On a scale of one to 10, American readiness to deflect a major cyber-attack on its infrastructure is “around three,” head of the National Security Agency and the US Cyber Command said in a rare speech at a hacker conference.
General Keith B. Alexander was attending on Thursday the Aspen Security Forum at the Aspen Institute, a major cyber-security event held for the 20th time this year.
The general said the US saw a 17-fold increase in computer attacks on its power grids, water utilities and other key facilities between 2009 and 2011. He said criminal gangs, hackers and foreign nations were responsible for the attacks.
The collective blame for the weakness lies with both the government and the IT industry, he said, even though it was the rapid development of technology that put America at cyber risk. He called for the two groups to work better as a team to address the issue.
Alexander advocated the passage of legislation, which would enable the NSA to set security standards for information infrastructure. The general expects “voluntary incentivized [sic] compliance” of those future standards. Earlier some civil rights croups expressed concerns about some of the cyber bills currently under consideration in the Congress over possible adverse effect on privacy they may cause.
As compared to the defensive part, Alexander said the US is “a little bit better” prepared to take military cyber action against possible targets. He said Cyber Command did perform those and that it is up to the president to decide on carrying out such operations.
At the same time he declined to comment on whether the US is behind StuxNet virus, which damaged Iranian uranium-enrichment facilities, and the Flame virus, which was engaged in a major sophisticated spying operation in the Middle East.