Gen. Keith Alexander, director of the National Security Agency, said more information sharing between government and industry would not lead to snooping on private emails. (Sgt. 1st Class Robert Hyatt / Army)
One of the government’s top spy chiefs on Monday called for Congress to pass cybersecurity legislation that would promote more information-sharing between industry and government. But countering criticisms from civil liberties advocates, he said more information sharing would not lead to the government snooping on people’s private emails.
“When we talk about information sharing, we are not talking about taking our personal emails and giving those to the government,” Army Gen. Keith Alexander, director of the National Security Agency, said in an address before the American Enterprise Institute. Cybersecurity can be carried out while protecting privacy and civil liberties, he said.
Alexander did not highlight a specific cyber security bill — of several that are pending on Capitol Hill — that he favors.
Alexander, who also heads U.S. Cyber Command, said that in the event of a cyber attack against critical infrastructure, such as a power grid, he would want the company operating the grid to notify the government of the attack. The government would work with Internet service providers and relevant companies to get details about the source of the attack, or the unique Internet protocol address of the device that launched the attack and the address of the device being attacked.
Companies would share with the government so-called threat signatures — or characteristics of the attack — not personal emails, Alexander said. If the attack, for example, was launched as a malware-infected email, the government would only require details on the malicious emails, not access to legitimate emails, he said.
Alexander said he envisions the information being shared automatically, not through a manual process. Defending the country in cyberspace is going to take real-time capabilities and information sharing, he said.
Alexander denied reports that NSA’s planned $1.2 billion Utah Data Center, due to be completed September 2013, will store data on American citizens.
“That’s baloney,” he said, but he declined to give further details about operations at the center. “We need the American people to know that that’s not true.”