NSA boss: U.S. needs unified cyber-command center

Published 6 May 2009

Head of the secretive NSA tells Congress that the cyber-threats the United States faces require a centralized digital command center which will operate under the U.S. Strategic Command

Worries about cybersecurity have led both civilians and the military in the United States to seek greater centralization and coordination. Legislators want the Obama administration to create a cabinet-level cybersecurity czar position, and the U.S. military wants to create a unified digital command center in Maryland as part of a push to reorganize its offensive and defensive cyber operations. The center would be located at the Army’s Fort Meade and would be a sub-unit of the U.S. Strategic Command, Lieutenant General Keith Alexander, director of the National Security Agency, told a House Armed Services subcommittee on Tuesday. The center’s mission would be to protect the US military computers by blending offensive and defensive capabilities of the Pentagon and the NSA.

Dan Goodin writes that the plan — or, rather, idea — to put the ultra-secretive NSA in charge of protecting the U.S. critical infrastructure has come under fire from security experts inside and outside the government. Alexander has since taken pains to assure critics that his agency does not want to run or operate civilian networks. On Tuesday, he renewed those efforts, saying the NSA wanted only to use its expertise to provide technical support to DHS. “So if we develop something we’re going to use for the Defense Department, it makes no sense for [DHS] to develop the same thing,” he told The Washington Post. The Post’s article, though, also says that such a partnership would be fraught with ethical and national security questions. What, for instance, should the NSA do if it discovers particularly malicious code in the wild? Sharing it with private industry would help protect U.S. infrastructure, but it could also strengthen the hands of adversaries.

Goodin says that Alexander’s larger point remains well taken: Cyber security training in the U.S. forces is inadequate and needs to be improved. His comments come as the White House prepares to release results of a 60-day review of cybersecurity recommendations made to the Obama administration. Additional coverage of Alexander’s remarks are here and here.