Witnesses say coordination lacking against cyberattacks

A panel of defense information technology and intelligence officials told a House Armed Services panel Tuesday that it will take a tightly coordinated team effort by the military, the other federal agencies and the private sector to secure the nation's vital information networks from cyberattack. But, they conceded, there are no plans or processes in place to ensure that unified effort.

Army Lt. Gen. Keith Alexander, director of the National Security Agency, said expanding information technology capabilities present "great opportunities and great vulnerabilities. That is the reason we have to work as a team. The way we are working today does not work."

Top information technology officials from the three services and the Defense Department described how vital IT networks are to the military's operations, with two of them calling cyberspace "a critical enabler for the warfighter."

They also described the concerted efforts they are making to secure their networks, to build a trained workforce and to develop the coordinated effort required.

But under questioning from House Armed Services Terrorism Subcommittee Chairman Adam Smith, D-Wash., and panel members, they agreed that their efforts were incomplete.

"I would like to say our networks are secure," Alexander said. "That would not be correct. We have vulnerabilities."

The biggest gap the official cited was in the coordination between government and the private sector, which can have divergent requirements.

But there are barriers between the Defense Department and the civil agencies, with the Homeland Security Department struggling to build a united effort.

Rep. Mac Thornberry, R-Texas, questioned whether there was any legal or policy structure on which to build cooperation.

Alexander said the administration has ordered a 60-day review of that issue, which would seek to set up the national leadership structure and establish the military's role and the partnership with industry.

"We have to have a legal framework, but we have to have an operational framework," he said.

Some elements of the private sector can easily shield themselves from cyberattacks, but the banking industry and the electrical grid are more vulnerable, the officials said.

To successfully fend off a serious cyberattack, the government, the private sector and even international partners must be able to share information of possible intrusion "at the speed of light," Alexander said. Developing that seamless partnership "will take some work."