Better English-Language Outreach

The use of artificial intelligence is both a pro and con for law enforcement, Joyce said.

“One of the first things [bad actors are] doing is they’re just generating better English language outreach to their victims [using AI]—whether it’s phishing emails or something more elaborative,” he said. “The second thing we’re starting to see is … less capable people use artificial intelligence to guide their hacking operations to make them better at the technical aspect of a hack.”

But Joyce said that “in the near term,” AI is “absolutely an advantage for the defense,” as law enforcement officials are using AI to get “better at finding malicious activity.”

For example, he said that the NSA has been watching Chinese officials attempt to disrupt critical infrastructure, such as pipelines and transportation systems, in the United States.

“They’re not using traditional malware, so there’s not the things that the antivirus flags,” Joyce said.

Instead, he said they’re “using flaws” in a system’s design to take over or create accounts that appear authorized.

“But machine learning AI helps us surface those activities because those accounts don’t behave like the normal business operators,” Joyce said.

‘Hacktivists’ Role in Israel-Hamas Conflict

Joyce said one of the biggest challenges for cybersecurity officials is understanding who is conducting cyber attacks and why. For example, while cyber officials have been seeing an uptick in “hacktivists,” or hackers who are activists, they’ve been seeing more foreign governments backing them and posing as them.

“The Israel-Hamas conflict going on right now—there’s a tremendous amount of hacktivist activity, and we see it on both sides of the equation,” Joyce said. “But the interesting piece in some of this is the nation-states are increasingly cloaking their activities in the thin veil of activists’ activity—they will go ahead and poke at a nation-state, poke at critical infrastructure, poke at a military or strategic target, and try to do that in a manner that looks to be this groundswell of activist activity. That’s another place where we need that intelligence view into really what’s behind the curtain, because not all is as it seems.”

Unclassifying Information: ‘A Sea Change’

Joyce said that one of the biggest “sea” and “culture” changes at the NSA is sharing classified information with the private sector.

“We’re taking our sensitive intelligence, and we’re getting that down to unclassified levels that work with industry,” Joyce said, “Why? Because there might be one or two people in a company who are cleared for that intelligence, but chances are the people who can do something about it, they’re the folks who actually are not going to have a clearance.”

Joyce said that the department has decided to shift its stance around sharing in intelligence in part because “what we know is not nearly as sensitive as how we know it” and because “knowing something really doesn’t matter if you don’t do something about it; industry is the first that can do something about it.”

“Americans can and should have confidence in our election system,” Wray said. “And none of the election interference efforts that we’ve seen put at jeopardy the integrity of the vote count itself in any material ways. And so in that sense, people can have confidence.” 

But that doesn’t mean there aren’t threats to the election process, he said, particularly highlighting foreign governments’ desire to meddle. 

“The other part, though, is the chaos, and the ability to generate chaos is very much part of the playbook that some of the foreign adversaries engage in,” Wray said. “And there is the potential. If we’re not all collectively on board, that chaos can ensue to varying levels.”

Wray and Nakasone spoke in a fireside chat moderated by Mary Louise Kelly, host of NPR’s All Things Considered, at the 10th International Conference on Cyber Security, held at Fordham on Jan. 9. Kelly asked how 2024 compares to the 2020 election year.

“Every election as you know is critical infrastructure,” Nakasone said. “We have to be able to deliver a safe and secure outcome. And so when I look at it, I look in terms of both the threat and the technology—but yes, it’s an important year, it’s a presidential election year, and we have adversaries that want to take action.”

Protecting America’s AI Innovation 

Nakasone said that as they look at foreign adversaries and how they are using AI, he noticed that they “are all using U.S. AI models, which tells me that the best AI models are made by U.S companies.” 

“That tells me that we need to protect that competitive advantage of our nation, of our national economy going forward,” he said. 

But that’s not an easy task, Wray added, noting China’s advantage in particular.

“China has a bigger hacking program than that of every other major nation combined and has stolen more of Americans’ personal and corporate data than every nation, big or small, combined,” he said. “If I took the FBI’s cyber personnel and I said, ‘Forget ransomware, forget Russia, forget Iran—we’ll do nothing but China,’ we would be outnumbered 50 to 1, and that’s probably a conservative estimate.” 

Nakasone said that’s why it’s important for the agencies to maintain the United States’ “qualitative advantage.”

“How do we ensure that our workforce is continuing to be incredibly productive?” he said.

Combatting Foreign Adversaries 

In addition to China, Wray and Nakasone highlighted Russia and Iran as threats, even as Russia is occupied with the war in Ukraine. 

“If anything, you could make the argument that their focus on Ukraine has increased their desire to focus on trying to shape what we look like, and how we think about issues because U.S. policy on Ukraine is something that obviously matters deeply to their utterly unprovoked and outrageous invasion of Ukraine,” Wray said.  

In order to combat their efforts to interfere in elections, Nakasone highlighted partnerships between agencies like the NSA and FBI, and the quality of work that U.S. agencies do.

“It will never be having the most people—it’s having the best people and the best partnership being able to develop and deliver outcomes that can address adversaries,” he said.

Calling Out Misinformation and Disruptions

Kelly highlighted a recent poll from The Washington Post that found that one-third of Americans believe that President Joe Biden’s win in 2020 was illegitimate and that a quarter of Americans believe that the FBI instigated the January 6 insurrection. 

“I’m not trying to drag either of you into politics,” she said. “But what kind of charge does that pose for your agencies as you try to navigate this year?”

Wray said it’s important for the NSA and FBI to call out misinformation right away. He highlighted how in October 2020, the FBI called out Iran’s interference efforts ahead of the November elections in an effort to make the messaging less effective.

“We have to call it out when we see it, but we also need in general for the American people, as a whole, to become more thoughtful and discerning consumers of information,” he said. 

The Use of Section 702: ‘A Vital Tool’

In December 2023, Congress gave a four-month extension to Section 702 of the Foreign Intelligence Surveillance Act (FISA), which allows intelligence agencies to conduct surveillance on non-American citizens who are outside of the United States without a warrant. The section has come under scrutiny as privacy advocates and members of both parties said it’s an overreach of government powers.

Nakasone called it “the most important authority we use day in and day out in the National Security Agency to protect Americans.”

He said that the agency uses it to address a number of different threats: “whether or not that’s fentanyl or Chinese precursors [to fentanyl]coming in United States, whether or not it’s hostages that foreigners take overseas, whether or not it’s cybersecurity, in terms of victims that we’re seeing in the United States.” 

Wray said that the section was “a vital tool.”

“This country would be reckless at best and dangerous at worst to blind ourselves and not reauthorize the authority in a way that allows us to protect Americans from these foreign threats,” he said. 

“I think we’re concerned about the same usual suspects in terms of nation states—Russia, Iran, China, each in their own way,” Wray said.

He recalled something another FBI official recently said: “The Russians are trying to get us to tear ourselves apart, the Chinese are trying to manage our decline, and the Iranians are trying to get us to get out of their way.”

“And we’re not going to do any of the above,” Wray said.

The pair described their agencies’ work to address these challenges at a fireside chat at the ninth International Conference on Cyber Security, held at Fordham on July 19.

Nakasone called 2020 “the pivotal year for the nation in cyberspace,” and said it taught him and his agency lessons that they’re applying today.

“We ended 2020 with SolarWinds [a cyberattack], and then we begin 2021 with a number of different instances,” he said, citing the Colonial Pipeline ransomware attack and others. “I know that informed me to think differently about what I should be expecting in the fall of 2022 … I’m thinking about traditional adversaries, I’m thinking about additional tradecraft, I’m thinking about new and unique ways that an adversary might try to disrupt or try to influence our elections.”

Even with Russia’s invasion into Ukraine and efforts there, Wray said they’re still expecting Russia to try and interfere in U.S. elections, and they’re working to prepare for it.

“I’m quite confident the Russians can walk and chew gum,” he said. “We are prepared and postured to counter both.”

He also noted that while some countries, like North Korea, have similar methods to the Russians, they are “differently situated.”

“North Korea, in many ways, is a cyber criminal syndicate posing as a nation state,” he said.

New and Evolving Threats

Wray said the agencies need to be prepared for “hybrid threats,” or those that start online and move into the physical world. He gave the example of how in the lead-up to the U.S. 2020 presidential election, two Iranian nationals led a campaign that aimed to “intimidate and influence American voters.”

The two individuals started by obtaining U.S. voter information from a state election website, before they sent emails where they pretended to be part of “a group of Proud Boys volunteers,” and created a video filled with disinformation, according to an FBI release.

“There was a little bit of hacking, but the disinformation layer that they built on top of that magnified potentially the risk of what would be relatively modest hacking,” he said.

Wray also cited Chinese multi-pronged attempts to interfere with a New York congressional candidate, Yan Xiong, who had previously participated in the Tiananmen Square protests before he became a naturalized U.S. citizen.

“We recently announced charges here in New York involving the [People’s Republic of China]’s efforts to detail a congressional candidate that started with, first, [them trying to]see if they could dig up dirt to prevent the candidate from being elected, and then if that didn’t work maybe manufacture dirt about the candidate, and when that didn’t work, [thinking]maybe we can have this candidate suffer ‘an accident,’” Wray said.

Wray said stopping these types of operations requires a mix of public exposure and law enforcement efforts.

“Most of these operations—if you think of them as influence operations—exposing them is a significant antidote to them,” Wray said. “But we also need some other kinds of disruption operations—arrests….sanctions.”

Dealing with Challenges at Home and Abroad

Wray said that the FBI focused on three main things related to election security: dealing with “foreign, malicious actors” pushing out fake information; investigating malicious cyber actors, both foreign and domestic, who target election infrastructure; and prosecuting federal election crimes ranging from campaign finance violations to voter fraud to violence.

“I think the first thing people need to be clear is we’re not the truth police,” he said. Their role is “targeting foreign and domestic malicious actors,” he said, and investigating federal election crimes and threats of violence.

He noted that violence, in any form, would be something the FBI would take action against, particularly the “alarming rise” of threats of violence against election workers.

“The idea that they would become targets of threats of violence is totally unacceptable,” he said.

Wray said that the attacks on the Capitol on January 6, 2021, were “a manifestation of another phenomenon, which is deeply troubling.”

“There are way too many people, in this country and to some extent, other countries, who are choosing to manifest their ideological, political, or social views through violence … in the case of January 6, [it was]that plus an effort to interfere with one of our most sacred constitutional processes,” he said. “There is a right way and a wrong way to express your views under our First Amendment, and violence and destruction of property, violence against law enforcement, that’s not okay. That is not First Amendment activity.”

Partnering with Each Other and the Public

He encouraged members of the public to play their role in helping protect the sacredness of elections.

“The best defense against malicious, foreign interference, all the way to something like a January 6th, is an enlightened, thoughtful public,” he said.

Working with the private sector, academic institutions, and members of the general public, in addition to collaborating with each other, are essential for both agencies, the directors said.

“What I learned in 2020 was the power of being able to engage with academic institutions and the private sector, with people that actually have this expertise that are looking at either ransomware or influence operations,” Nakasone said. “We bring the foreign insights of what the adversary is doing, the tradecraft, the techniques that they’re utilizing outside the United States.”

Wray said that today, all of the FBI field offices have “private sector coordinators” who lead their partnerships with local organizations and institutions.

Nakasone said that these kinds of relationships are not just beneficial for agencies like the FBI and NSA, they’re beneficial to members of those organizations too.

“It’s our insights on foreign intelligence—that’s something that the private sector just relishes,” he said. “The second thing is talent. When you’re on the other end of the line, you’re talking to an analyst from the U.S. Cyber Command and the National Security Agency. You’re talking to someone that is incredibly talented in terms of what they’re seeing, what they understand, the perspective of what they bring.”

The funding will further establish the center as a go-to for those looking to advance in the field, said Hayajneh.

“I look forward to advancing the role of the FCC as a leader in cybersecurity education and research inside Fordham and beyond,” he said.

The grant amounts to $300,000 and it will support the FCC in outreach activities with the defense department and other academic institutions.

The first initiative will support an FCC-hosted four-day clinic for cybersecurity educators to research mobile security on iOS and Android operating systems. Through lectures and hands-on exercises, the participants in the clinic will perform penetration testing on the security of mobile operating systems to expose the vulnerabilities that exist in mobile applications.

In the second initiative of the grant, scenario-based exercises and simulation materials will be provided online to cybersecurity educators in colleges and universities to incorporate into their curricula. 

The purpose of both initiatives is for Fordham to develop and share its expertise in the hopes of supporting the growth of cybersecurity education and the field’s workforce.

“We are also going to present this material in NSA and DoD conferences and workshops, which will strengthen Fordham’s reputation among federal agencies as well,” Hayajneh said.

The grant will help expand the quality and quantity of the national cybersecurity workforce, said Hayajneh. One of the main challenging issues in educating cybersecurity professionals is the availability of affordable and advanced hands-on experiments that can be integrated into cybersecurity curriculum. This grant will address this issue by designing affordable and advanced hands-on experiments for key challenging Knowledge Units for Centers of Academic Excellence in Cyber Defense Education (CAE-CDE)/ CAE-2Y and CAE-CO.

An additional central goal is to design the lab environment and the hands-on experiences to be easily replicated and adopted by other designated CAE-C institutions and other cybersecurity institutions.

The FCC was established with three primary goals: to manage, lead, and advance cybersecurity through educational programs, research, grant work, events, and community outreach.

“We are now starting to see the fruit of the support the FCC has received from the administration, faculty, and students,” said Hayajneh, who is also an associate professor in the Department of Computer and Information Science at Fordham. “I would like to think of this as a great first step for many more grants to come.”

This latest NSA grant exemplifies Fordham’s developing expertise in the cybersecurity field, said Eva Badowska, Ph.D., dean of the Graduate School of Arts and Sciences (GSAS). The University offers an interdisciplinary master’s in cybersecurity through GSAS and other cyber-related disciplines and departments within the Gabelli School of Business’ Center for Digital Transformation, Fordham Law’s Center on Law and Information Policy, and the FCC.

The NSA designated Fordham as a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) in March 2017.

“We are now recognized as a federal training ground for cybersecurity,” said Eva Badowska, Ph.D., dean of the Graduate School of Arts and Sciences.

While GSAS offers a master’s in cybersecurity, Badowska said that it is important to note that the designation is for the entire University, which has expertise in cybersecurity across disciplines and departments: from the Gabelli School of Business’ Center for Digital Transformation to Fordham Law’s Center on Law and Information Policy to the Fordham Center for Cybersecurity.

She said that the new designation will attract federal workers, police officers, and students wanting to work in government to  Fordham’s programs. It will also make the University and researchers eligible for federal grants aligned with cybersecurity.

“But in order to achieve this we had to show that the entire university could demonstrate its expertise and we had to incorporate it into our own cybersecurity structure,” she said.

Badowska applauded Fordham IT for fast-tracking a University cybersecurity strategy originally set to roll out over a two-year period. By December of last year, the department had shifted gears and developed a new framework based on the requirements needed for the NSA/Homeland Security designation.

“This certification required that we have the framework and a more contemporary plan than we had, so it really helped us leverage things we need to do with best practices,” said Frank Sirianni, Ph.D., vice president and chief information officer.

Jason Benedict, GSAS ’16, associate vice president and chief information security officer, said that while most in the University community are aware of cyber threats, the intense media focus has helped IT make the case for ramping up cybersecurity University-wide.

“The confluence of media attention on the elections, cyber intrusions, and data breaches are common in everything we read, it makes it much easier to explain why change is necessary,” he said. “We know that there will be some growing pains.”

In addition to structural changes on campus, the designation required community outreach. In what Benedict referred to as “road shows,” Fordham experts fanned out across the Bronx to give lectures in cyber hygiene to high schools, senior centers, local fire houses, and community colleges.

Academically, the University had to produce peer reviewed papers by professors researching the subject, show evidence of collaboration with other higher education institutions, and prove that its curriculum was aligned with NSA/Homeland Security requirements, said Thaier Hayajneh, Ph.D., associate professor of computer science and founding director of Fordham Center for Cybersecurity.

“We have the master’s program and the International Conference on Cyber Security (ICCS), and now we have the designation—this will open for us a new future for research, outreach, and education,” said Hayajneh.

Dorothy Marinucci, associate vice president for presidential operations, organizes the ICCS with the FBI. She said meeting the tight CAE-CDE deadline and the swift approval bode well for future collaboration. With cybersecurity initiatives happening across the University in various schools and departments, she said that the effort makes way for a “potential model for future collaboration on a regular basis.”

“We’re at the forefront of something very exciting,” she said.

That was the consensus of a panel convened on July 27 by veteran journalist Ted Koppel at Fordham’s Lincoln Center campus.

“Lights Out: The Critical Infrastructure of the Power Grid,” was the final panel of the second day of the 2016 International Conference on Cyber Security (ICCS). In addition to Koppel, it featured Keith Alexander, former director of the National Security Agency, and Steve Hill, political counsellor for the United Kingdom’s Mission the United Nations.

Koppel, who delved into the issue in Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath (Crown, 2015), lamented that in the aftermath of 9/11, the country spent close to $3 trillion and started two wars, with the goal of defeating terrorism. But even after the 2003 Northeast blackout, which showed how much damage a major blackout could cause, and blackouts in the Ukraine and Estonia in 2007, which demonstrated how they could be caused by hackers, it’s barely a topic of conversation.

“There are 3,200 companies in this country, and the largest, biggest and wealthiest have extraordinary defensive capabilities. They are immune to cyber attack though. Quite the contrary. The problem is that all of these 3,200 companies are linked,” he said, noting that a successful attack on the weakest could allow a hacker to infiltrate larger systems.

“You can take out an entire grid, with hundreds of companies, affecting tens of millions of people over a period potentially of weeks or even months.”

At the moment, the best defense against attacks on the infrastructure such as the power grid is the ability to identify the perpetrator, and Alexander said the good news is that the United States improved it’s attribution capabilities by an order of ten times between 2006 to 2014.

“Now, the issue is, it wasn’t at network speed attribution. We can attribute who the offensive player is, but it takes time, and sometimes it can take weeks or a month,” he said.

Concerns about privacy and profits have made power companies resistant to working with the government, and Koppel pointed out that none that were invited to the conference chose to attend.

Alexander illustrated the conundrum by polling the audience, a mix of representatives from the private sector, academia and law enforcement, on whether it is the government’s responsibility to protect privately owned computer networks, the way it would defend against a missile attack, or whether companies should defend themselves. After some consternation, several members piped up that it should be both, a notion that Alexander seconded.

“If you believe it’s both, and that government and industry have to work together for defense, where industry has to reach a certain standard, and government has to have the ability to respond, you also say that they have to share information at network speed.

“We’re not discussing that, but that’s the issue that’s on the table. We have to go further, and the government and industry have to work together.”

#1 University Church Bell Rings for New Pope

After the election, Father McShane appeared on CNN with Christiane Amanpour. He also appeared onCharlie Rose and more recently after the pope’s groundbreaking interview in America Magazine.

Not surprisingly, the bell video was followed in popularity by classic seasonal photos of the Rose Hill campus. Shots of Lincoln Center’s new law school on social media nearly edged out the Bronx campus. And if all the posts about the Rams’ winning season were combined they would’ve defiantly edged out the bell.

So, here’s the breakdown of rest of the rest of the year’s top news and popular content based on a non-analytic method using tweets, re-tweets, likes, and plain old editorial prerogative…

#2 Seasonal Photos of Rose Hill

Rose Hill in the spring, summer, fall, and winter consistently reap the lion’s share of attention on Facebook and Instagram.

#3 Rams Football Winning Season and Homecoming

For the first time in the University’s history, the men’s football team finished the regular season 11-1. Posts about the winning team invariably brought in cheers from Ram fans, old and new. Homecomingalone drew quite a bit of attention, with much of the fun compiled on Storify.

#4  FBI, CIA, and NSA Heads Convene at Fordham

With the nation’s attention focused on issues of cybersecurity and privacy, Gen. Keith Alexander, commander of U.S. Cyber Command and director of National Security Agency, joined John Brennan, FCRH ’77, director of the Central Intelligence Agency, and Robert Mueller, director of the Federal Bureau of Investigation, to discuss the topic for the first time in public.

#5  The New Law School Building

Designed by the world-renowned architectural firm of Pei, Cobb, Freed, the Law School’s new building is quite the sight when viewed from Lincoln Center. With the scaffolding down, the buzz isn’t just coming from the University community. Opera and ballet audiences can be seen pointing and admiring from theater balconies during intermission as well.

#6  Commencement

Commencement is a huge draw online. This year, as always, it was streamed live, but it was also tweeted, facebooked, vined, and storified. The commencement address was delivered by journalistRichard Engel who didn’t mince words when it came to advising students on making hard choices.

#7 Philosopher Earns Fordham’s Largest Humanities Grant

Stephen R. Grimm, Ph.D., associate professor of philosophy, received a $3.56 million grant from the John Templeton Foundation to develop a better understanding of human understanding itself. Grimm’s award was the largest that Fordham University ever received in the humanities. It will fund an interdisciplinary initiative, “Varieties of Understanding: New Perspectives from Psychology, Philosophy, and Theology.” Starting July 1, 2013, the three-year endeavor began to sponsor research, in these three fields, into the various ways in which human beings understand the world.

#8 St. Francis Prep Student Chooses Fordham Over Ivy League

Sal Cocchiaro graduated as valedictorian of St. Francis Prep with a 100.7 average and won $480,000 worth of scholarships from seven Ivy League-caliber colleges. But he chose a full four-year ride at Fordham University. His choice of Jesuit over Ivy landed him a New York Daily News profile and became one of the year’s most popular stories on social media.

Turnout for this year’s Jubilee was an all-time high, with nearly 2,000 Fordham family descending on the campus for programming that encompassed deans’ lectures, museum tours, a Yankees game, class luncheons, frisbee, cocktail parties, the Jubilee Picnic, a gala dinner with dancing, and the occasional jaunt to Pugsley’s, the beloved pizza joint near campus.

#10. Students Help with Recovery from Hurricane Sandy

All spring long, Fordham students and other members of the University consistently volunteered every Saturday to help rebuild the devastated community of Breezy Point following Hurricane Sandy.

#11 “Hail Men of Fordham” Changes to “Hail Rams of Fordham”

With the century-old lyrics of the Rams fight song changed by Father McShane at the President’s Club Christmas Reception, the debate continues as to whether the ewes can rejoice. Many have noted on Facebook and Twitter that a ram is a male sheep. It was an issue that Father McShane tackled head on, noting that ewes sounded too much like “youse,” as in “youse guys”—which sounded too much like Brooklyn for a Bronx-based team.

#12. First Archbishop Demetrios Chair in Orthodox Theology and Culture

Fordham University and members of the Orthodox Christian community celebrated a milestone on Nov. 18 with the installation of Aristotle Papanikolaou, Ph.D., as Fordham’s first Archbishop Demetrios Chair in Orthodox Theology and Culture.

#13. University Church Makes Cover of American Organist

What is it about the University Church that merits two mentions on one list? There’s something about this place that elicits a visceral response from Fordhamites, and sometimes humorous ones too. After this cover shot of the University Organ was posted onto Facebook, “Rameses Ram” cheekily posted, “Of course my subscription [to American Organist]just ran out. Typical.” To which Fordham University Libraries promptly responded, “Problem solved: Go to library.fordham.edu to access the library’s online subscription to The American Organist, available to the Fordham community.”

For the discussion, which will be held from 7-8:30 p.m. at the McNally Amphitheatre, the Center on National Security has also lined up:

Among the greatest threats to national security are cyber attacks that destroy invaluable network infrastructure, according to the United States’ top cyber security expert.

Gen. Keith B. Alexander, head of the U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service, traced the evolution of that threat on Jan. 12 at Fordham.

Until 2007, cyber attacks were limited mostly to criminal efforts—hacking into personal or corporate systems to steal valuable information, Alexander said.

In May of that year, however, Estonia was subjected to distributed denial-of-service attacks over a political issue—the relocation of Soviet graves. The attacks swamped websites of Estonian organizations, including its parliament, banks, ministries, newspapers and broadcasters, temporarily shutting them down.

“That changed our look at cyber security from one of exploitation to one of disruption,” Alexander said in the Special VIP Keynote Address at the third annual International Conference on Cyber Security.

“What I’m concerned about is the next phase—going from disruption to destruction,” he explained. “Every one of these devices that we have—mobile and fixed—can be destroyed by a significant cyber event. We can not let that happen.”

The answer is not to limit the growth of computing technology, which Alexander said brings tremendous social benefits.

Instead, he advocated collaboration between the government, industry, academia and American allies to develop better methods of detecting cyber attacks before and after they occur.

“Cyber defense is mostly reactive. A perimeter defense is established, and when an incursion occurs, we fix the defense, clean up the system, apply the lessons we’ve learned and then wait for the next event,” he said.

“We can no longer look at this as a point defense,” he continued. “This has to be a defense that brings both our offense and our defense together, pools all of that knowledge, and works inside our network to become active.”

Alexander shared some steps taken by the Department of Defense to secure its network, which consists of 7 million devices that are IP addressable and features 15,000 enclaves—segments of internal networks that are defined by common security policies.

“First of all, you have to have an infrastructure that’s defensible,” he said. “With 15,000 enclaves, you can not see them all and you can not defend them all.”

To streamline the department’s network and save on costs, the following goals were established:

• reduce the number of desktop applications by 5,250;
• cut the number of help desks by 50 percent, with the ultimate goal further reducing their presence from 900 to two;
• eliminate 40 percent of data centers; and
• reduce network enclaves by 80 percent.

“Reducing network enclaves will save us 30 percent of our IT budget costs by 2015-2016,” he said. Contributing to that is a 40 percent reduction in system administration costs and $100 million in savings from software licenses.

“Our nation needs those savings,” he said. “These are the kinds of things that we should force through our government to help save money. It’s the right thing to do.”

Alexander admitted that cyber defenders have their work cut out for them. In the past two years, hackers have infiltrated the systems of major corporations such as NASDAQ, RSA, Sony, Citigroup, Lockheed Martin, Booz Allan Hamilton, Mitsubishi and Sony, among others.

“You look at RSA and NASDAQ and they are the gold standard for securing cyber,” he said. “They’re the ones who know they’ve been hacked. What we see is 100 times that number who don’t know they’ve been hacked.

“When the best in the industry are getting hacked, this shows that cyber security has to be a partnership between government, allies, industry and academia. I can’t say that enough.”