Extending the government and military cyber security programme to critical civilian infrastructure is one of the top challenges facing the US, says General Keith Alexander, commander of US Cyber Command.
Extending cyber defences to the critical national infrastructure is one of five pillars of the US Department of Defense (DoD) cyber strategy, because of government and military reliance on that infrastructure.
But the process has to involve a public-private relationship, he told delegates at the RSA Conference 2011, echoing a presentation earlier in the week by US deputy secretary of defence, William Lynn.
Alexander, who is also director of the US National Security Agency and chief of the Central Security Service, said while the process would be private sector led, the military would be able to provide state-of-the-art cyber security intelligence.
"The internet has brought tremendous opportunities, but it has also brought vulnerabilties, and the key thing we need to figure out is how to secure that network," he said.
President Obama has identified protecting cyber space as a national security priority, he said. The importance of this had been underlined by cyber attacks in Estonia, Georgia, Lavia, Lithuania and Azerbaijan.
Again, echoing Lynn, Alexander said there is growing evidence that cyber weapons are being developed that are capable of destructive attacks, and history has shown that weapons are seldom developed that are never used.
Tapping into the technological strength of the US is another pillar of the DoD cyber defence strategy.
"The US is an innovation nation, and with the talent we have here, I believe we can build a better cyber security capability that preserves privacy and civil liberties," he said.
The top challenges include developing the technologies required to give complete visibility of networks and defining the exact roles of all stakeholders in protecting national critical infrastructure, said Alexander.
However, he said there is also a need to create public demand for secure technologies, in which the IT security industry has a role, and a need to educate all users of the internet to raise security awareness.
Allied to this, he said there needs to be a greater emphasis on science, technology, engineering and mathematics at school level to help address the shortfall in skills required for cyber defence.
The government and military are doing all they can to build capabilities to defend cyberpace in a full-spectrum and dynamic way to respond to changing threats in order to fulfil another of the five pillars of the DoD cyber strategy, said Alexander.
"But we need the help of industry because cyber security is a team sport that brings together government, industry and international allies," he concluded.