Adversaries’ ability to manipulate the content of stored data, a phenomenon that is high on U.S. officials’ radar, is an “emerging art of war in cyberspace,” former NSA director and retired Gen. Keith Alexander told FCW.
The ability of an adversary to manipulate the content of data stored on networks is an “emerging art of war in cyberspace,” former National Security Agency director and retired Gen. Keith Alexander told FCW Oct. 22.
“You can think of it as stealth radar or making planes disappear or appear,” Alexander said in an interview. “And, theoretically, you can do that.”
The former joint leader of NSA and U.S. Cyber Command said altering health records and military intelligence are two forms of data manipulation that he sees on the horizon. On the military front, he offered the scenario of a soldier mapping a battlefield digitally “only to find out that the brigade that you’re focusing on is not really there.”
The phenomenon is on the radar of U.S. intelligence officials. Alexander’s successor as leader of NSA and Cyber Command, Adm. Michael Rogers, and Director of National Intelligence James Clapper have warned that data manipulation is an emerging cyberthreat.
The future might include “more cyber operations that will change or manipulate electronic information in order to compromise its integrity…instead of deleting it or disrupting access to it,” Clapper said in prepared testimony for a House Permanent Select Committee on Intelligence hearing in September.
Alexander described the Office of Personnel Management hack — which compromised the personal information of 22.5 million current, former and prospective federal employees — as an act of reconnaissance that could lay the groundwork for future hacks of federal networks. The OPM intrusion “gives the adversary a lot of insights about government personnel, past and present, and is a way of doing massive reconnaissance on [systems] for future use,” he said.
Creating a viable deterrent
Cyber Command has been fully operational for five years as a sub-unified command under U.S. Strategic Command. Alexander, who was Cyber Command’s first leader, said Strategic Command was a foundation to get Cyber Command off the ground, and it’s just a matter of time before the latter stands on its own.
“Cyber Command’s mission set is unique,” Alexander added. “It should stand alone. It supports all of the other combatant commands.”
He said he does not think NSA and Cyber Command will get separate leaders in the near future. NSA capabilities in encryption and other areas make it integral to Cyber Command’s mission, he said, adding that he has had conversations with U.S. officials in which the conclusion is effectively: “If we separate them, two years later you’re going to put them back together. So don’t waste your time.”
In recent public appearances, Rogers has increasingly mentioned U.S. offensive cyber activity, albeit in vague terms. When asked if officials should be more explicit about the country’s offensive capabilities, whether for the sake of transparency or deterrence, Alexander said telegraphing capabilities would be unwise.
The U.S. government should, however, clearly delineate the military’s responsibilities in cyberspace before an attack occurs so that a response can be coordinated, he added.
Cyber operations are “going to become an area of future conflict,” he said. “We have to be good at it, we have to set up the norms, and we have to create a viable deterrence in that area.”
Alexander also cautioned against the use of personal email accounts for official work. CIA Director John Brennan’s personal account was recently hacked, purportedly by a teenager, and WikiLeaks posted data from that hack online on Oct. 21.
Alexander said he has been the target of hackers and identity thieves. “The reality is [personal email accounts] aren’t secure, so you shouldn’t do anything that deals with mission on those,” he said.