The past strategy of waiting and reacting to cyber intrusions has not effectively protected the U.S. from attacks, U.S. Cyber Command (USCYBERCOM) head Gen. Keith Alexander said in a speech at the InfoWarCon 2011 conference on Sept. 13.
"What's been going over the last few years in the networks is the greatest theft that we've seen in history," Alexander said. "What we're losing in intellectual property is astounding."
Pointing to an unnamed company that had recently lost $1 billion worth of technology in an attack, Alexander, who took command of USCYBERCOM when it began operating in May 2010, said that the past approach to confronting attacks needs to be reconsidered.
"Perhaps it's our strategy that's broken, and that's what we believe in the Defense Department," he said.
"In cyber space, if you put these walls up, you do that and you wait for something to happen," Alexander said. "And then when it happens, historically our forensics teams find out that it's been going on for several months. The intrusion has been in there for a while, and we're dismayed. We grab the network administrator and the network defenders and we bring them out and publically beat them, and then they say they will do better, and we don't give them the tools to do that, when the reality is that they're doing everything they can with what we've given them."
Alexander said that a more active defense scheme needs to be employed to detect intrusions faster. "The active defense is where we have to go," he said.