Update: Senate confirms Alexander as chief of U.S. Cyber Command

The U.S. Senate has approved Lt. Gen. Keith Alexander, director of the National Security Agency, to also head the military's recently created U.S. Cyber Command.

In his new role, Alexander will be responsible for directing operations of the U.S. Department of Defense's military information networks. He will oversee the new command's intelligence-collection activities as well its efforts to develop better offensive and defensive capabilities in cyberspace.

The Cyber Command, or Cybercom, was established last June by Defense Secretary Robert Gates. The command is intended to address growing threats to U.S. military networks from foreign and domestic sources.

Cybercom is part of a broader effort by the Obama administration to bolster overall U.S. civilian and military cybersecurity capabilities. A similar effort is under way on the civilian side, with a newly created White House cybersecurity coordinator overseeing that operation.

Alexander's nomination to the new role had been expected. As head of the NSA since 2005, Alexander, 58, is widely regarded as one of the most qualified individuals to head the new command. In a voice vote Friday, the Senate also approved his promotion to the rank of four-star general.

Alexander's appointment comes at a time when growing cyber threats from overseas, especially China, have led to mounting calls for the U.S. to develop not only credible cyberdefense capabilities but effective offensive capabilities as well.

Alexander has hinted that he is willing to launch offensive strikes against overseas computers that are used in cyberattacks against U.S. critical infrastructure or military targets. In answers to written questions from senators during his confirmation hearing, Alexander indicated his full support for the lawful use of military force for purposes of self-defense.

If a cyberattack were to meet the criteria approved by the president in the U.S. Standard Rules of Engagement, the military would exercise its right to self-defense, Alexander said in his written response. Though it is difficult to mount an effective defense without knowing who is responsible for specific cyberattacks, some amount of mitigation action can be taken even in situations where it is not entirely clear who the attacker is, he said.

"Neither proportionality nor discrimination requires that we know who is responsible before we take defensive action," he said.

Alan Paller, director of research at the SANS Institute in Bethesda, Md., said he welcomed Alexander's appointment and noted that it highlighted a shift to a more active approach to cybersecurity from a more passive stance.

"It will be the catalyst for activities ranging from cyberhuman capital development to deployment of special forces, like cyberteams," Paller said. "There is a lot riding on his success. I cannot think of a better person for the job."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Copyright © 2010 IDG Communications, Inc.

9 steps to lock down corporate browsers
  
Shop Tech Products at Amazon