While 2011 could be considered the “year of the hacker,” government efforts prevented cyberattacks from having any major effect on Defense Department systems, Gen. Keith Alexander, head of U.S. Cyber Command, told a House subcommittee on Tuesday.
While several loosely organized bands of hackers like Anonymous targeted defense networks and websites, Cyber Command successfully blocked the attacks, Alexander said in testimony before the House Armed Services Subcommittee on Emerging Threats and Capabilities.
Still, cyberthreats remain a serious concern and if anything, the threat has increased over the past year, he said.
“We believe it is only a matter of time before someone employs capabilities that could cause significant disruption to civilian or government networks and to our critical infrastructure here in the United States,” said Alexander, who is also director of the National Security Agency.
The hearing was held to examine Defense cybersecurity and information technology budget. With parts of the defense budget on the chopping block, officials have largely been successful in preventing cuts to cybersecurity and lawmakers at Tuesday’s hearing acknowledged the threat.
Chairman Mac Thornberry, R-Texas, said the danger of cyberattacks is growing “faster than our ability to meet it,” and the subcommittee’s ranking member, Rep. Jim Langevin, D-R.I., said the $33 billion defense IT budget is at risk.
“Whatever work and resources we devote to providing these IT services will be meaningless if the Department cannot secure them,” Langevin said. “Although our awareness of cyber vulnerabilities has sharpened over the last few years, I still believe we don’t fully recognize the potential for damage posed by a breached or disrupted network.”
Several members of the panel questioned the government’s ability to respond to cyberattacks with responsibility divided between several agencies, including the Justice, Homeland Security, and Defense departments.
Alexander told the panel his agency is hoping to finalize policies outlining the rules of engagement for offensive cyberwar in the next few months, but he said the NSA still plays a supporting role for DHS in domestic cybersecurity.
And that is likely the way it should be, Thornberry said after the hearing.
“We try to have the find the most effective way to combat these threats, but you have to make sure that constitutional rights aren’t affected,” he told National Journal. “We’re in uncharted water here.”
The lingering questions of jurisdiction and responsibility may ultimately need to be addressed through legislation, he said, but current proposals don’t necessarily need to solve the problem.
Both the House and Senate are considering broad cybersecurity legislation that aims to increase security for both private and government networks, either through regulation or incentives.