On a scale of 1 to 10, US preparedness for a large-scale cyberattack is around 3, Alexander told an audience at the Aspen Security Forum, the New York Times reported.
In response to a question by moderator Pete Williams of NBC News, Alexander declined to comment on whether the US government was involved in the development and deployment of the Stuxnet worm that disrupted nuclear fuel processing at an Iranian facility in 2010.
Alexander urged the Senate to pass the Cybersecurity Act, which he said would give the US government new powers to defend private networks.
Commenting on the general’s remarks, Sen. Joe Lieberman (I-Conn.), a sponsor of the bill, said that a “17-fold increase in the number of cyberattacks, a growing number targeted at our critical infrastructure, is a stark warning that we delay improving our defense at our own peril. Defense of our most critical networks, largely owned by the private sector, is vital to our national security and economic prosperity.”
In response to the New York Times story, Mike Lloyd, chief technology officer at RedSeal Networks, observed that “all infrastructure targets share a common defensive problem: too much complexity. As the attackers move to greater and greater automation, the defenders must do likewise, exhaustively testing their existing network defenses so they can find weaknesses before the attackers do.”