* Ability to identify attackers is growing
* Pentagon reviewing rules of engagement in cyberspace
By David Alexander
WASHINGTON, March 20 (Reuters) - The U.S. military's ability to detect and identify attackers in cyberspace is improving rapidly but is still being outstripped by the growing number of threats, the head of the u.s. Cyber Command said on Tuesday.
General Keith Alexander told a House of Representatives panel that "the risks that face our country are growing faster than our progress," a trend he said the military would have to work hard to reverse.
But he said any aggressor should be wary of trying to disrupt America's computer networks.
"Our indications and warning and forensic intelligence capabilities necessary to identify our enemies and attackers in cyberspace ... are improving rapidly," Alexander said.
"I can assure you that ... we can back up the department's assertion that any actor threatening a crippling cyber attack against the United States would be taking a grave risk."
Alexander and other Pentagon cyber experts told lawmakers that since releasing a new cyber strategy last year the Defense Department had been moving on several fronts to bolster defenses, secure critical networks and improve cyber warfare capabilities.
Madeline Cree don, assistant secretary of defense for global strategic affairs, said the Pentagon was reviewing rules of engagement in cyberspace, working to improve command and control and talking with other countries to develop agreed norms of behavior.
Those issues are critical because the murky nature of national boundaries in cyberspace, the anonymity of aggressors and the speed at which attacks unfold make it difficult for leaders to execute decisions in real time.
"We are working closely with the joint staff on the implementation of a transitional command and control model for cyberspace operations," Cree don told the House Armed Services Committee's panel on emerging threats and capabilities.
"This interim framework will standardize existing organizational structures and command relationships across the department for the application of the full spectrum of cyberspace capabilities," she said.
Teresa Taka, the Pentagon's chief information officer, said as part of efforts to improve security, the Pentagon has developed a "cloud" computing architecture and plans to consolidate its data centers into three types based on level of security and accessibility.
The Defense Department has some 25,000 servers visible to the Internet with networks reaching almost every corner of the globe. Some seven million computing devices are based at Defense Department installations worldwide.
The Pentagon unveiled a new strategy last July that called for cyberspace to be treated like any other operational domain - land, air or sea - where the military must prepare for conflict and carry out operations.
Since then, Alexander said, sophisticated criminals have begun to use stealthier, more advanced techniques to steal sensitive data, such as makers of network security products. Some nations are "riding this tide of criminality," he said.
"Our nation, our businesses and even our individual citizens are constantly targeted and exploited by an increasingly sophisticated set of actors," Cree don said. "We believe the costs of these intrusions run into the billions of dollars annually. We know they pose a clear threat to our economy and our security."
Groups like Anonymous and Lula Security, which encourage hackers to work together to harass organizations and individuals, pose another worry, Alexander said. Working to prevent them from disrupting Pentagon information systems drains resources but also draws attention to their methods.
"We are also concerned that cyber actors with extreme and violent agendas, such as al Qaeda affiliates, could imitate activists' methods for more destructive purposes," he said in prepared testimony for the panel.
However, Alexander expressed confidence about the Cyber Command's ability to confront the challenges. (Reporting By David Alexander; editing by Christopher Wilson)