A former leader of the National Security Agency (NSA) told lawmakers Thursday that government agencies working on cybersecurity are too “stovepiped” to safeguard the nation from digital threats.
Retired Gen. Keith Alexander said that the four groups handling cyber issues — the Homeland Security and Defense departments, the FBI, and the intelligence community — are too “stovepiped,” meaning they bottle up information instead of sharing it with one another and across the government.
Alexander, who resigned from his post as head of both the NSA and U.S. Cyber Command in 2014, was responding to questioning from Sen. John McCainJohn McCainEx-NSA head: Cybersecurity agencies don’t share enough information to be successful McCain, Graham tear up talking about their friendship during CNN town hall Graham: We need more of speech Trump, less of tweeting Trump MORE (R-Ariz.) at a Senate Armed Services Committee hearing on Thursday.
“It’s not working,” Alexander said of the government’s organization on cybersecurity. “There are four stovepipes and it doesn’t make sense. If we were running this like a business, we would put them together.”
Alexander suggested that all four groups be brought together under one cybersecurity framework in order to defend the country’s networks and critical infrastructure and respond to cyberattacks.
Before that, he argued, the agencies should participate in “exercises” with Congress, the Trump administration and the private sector to develop a policy and strategy on cybersecurity.
“What you have is people acting independently, and with those seams, we will never defend this country,” said Alexander, who now leads a private cybersecurity firm. He added that industry leaders are “dismayed” about how the government handles cybersecurity.
The senators also heard testimony from two members of the Defense Science Board, a group of roughly 50 retired armed service members, government and industry leaders who give the Pentagon advice on how to solve cybersecurity and technology problems.
Craig Fields, a former Pentagon technology chief, and James Miller, a former undersecretary of defense for policy, pushed back on the notion that the way that the government handles cybersecurity needs to undergo massive reorganization but agreed with Alexander on the need for more integration.
“I’m not convinced that a massive reorganization is appropriate,” Miller said. “I’d be looking toward an integrating body.”
“When we talk to the individual agencies, they don’t understand their responsibilities,” he later observed.
“Rewiring is not the solution,” Fields, who chairs the Defense Science Board, explained. “[That would be] too disruptive, but fundamental change in how it works, absolutely.”
Alexander led the NSA and Cyber Command before his resignation in March 2014 amid controversy over Edward Snowden’s leaks about the NSA’s domestic spying. Current Director Mike Rogers succeeded him.