WASHINGTON (Reuters) – U.S. critical infrastructure – which ranges from telecommunications to water to energy supplies – is not well prepared to handle a destructive cyber attack, the top U.S. general in charge of cybersecurity said on Wednesday.
National Security Agency chief General Keith Alexander, making his first public appearance since revelations surfaced last week about U.S. telephone and internet surveillance efforts, made the comments in a statement prepared for testimony before Congress.
“On a scale of one to 10, with 10 being strongly defended, our critical infrastructure’s preparedness to withstand a destructive cyber attack is about a three based on my experience,” Alexander, also in charge of the U.S. military’s Cyber Command, wrote in the statement prepared for the Senate Appropriations Committee for a hearing on cybersecurity.
Alexander said the United States has been and continues to be a target of cyberattacks by foreign nations.
About 90 percent of the nation’s critical infrastructure is owned by the private sector, and therefore is not under the control of the U.S. government or military.
While he made no mention of the leaks about NSA surveillance programs, Alexander said it was vital to have a strong Defense Department role in cyberspace in light of what he called real and growing threats.
“While we feel confident that most foreign leaders believe that a devastating attack on the critical infrastructure and population of the United States by cyber means would elicit a prompt and proportionate response, it is possible, however, that some regime or cyber actor could misjudge the impact and the certainty of our resolve,” he said.
Alexander told the Reuters Cybersecurity Summit last month that the United States was increasingly vulnerable to attacks like those that destroyed data on tens of thousands of computers in Saudi Arabia and South Korea in the past year.
(Reporting by Deborah Charles)