of industry experts on cybersecurity held this week at the National Press Club, representatives of several IT firms emphasized the need for government agencies to embrace a more collaborative, flexible approach to cybersecurity.
They recommended “one that does away with some of the arcane bureaucracy that has made the government famously sluggish.”
© 2015 Newsmax. All rights reserved.