The commander of the military's computer operations says the government should create a "secure zone" for federal agencies, financial networks and critical infrastructure.
Gen. Keith Alexander, director of the National Security Agency, says that must be done carefully so it doesn't affect the millions of people in the U.S. who use the Internet every day.
Finding a way to meet both goals will take time and debate, but is necessary to protect vital systems from the growing threat of attacks from other countries and criminals.
The White House, Congress and industry leaders are at loggerheads over any hint of government control, regulation or influence over the Internet. They are struggling to come up with a solution that protects national security without appearing to limit or monitor people's online activities.
Alexander told a small group of reporters Wednesday evening that federal officials are hashing out how best to conduct cyberwarfare and how to respond to an attack that knocks out banking systems, shuts off electricity or takes control of a nuclear power plant.
"You could come up with what I would call a secure zone, a protected zone, that you want government and critical infrastructure to work in that part," said Alexander, who also testified Thursday before the House Armed Services Committee. "At some point it's going to be on the table. The question is how are we going to do it."
He added that setting up such a system "technically is fairly straightforward. The hard part is working through making sure everyone is satisfied with what we're going to do," and explaining it to the public.
Federal and commercial computer networks are scanned and attacked millions of times a day by hackers, criminals and other countries. Their goals are to steal money, ferret out sensitive data or disrupt and destroy critical operations.
Alexander said the administration's internal discussions are looking at whether federal agencies — including his Cyber Command, the FBI or the Department of Homeland Security — need new powers to take action during computer attacks.
As much as 85 percent of the nation's critical infrastructure is owned and operated by private companies, from nuclear and electric power plants to transportation and manufacturing systems.
In his session with reporters at the National Cryptologic Museum in Fort Meade, Md., home to some of the country's early computers, Alexander talked at length about the need for government to work with private industry to protect the systems that run daily life.
Under agreement with the reporters, his comments were not for release until the House hearing began.
He said that right now he does not see terrorist groups as a major cyberthreat, but that could change.
In his prepared testimony for the hearing, Alexander warned that deterring enemies in the cyberworld will not be easy and could take years to achieve.
He said it will require progress in the military's ability to defend its networks and strike back against the source of Internet attacks. The U.S., he said, must develop counterattacks "that adversaries know we will use if we deem necessary."
He reeled off the rapidly growing statistics of today's online culture: 1.9 billion Internet users; 4.6 billion cellular subscribers; an average of 247 billion e-mails sent each day this year; and $300 billion in intellectual property stolen over computer networks this year.
Alexander assumed control of Cyber Command in May. He said the budget for this year is about $120 million, and that probably will grow to about $150 million in 2011.
The money pays for about 1,000 military and civilian workers, including those who staff a 24-hours-a-day operations center that monitors and defends the Defense Department's computer networks.
With a nod to critics, Alexander pledged that the Cyber Command will comply with all privacy and civil liberties laws.
"We have to get this right, as I believe the security of our nation depends on it," he said.
Defense Department: http://www.defenselink.mil