Technology

Spy chief: ‘We’re not ready’

by Julian Hattem 02/27/14 11:58 AM ET

The head of the National Security Agency (NSA) on Thursday pleaded with senators to pass legislation to protect the country from cyberattacks.

Gen. Keith Alexander, who also serves as the head of the U.S. Cyber Command, told the Senate Armed Services Committee that the country needs a “reset” in terms of how it thinks about cyber threats.

“I think we have to get on with cyber legislation,” he said.

{mosads}“Those attacks are coming, and I think those are near-term and we’re not ready for them. The nation needs an agency like NSA with its technical capabilities to help ensure that we can evolve to that future space to where we need to be.”

Cyberspace, he said, “is changing so rapidly that our policy and laws lag behind it,” which could pose a threat to government and critical networks that are vulnerable to attack.

“We should protect these networks better than we have protected them today, not just within the Defense Department but within our critical infrastructure.”

Lawmakers last tried to push a major cybersecurity bill through the Senate in 2012, but that effort failed. The Cybersecurity Act would have increased cyber protections for critical infrastructure programs like the country’s electric grid and financial networks.

Earlier this month, the Commerce Department released a cyber framework to help critical infrastructure businesses defend against threats, but the guidance is voluntary, and some critics have worried that there are not enough incentives for companies to participate.

“We’ve been kicking around this legislation, cybersecurity legislation, now for several years,” Sen. John McCain (R-Ariz.) said. “Everybody knows we need legislation.”

One of the problems getting a bill through Congress, McCain said, is that the issue cuts across the jurisdiction of multiple congressional committees. He suggested that a select committee could be formed to focus specifically on the issue.

Sen. Angus King (I-Maine) agreed with that idea as a “procedural way” to hammer out the differences between the Judiciary, Intelligence and Armed Services Committees.

“If we have an attack in two or three months from now and we haven’t done anything, we’re going to look pretty dumb around here,” King said, since military and intelligence officials have repeatedly warned about the prospect of a massive cyberattack.

“I think the next Pearl Harbor is going to be cyber and I certainly hope that we’re going to be prepared, better prepared than we were in 1941,” King added.

A select panel, Alexander said, “is one of the things that we should look at.”

“It is evolving quickly and as it will be a phase zero to phase one part of future conflict, we’re going to have to get this right,” he said, referring to the time period in a conflict before military action.