Atlantic Council

From David E. Sanger and Eric Schmitt, the New  York Times:  The top American military official responsible for defending the United States against cyberattacks said Thursday that there had been a 17-fold increase in computer attacks on American infrastructure between 2009 and 2011, initiated by criminal gangs, hackers and other nations.

The assessment by Gen. Keith B. Alexander, who heads the National Security Agency and also the newly created United States Cyber Command, appears to be the government’s first official acknowledgment of the pace at which America’s electricity grids, water supplies, computer and cellphone networks and other infrastructure are coming under attack. Those attacks are considered potentially far more serious than computer espionage or financial crimes.

General Alexander, who rarely speaks publicly, did not say how many attacks had occurred in that period. But he said that he thought the increase was unrelated to the release two years ago of a computer worm known as Stuxnet, which was aimed at taking down Iran’s uranium enrichment plant at Natanz.

When the worm inadvertently became public, many United States officials and outside experts expressed concern that it could be reverse-engineered and used against American targets. General Alexander said he saw no evidence of that. . . .

General Alexander said that what concerned him about the increase in foreign cyberattacks on the United States was that a growing number were aimed at “critical infrastructure,” and that the United States remained unprepared to ward off a major attack. On a scale of 1 to 10, he said, American preparedness for a large-scale cyberattack is “around a 3.” He urged passage of legislation, which may come to a vote in the next week, that would give the government new powers to defend private computer networks in the United States. The legislation has prompted a struggle as American companies try to avoid costly regulation on their networks, and some civil liberties groups express concern about the effect on privacy.

General Alexander said that the administration was still working out rules of engagement for responding to cyberattacks. Because an attack can take place in milliseconds, he said that some automatic defenses were necessary, as was the president’s involvement in any decisions about broader retaliation.

He confirmed that under existing authorities, only the president had the power to authorize an American-directed cyberattack. The first such attacks occurred under President George W. Bush.  (photo: Jeff Chiu/AP)