Despite protracted efforts within the federal government to divvy up roles and responsibilities of departments and agencies for defending the nation in cyberspace and investigating cyber attacks, Keith Alexander, former head of U.S. Cyber Command and the National Security Agency, said on Wednesday.

An interagency effort led to an agreement in 2014 that the Justice Department would have the lead role for investigation and enforcement, the Department of Homeland Security (DHS) the lead role for protection, and the Defense Department the lead role for national defense, Alexander, president and CEO of the cyber security firm IronNet Cybersecurity, told the House Homeland Security Committee.

Keith Alexander, CEO of IronNet Cybersecurity and a retired Army general. Photo: IronNet Cybersecurity
Keith Alexander, CEO of IronNet Cybersecurity and a retired Army general. Photo: IronNet Cybersecurity

“The truth is that today, our government agencies appear to be confused by the different terms of protection, incident response, and national defense,” Alexander said in his prepared remarks. He told the committee that despite the earlier effort on roles and responsibilities gave “fairly clear missions” to DoD, Justice and DHS, “words matter, and what I see in those words is there’s a lot of confusion over the different in some of the words in what do you mean by protect, what do you mean by defend, whose responsibility is it and how are we going to work together.”

Alexander said that ongoing efforts to share cyber threat information within the private sector and between the federal are all steps in the right direction but that threat information has to be “shared at network speed so that when this nation is attacked, all the elements of our government are prepared to do their job, which I will tell you from my perspective today, we are not prepared.”

Michael Daniel, who advised former President Barack Obama on cyber security and is president of the Cyber Threat Alliance, described current cyber threat information sharing as “critical enabler” but said, is insufficient by itself for cyber defense.

“Part of the issue is we actually haven’t figured out how do to it right,” Daniel told the panel. “We really haven’t got to the point where we’re doing it at network speed and at scale.” He also said scoring the threat information and giving it context will help “cyber security vendors raise their defenses.”

Daniel’s comments on strengthening the cyber threat data that is shared, is in line with industry officials who testified before one of the committee’s subcommittees earlier this month who said they want information with more context (Defense Daily, March 9). Adding more intelligence around the raw data will allow users to better understand what the next steps should be, they said.