A top American intelligence official has defended the secretive internet spying programme of the Obama administration, saying it has helped abort several terrorist plots and saved thousands of lives.
"It's dozens of terrorist events that these have helped prevent, from my perspective," Gen Keith Alexander, commander of the US Cyber Commander and Director of the National Security Agency, told Senators during a Congressional hearing.
Responding to questions from Senator Pat Leahy, Alexander yesterday said the National Security Agency collects millions and millions of records and of them dozens of them have proved critical. This includes both domestic and foreign terrorist plots, he said, but refrained from elaborating further.
"I want the American people to know that we're trying to be transparent here, protect civil liberties and privacy but also the security of this country. On the New York City one, the Zazi case, it started with a 702 set of information based on operatives overseas. We saw connections in to a person in Colorado.
That was passed to the FBI. The FBI determined who that was, Zazi, and phone numbers that went to that," he said.
"The phone numbers on Zazi were the things that then allowed us to use the business records FISA, to go and find out connections from Zazi to other players throughout communities, specifically in New York City," he said.
He also said that David Headley, the Mumbai terrorist attack convict, was nabbed through this process.
"I just want to make sure that we're clear on one point. When I say dozens, what I'm talking about here is that these authorities complement each other in helping us identify different terrorist actions and help disrupt them. They complement each other," Alexander said.
He said that in light of the real and growing threats in cyberspace, the US needs a strong Pentagon role in cyberspace.
"While we feel confident that most foreign leaders believe that a devastating attack on the critical infrastructure and population of the United States by cyber means would elicit a prompt and proportionate response, it is possible, however, that some regime or cyber actor could misjudge the impact and the certainty of our resolve," he said.
"In particular, we are not yet deterring the persistent cyber harassment of private and public sites, property, and data. Such attacks have not caused loss of life, but they have been destructive to both data and property in other countries," he said.
The remote assaults last summer on Saudi Aramco and RasGas, for example, rendered inoperable-and effectively destroyed the data on-more than 30,000 computers.
"Cyber programs and capabilities are growing, evolving, and spreading; we believe it is only a matter of time before the sort of sophisticated tools developed by well-funded state actors find their way to groups or even individuals who in their zeal to make some political statement do not know or do not care about the collateral damage they inflict on bystanders and critical infrastructure," Alexander said.
Noting that the United States is already a target, he said networks and websites owned by Americans and located here have endured intentional, state-sponsored attacks, and some have incurred degradation and disruption because they happened to be along the route to another state's overseas targets.
"Our critical infrastructure is thus doubly at risk. On a scale of one to ten, with ten being strongly defended, our critical infrastructure's preparedness to withstand a destructive cyber attack is about a three based on my experience. There are variations in preparedness across sectors, but all are susceptible to the vulnerabilities of the weakest," he said.
