NSA Director: Information-Sharing Critical To U.S. Cybersecurity

  /     /     /  
Publicated : 22/11/2024   Category : security


NSA Director: Information-Sharing Critical To U.S. Cybersecurity


NSA Director and U.S. Cyber Command chief Gen. Keith Alexander discusses challenges to protecting U.S. interests in cyberspace



Information-sharing and visibility into the threat landscape are vital for the public and private sectors to defend cyberspace, National Security Agency Director Gen. Keith B. Alexander told an audience at The Georgia Tech Cyber Security Symposium yesterday.
The key to this is crafting legislation that protects privacy while facilitating sharing between intelligence agencies, Internet Service Providers (ISPs), and critical infrastructure, explained Alexander at the two-day event at Georgia Tech University.
We dont need to read communications, he said. We just need the Internet Service Providers and the companies to say, …you told me to tell you if I saw this coming, I see this coming, I can tell you at network speed, and I can do it in a metadata-like format that eliminates the privacy information and gets you what you need to protect the country and what we need to protect our civil liberties and privacy.
We can do both, he said.
Key to this, he said, will be both liability protections for businesses that share information – a sticking point in conversations about cybersecurity legislation during the past year – as well as the development of standards.
Where this gets really hard, is when we say now we want to set standards and reporting vehicles, Alexander said. The first thing everyone gets nervous about is you are going to set up a framework thats going to be a bureaucratic nightmare.
The
Executive Order on cybersecurity
signed last month by U.S. President Barack Obama is a good first step in addressing this issue because it allows the government to start working with industry sectors to develop the best approach for getting them to the right level of network security as well as incentivize improvements, Alexander said.
Protecting critical networks also means developing true situational awareness in cyberspace, but that remains elusive, he said.
Youve got to see what’s going on in the network to understand what the adversary is trying to do to you, he noted. Right now we defend it by saying I think they are going to come in here, I have a way of patching vulnerabilities Ill do that and wait and see what happens. Most of the folks who get into the networks are in there for six- to nine months before theyre discovered. I would suggest to you all thats not a great way to secure your networks.
Further complicating the issue is that many organizations do not have defensible architectures, he said.
The Defense Department has 15,000 enclaves, he said. Each one separately guarded, each one administrated by a group of folks, and each one then applies patches based on the needs of that one that are pushed out through a whole mechanism that takes forever in cyber-terms.
When you think about why does it take so long, well Im not sure how its going to impact this system; were going to do this, and then Ive got to do this…its because of our architecture.
Closing the exploitability window – the time period between when an exploit for a vulnerability is discovered and a patch is deployed – is key for security, he said.
You want to make that time zero, he said. Weve got to come up with an architecture that does that. I think thin virtual cloud is a step in that direction.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NSA Director: Information-Sharing Critical To U.S. Cybersecurity