August 10, 2009 http://www.npr.org/templates/story/story.php?storyId=111742106&ps=cprs
As head of the U.S. Strategic Command, Gen. Kevin Chilton oversees nuclear, space and cyberspace defense systems. Gen. Chilton and NPR Pentagon correspondent Tom Bowman identify sources of possible attacks, and how the U.S. is working to defend itself.
LYNN NEARY, host:
This is TALK OF THE NATION. Neal Conan is away. I'm Lynn Neary, in Washington.
As Americans celebrated July 4th this year, a coordinated cyber attack hit U.S. government and commercial Web sites, including the White House, the Department of Homeland Security, the State Department and the New York Stock Exchange - just one example of our vulnerability in cyberspace. And when it comes to the possibility of nuclear attack, there is constant concern about the nuclear capabilities of countries like China, Russia and now North Korea and Iran, among others, not to mention terrorist groups like al-Qaida.
And then there's space. Could our satellite systems in space be attacked? All this is the responsibility of General Kevin Chilton. As head of the United States Strategic Command, General Chilton oversees our nuclear space and cyberspace defense system. General Chilton joins us in a moment.
Later in this hour: them versus us. Should government be more or less involved in our lives?
But first: What are your concerns about national security and cyber security, specifically? If you want to talk with the head of U.S. Strategic Command, our number here in Washington is 800-989-8255. Our email address is email@example.com
. Or join the conversation at our Web site. Go to npr.org and click on TALK OF THE NATION. General Kevin Chilton joins us here in Studio 3A. Welcome to TALK OF THE NATION.
General KEVIN CHILTON (Commander, United States Strategic Command): Thank you, Lynn. It's a pleasure to be with you.
NEARY: And also with us is NPR Pentagon correspondent Tom Bowman. Good to have you with us, Tom.
TOM BOWMAN: Good to be with you, Lynn.
NEARY: So, General Chilton, as I mentioned, we recently had a vivid example of how our computer systems can be hacked. It didn't do a huge amount of harm this time around, but what about the future? Just how vulnerable are we to a paralyzing cyber attack?
Gen. CHILTON: Well, Lynn, I think - first, we have to take a look at how dependent we are on cyberspace to kind of scope how much we need to pay attention to our vulnerabilities. And I think what we found, particularly in the military, we have particularly dependent on cyberspace for the way we do operations in land, air, sea and space. And so we recognize that dependence, and I would venture to say, personally, I've become dependent on cyberspace in just my daily life, as well as companies, etc., in the United States. So recognizing that dependence, we can anticipate that potential adversaries in the future would look to find vulnerabilities there. And in recognizing that, also, we need to take the appropriate actions, I think, to address those vulnerabilities.
NEARY: What do you define as a cyber attack, first of all? And…
Gen. CHILTON: Yeah. That's a good question. Today, what we're seeing a lot of, as far as intrusions into our military networks, I would not go as far as to say they're attacks, but exploitation or espionage, taking of information today. But what we want to be prepared for is what we saw on July 4th and happened in Estonia and what happened in Georgia, where you saw coordinated cyber attacks that were aimed at the computer infrastructure of those countries or those operations and tried to take away their ability to use their computer networks to conduct operations. That would be more along the lines of an attack, and one that we in the military think about and want to be prepared to counter should that ever happen.
NEARY: Tom Bowman, I want to bring you in the conversation.
BOWMAN: Yeah, General, I wanted to ask you specifically about China. Now, here are a couple of headlines we have here. Wall Street Journal earlier this year: "Wide Cyber Attack is Linked to China." Another from Scientific American two years ago: "China's Cyber Attacks Signal New Battlefield is Online." How much of a threat is there from China?
Gen. CHILTON: Well, Tom, our threats actually span the spectrum from the - what I call the bored teenage hacker, who was really more of a threat back in the late 1990s than they are today - to the criminal element, which is not trivial either, particularly to our society, to the organized nation-state, who may be looking at opportunities either to steal information, as we see happening today, or to the point we just talked about, where they can perhaps conduct an attack in some future conflict.
Attribution is a difficult thing to do in this domain, but it's not impossible. And it's an area that we work hard at and need to continue to work hard at for two reasons: One, if you want to deter that activity in cyberspace, you must convince potential adversaries that you know who did it - or you will know who did it if something bad happens in the future. And that gets to attribution. And secondly, if something does actually happen, you can bet the president's going to turn and say, well, who caused this? So that he can make the appropriate decisions to take actions in the other direction.
So, much more difficult than, say, an airplane that might attack the United States in the cyber domain, but a problem that we have to work.
BOWMAN: But what about China? Clearly, they're putting a great emphasis on this area of cyber warfare. What can you tell us about that, and how worried should Americans be?
Gen. CHILTON: Well, all nations are putting a lot of effort into this…
BOWMAN: Particularly China, by the way.
Gen. CHILTON: China his put a lot of effort into cyber. They've written about openly in their documents, in their military open documents, about how they believe future conflicts will involve conflict in both cyberspace and space. They've written about that, as well. So, you know, if they're writing about it now, they're thinking about and they're certainly making the investments in those areas. So, you know, we're forewarned, and it's - this is an area we need to increase our emphasis on.
BOWMAN: And in any of these attacks you've seen on Pentagon systems, have you seen the hand of the Chinese government?
Gen. CHILTON: Well, Tom, I don't want to go into the attribution piece specifically, here. Let me just leave it at that. It is not as simple as other domains, but it's not impossible. And what I worry about is not any specific country, per se, as I do, writ large, the broad - any attempt to intrude in our networks and take information today or prepare to deny us the abilities to use those networks in time of conflict.
NEARY: When does a cyber attack rise to the level that it requires a very serious response, and what would that response be?
Gen. CHILTON: Lynn, I think that's a key question that is unanswered at this point, and will be one that will have to be answered by our senior leadership -the president and secretary of defense - in time of crises. And there will be the attribution piece. How confident are you that you can attribute the attack? And then we'll have to weigh the effect of the attack. Was it just an attack that affected computer networks? What were the - what are the second and third order effects of that attack? Did it take down your emergency response systems in a city? Did that attack affect power systems that maybe support hospitals, and lives are lost as a result? And so there's a lot of questions that you would ask afterwards to determine what the appropriate response would be for a cyber attack.
NEARY: What's being done to - what's being worked on now to ensure that you will know who to attribute an attack to? How do you - are there systems in place now to determine that? And how is that being worked on?
Gen. CHILTON: Well, I can't go into specifics on what we do to try to solve that problem, but we do pay a lot of attention to the attribution element because we know it will be one of the first things asked of us by the president. Who did this?
NEARY: Yeah. What about the financial systems? I think that's something that a lot of people are worried about, that people could hack into the financial system, bring down the economy in this country and perhaps around the world. What's your role in defending our financial system from those kinds of attacks?
Gen. CHILTON: Great question. There is actually a division of roles between what the Department of Defense does and what I do as - my command does in U.S. Strategic Command, and what the Department of Homeland Security does. At STRATCOM, my command, we are chartered to operate and defend the military networks. So, in computer parlance, that would be the www.mil
, not the www.com
or .net, or even .gov that maybe the State Department uses or Capitol Hill. Those portions of the networks of the United States, that defense of those has been given to the Department of Homeland Security. Now, we support them, and they support us. We share information if they see an attack in the .gov or in some other networks. They share those attack vectors with us. And when we see attacks on the military networks, we share with we see with them so that we can, you know, improve our defenses. But right now in Strategic Command and the Department of Defense, we're focused on the military networks.
BOWMAN: And increasingly so. This is from a speech you made back in February: In a cyberspace domain, here are some obvious things. We are under attack. We are behind. We are reactive. We are not proactive. How do you become proactive here?
Gen. CHILTON: Well, there's three things that we're trying to change in the military - under STRATCOM leadership writ large. In all our services and the way we think about cyberspace, we're trying to change the culture, the conduct and our capabilities.
Culture, of course, is probably one of the more difficult ones. You can't just fix that with investment, but we've grown up with a culture, and I think it's probably true in our personal lives, that cyberspace and our computers are just a convenience. They make life easier.
What the switch we have to make in the military is the realization that we're dependent on cyberspace for military operations on air, land and sea and in space, and we cannot effectively conduct out operations in those areas without the cyberspace domain and our military networks.
So they're not just a convenience, they're a necessity, and that means when you have a problem there, the commander in charge of forces ought to be, whether he's in charge of air, land or sea forces, ought to be very worried about his networks and paying attention to their health, are they defended properly, etcetera.
In the conduct area, we need to do a better job of training people to point out that anybody in the military who's using a computer plugged into a military network is the same as a gate guard standing in front of a base, protecting the gate. And if they don't do their job correctly, they can allow someone to intrude on those networks and steal information or interrupt operations.
So training is part of the conduct change, and then we have to hold people accountable. We haven't done a very good job of that, in my view, for people who don't follow the rules, because we haven't seen it as being that big a deal. It is a big deal, and we know it will be in the future.
And then in a capability area, that's investment in the technologies to make sure our military men and women have the same kind of technologies available that you can invest in to defend and protect your home computer, to include automatic connections to your Internet service provider that can push antivirus software to you as soon as it's made available electronically, so you don't have to go, as we often do in the military, machine to machine with a disk and upgrade the defenses on the computer.
So we need those capability and technology investments, as well.
NEARY: Do you know how many times a day there are attempted - attempts to hack into the Pentagon?
Gen. CHILTON: Well, into the military networks writ large, there's thousands. And it's hard to say are they attempts to hack, or are they just a curiosity, someone going to that site just to see what they can find, or is it malicious attacks? It's hard to parse those until they succeed, but there's thousands attempts a day for unauthorized entry into the military networks.
NEARY: How many times are they successful in a day?
Gen. CHILTON: Well, our job is to make them unsuccessful, and often times it's difficult to prove the negative, but we have had cases where we know we have been intruded on, and that's getting back to Tom's point. We have lost information, and that's important information - not classified, but important to operations.
NEARY: We're talking with General Kevin Chilton. He's the commander of the U.S. Strategic Command, and we'll be taking your calls and emails when we return.
Joining me today is Tom Bowman, NPR Pentagon correspondent. Give us call at 800-989-8255. I'm Lynn Neary, it's TALK OF THE NATION from NPR News.
(Soundbite of music)
NEARY: This is TALK OF THE NATION. I'm Lynn Neary in Washington. We're talking with General Kevin Chilton, head of U.S. Strategic Command. He oversees our nuclear, space and cyberspace defense systems, among other missions.
If you want to talk with him, give us a call. What are your concerns about national security and nuclear weapons or about how we defend ourselves in space and about how this affects you? 800-989-8255, or send us an email. The address is firstname.lastname@example.org
And also joining me today, NPR Pentagon correspondent Tom Bowman, and we're going to turn to the phones now. Let's take a call from a guest in Folsom, California. Hi, go ahead.
Unidentified Man (Caller): Hi, actually, as I'm listening, I have another question now. The first question I was interested in is that okay, so if cyberspace goes down, me as a citizen, can I bypass it so I could carry on my day-to-day life? What are some of your advice?
And then the other question that I thought of, is that, can you guys create a mil-space, where it is only for military use?
Gen. CHILTON: Yes. Well, when we talk - and cyberspace was a broad term to basically define the domain that includes the wires and the computers and the servers and the routers, etcetera. To the caller's first question, he's probably, as I am at home, using the Internet and using the www.com
or .edu or .net to business, maybe with your bank, etcetera, or whatever. And so it would be difficult, I think, to take down the broader Internet, but it may be possible to take down a particular site or service that you're interested in using.
And so here's where, in the Department of Homeland Security, where they need to think about and worry about defending critical infrastructure in the United States of America, our financial systems, our power grids, our transportations, telecommunications systems that are essential to all of our citizens day in and day out.
To the military point, we do have these portions of the cyberspace that we operate in, and the dot-mil, that are both unclassified, that is plugged into the Internet, and we have also classified networks that are more isolated from the Internet. And so we do do our military operations there. And the logic to having a military organization operate and defend those is we know, in time of conflict, that we must have those networks available for everybody else to do their operations in the military.
NEARY: Okay, thanks so much for your call. We're going to go to Mark(ph). Mark is calling from Cambridge, Massachusetts. Hi, Mark, go ahead.
MARK (Caller): Hi. General Chilton touched on this a bit, but it seems that the federal government's cyber-security efforts are very fragmented, in that you've got General Chilton at Strategic Command, you've got Homeland Security, Department of Energy, and even within the Department of Energy, when you start looking at electricity-grid security, you've got DOE and FERC and NERC and all these different people talking about it.
Now, something like the energy grid is clearly a military, as well as a civilian, interest. And I'm wondering first of all, until there's a security czar appointed, and I guess the administration has talked about appointing someone like that, how do you integrate all these efforts, and once a security czar, cyber-security czar is appointed, will General Chilton be reporting to that person, or will there be some kind of a coordinated effort, or will it always between Homeland Security, military, DOE and other groups.
Gen. CHILTON: Mark asked a very good question. The first effort to try to do, I think, from a national perspective and get our arms around this and put some serious funding and organizational construct to this was the National Cyber Security Initiative, which was pushed forward in the last year of President Bush's administration and was carried forward in the current administration.
President Obama just had a - one of his first acts was to have a group get together and take a look at how to go forward, and one of the things they are considering is whether or not to have a cyber czar, and you describe.
And so it will be interesting to see how that works out in the future. Again, Department of Homeland Security has had the rose pinned on them for the broader issues with regard to the nation and to Department of Defense for the military networks.
MARK: And who's in charge of the electricity grid? Because I know the Department of Energy seems to be within their purview, but that would also seem to be a Homeland Security issue.
Gen. CHILTON: It is, but here - you know, here's an interesting point. Who's in charge of the energy grid? A lot of the energy in our country is provided by private companies, and so here's where, you know, you start getting into some issues of maybe why you don't want the Department of Defense doing that type of work directly. But for sure, at the end of the day, regardless of how we organize, and this gets back to your question of who should be doing what. At a minimum, we need to be - we need to have robust information-sharing constructs put in place.
MARK: Presumably, that's what a cyber-security czar would do, I guess.
Gen. CHILTON: I'm not sure exactly what their responsibilities would be, particularly, but I know in the military, what we want to be able to do is share information about - particularly about threats that are coming against any part of the society, because we can anticipate them being brought to bear against us, as well, in the military.
NEARY: All right, thanks so much for your call, Mark.
MARK (Caller): Thank you.
NEARY: Let me read you an email, General, from Brian(ph), also calling from Massachusetts, in Hopkinton. General, could you talk about your international counterparts? Which countries have appointed counterparts to your role in their governments, and which countries are you hopeful will do so in the near future? And do you have enough cooperation with key nations to adequately deal with international threats?
Gen. CHILTON: There are - cyberspace and threats in cyberspace are being taken seriously by all governments around the world. I mean, Estonia, obviously, was attacked, and I've had the opportunity to meet with their minister of defense, as he came over and educated us on exactly what happened and how they dealt with that attack. But many of our key allies and friends as well, beyond Estonia, are also paying close attention to this area. And I think this is an area we can improve our military-to-military dialogue. We already do have dialogues at certain levels with - and I've had dialogues with Australia, had dialogues with the United Kingdom, with France on the cyber-issues, but it's one that we're going to want to again share information with our friends and allies because we don't have the corner on all the knowledge here.
NEARY: All right, let's take another call. We're going to go to Vernon(ph), calling from Oakland, California. Thanks. Hi, Vernon.
VERNON (Caller): Hi, thank you for taking the call. My question is, could somebody, and our people at this time, try to come up with a super-virus that they might be able to introduce, either from a foreign nation or via some operative - foreign operative in the United States, that may be tapping directly into cable. Are there such efforts that you know of that are going on, and is the United States also trying to come up with a super-virus that might disable an enemy upon their attack of the United States?
Gen. CHILTON: Well, I don't know about any super-viruses, Vernon. I would say - in the greater context, remember if a nation-state were to take down, attempt to take down the broader international financial systems or international commerce systems that ride on the Internet, odds are they're injuring themselves as dramatically as they would be injuring the nation they were targeting, whether it be the United States or someone else.
It's possible, and certainly terrorist organizations wouldn't be so concerned about that. And so that's another area of concern you have to think about is those not aligned with a nation-state, you have a lot to lose by the Internet going down, but maybe you have a lot to gain by creating chaos in other countries, is another threat factor we worry about.
NEARY: Yeah. You know, if that kind of chaos were created by our enemies taking down an important part of our social life, really, or our lives, our economic life, for example, which you were talking - we were talking about a little bit earlier, and we touched on this a little bit earlier, but maybe you can expand on this. What is the response?
I think that you have said that - I mean, could a nuclear response be part of that? How aggressive would we be in response to something that we knew was intended to create chaos and to disrupt our lives?
Gen. CHILTON: Yeah, Lynn, I think I might have been misquoted on that previous interview there. What I said in that conversation was, don't - how we respond will be decided by the president of the United States of any attack on the United States of America, and I wouldn't preclude any options for the president ever. I wouldn't take any options off the table for him how to respond.
If I could change the focus of your question a little bit, I think the real trick and the real challenge for us is to make sure we take the appropriate steps today in changing culture, conduct and fielding the right capabilities to make sure that that eventual - that theoretical attack can't be successful against us.
Now, I know, and being a military person, there's no such thing as the Maginot Line or perfect defense. So we have to be able to anticipate how we're going to continue to operate under attack. That's some of the things we learned from Estonia and listening to them, I mean, they were not completely shut down.
They were greatly affected by the attack, but they continued to operate and work through it, and we took some learning points from that, and we need to make sure we're able to - we think about that for the future.
BOWMAN: But what about offensive capabilities? There was a story not too long ago, I think in the Washington Post, about early in the Iraq War, or maybe prior to the Iraq War, there was talk about cyber-attacks on Iraq itself. And that was considered for a little bit, but then it was decided that may be too widespread. It may take down systems throughout the region. And they kind of backed away from doing any cyber-attacks.
Is this something that should be considered? Do you - should build up an offensive capability?
Gen. CHILTON: Tom, I think what we've learned in the history of warfare is that oftentimes the best defense includes a good offense - it's whether that's air, land, sea operations. And I think the same applies here in cyber space.
So I think we do want to develop those capabilities. You don't want to just have a (unintelligible) defensive line that just fends off attacks. In time of conflict, you want to be able to go forward and make them stop, as opposed to just protect yourself from the attacks. So, it's good - I think it's good sense to develop offensive capabilities.
One thing you have to be cautious of, though, is that if you're going to use a particular offensive capabilities, that your defenses are prepared to sustain further attacks, or more sophisticated attacks. Now, clearly, we have to have that in place any way, day in and day out. But it's another calculus that you have weigh in, when you weigh whether or not, you're going to respond to a cyber attack, with a cyber attack or in some other domain.
BOWMAN: But what's the status of U.S. offensive capabilities in the cyber realm? Are they pretty robust now? Does there have to be a lot of work done on this area?
Gen. CHILTON: Yeah. Tom, it's an area I probably can't - shouldn't talk too much about, but it's an area that we're focused on. And - because we recognize that a good defense also incorporates elements of an offensive capability.
BOWMAN: You need a lot more money in this area?
Gen. CHILTON: You know, money - there has been budget requests that went in with the National Cyber Security Initiative - which, if sustained, will be very helpful - but I would tell you, I think our biggest shortfall in this area is in people dedicated to work in these particular missions. Now, I'm speaking for the STRATCOM perspective and what we do in military - defense in the military networks. And so the expertise - and frankly, you know, the services, they organize forces for the combatant commanders to use. So Naval forces and fleets, and Air Forces and wings, and Army forces and divisions and corp - we need to (unintelligible) equivalent, if you will, of forces to support the cyber defense of our military networks.
And the services are stepping up to that. And there's going to be a training element and an organizational element that they'll have to put in place; and we're starting to see that. But not - if I could ask for something today, it wouldn't be the next piece of technology, although that doesn't hurt, it'd be people.
NEARY: All right. We are talking with General Kevin Chilton. He's the commander of the U.S. Strategic Command. And if you'd like to give us a call, the number is 800-989-8255. You can also call us - you can also get in touch with us by email at TALK OF THE NATION at npr.org.
And you are listening to TALK OF THE NATION from NPR News.
And we're going to take a call now. We're going to Dom(ph) calling from St. Louis. Hi, Dom.
DOM (Caller): Hello, good afternoon. Thank you for taking my call. And General Chilton, I'd just like to say thank you very much for your honorable service to our country. And I know we're talking about hacking into the network right now. But I was wondering if you might address a little bit about the consequences of electromagnetic pulse from, say, a rouge state launch of a nuclear - thermo nuclear weapon. There's a lot of those out there, and you know, I was just wondering if you might be able to address that somewhat about - how that might affect our military systems.
Gen. CHILTON: Sure, Dom. And when a nuclear detonation occurs, you're absolutely correct, there's a large electromagnetic pulse that goes out. It's not very long lived, but what we found is that it has a greater effect on some of our high tech microcircuit technology that we've deployed in various things, whether it'd be computers or electronic that supports automobiles, et cetera, et cetera. Good news and bad news. The good news is that it's a finite area that has affected, it's not infinite or global in nature. The bad news is you have to consider this, which is almost the inconsiderable, would be the detonation on nuclear weapon. And the consequences which not only would result from the blast but also from an EMP and what it would have on our electronics systems.
For that reason, we take steps to protect our critical commanding control elements from an EMP blasts, so that we always provide the president the opportunity to command and control his nuclear forces even in that environment. And that's really important.
NEARY: All right. Thanks so much for your call, Dom.
Let's go to Norman. And Norman is calling from Rome, Georgia. Hi, Norman.
NORMAN (Caller): Hi. Thank you. General, you mentioned that the next generation of recruit to the military going to need to be versed in this technology and cyber warfare. I'm an ROTC cadet at Princeton University, what would you ask our generation and the new recruits going into the military to train themselves and equip themselves to better help the Armed Forces in this area?
Gen. CHILTON: Well, first of all, thank you for being in the ROTC and joining the all-volunteer force to serve our nation. You have my highest respect for that. We need skill sets across the board, in the United States military -whether it'd be in cyberspace, air, land, sea operations. And so, I would encourage you to follow your passion of study because whatever you're passionate about is what you'll be best at it and you'll do well at it. And then come on board, and we have great training programs in the military to bring up to speed in a particular expertise that we may lack. But we certainly value, in the space and cyberspace business in U.S. Strategic Command, engineering backgrounds, computer science backgrounds, astronomical engineering backgrounds. And we have places for those type of students in our command, in our supporting commands that are quite vital to our operations.
NEARY: All right. Thanks so much for your call. And let's go to Chuck(ph) who's calling from San Francisco. Hi, Chuck.
CHUCK (Caller): Hi, thanks a lot, Ms. Neary, and good afternoon, General. I'd very much like to see an effective verifiable regime to prevent a space arms race and the revitalization of the nuclear non-proliferation treaty. Are either both of those on the agenda for the current administration?
Gen. CHILTON: Good afternoon, Chuck. Let me talk about space, first of all. And the concept arms race in space - of course, there is a treaty today, a space treaty, that the nations are - the Soviet Union and the U.S. signed up to and many other nations that prevents putting nuclear weapons in space - which I think is a good thing, or putting weapons on other planetary bodies like the moon. And that's about the extent of the treaty, though.
And there's been talk, not new but for many years, about how do you define a weapon in space? I mean, a nuclear weapon is pretty easy to find. I often ask people. I say, well, if I could build a spaceship or a spacecraft that could go up into space, and then let's say I put a chemical arm on it and I could fly it up next to another country's satellite and reach out and pluck the solar rays off, would that be a weapon? They often say, yes. And I remind them that I flew on that. It's called a space shuttle. So, defining a weapon is really, really tough.
NEARY: All right. Thank you so much, general. It was great talking to you today. General Kevin Chilton, commander of the U.S. Strategic Command joined us today. Author Tom Bowman, NPR Pentagon correspondent. Thanks to both of you for being with us.
BOWMAN: You're welcome.
Gen. CHILTON: You're welcome, Lynn. A pleasure.
NEARY: I'm Lynn Neary. It's TALK OF THE NATION from NPR News.