Former directors of the National Security Agency and the U.S. Cyber Command are not exactly known for being founts of information when interviewed by the media.

Yet General Keith Alexander (pictured) dropped a few tantalizing remarks recently during a major Amazon Web Services conference. He offered an instructive peek into the current state of the world’s cybersecurity landscape as seen by one who has been privy to the world’s top secrets for decades.

His startup, IronNet Cybersecurity Inc., is gaining traction in the energy industry, an interesting tidbit which underscores rising concern around vulnerability in utility infrastructure. His list of top nation-state threat actors includes the usual suspects — China, Russia, North Korea — but he also called out Iran, confirmation of previous reports that the country has indeed become much more active in creating cybermayhem.

He’s frustrated by the government’s continued inability to see cyberattacks before they occur, despite having discussions over this very subject personally with two defense secretaries less than 10 years ago during the administration of President Barack Obama. And he’s found that ultimately crafting solutions to these and myriad other cybersecurity issues is damn hard.

“It’s a lot harder than I thought it would be,” said Alexander, founder, co-chief executive officer and chairman at IronNet. “Now that I have to do it, I can say it’s hard, but it’s doable. We can do this.”

Alexander spoke with John Furrier and Rebecca Knight, co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the AWS Public Sector Summit in Washington, D.C. They discussed the evolving strength of nation-state espionage, working with the energy sector in cybersecurity, the need for better visibility against attacks and lessons he has learned over a lengthy, high-profile career (see the full interview with transcript here). (* Disclosure below.)

This week, theCUBE features General Keith Alexander as its Guest of the Week.

Iran gets bolder

The U.S. withdrawal from a nuclear deal with Iran has apparently sparked a new wave of attacks from the country. Iranian hackers hit half-a-dozen federal agencies in January and have also targeted internet service providers and telecommunications companies, according to one report.

Iran cyberbreaches have also impacted banks and stolen employee credentials, including the personal email address and mobile phone number of a high-ranking cabinet official in Great Britain. Perhaps more troubling, Iran has also been successfully targeting portions of the world’s infrastructure

One cyberespionage group, tracked by Fire Eye Inc. since 2016, is APT33, a group that has been linked to the Iranian government. The group has been identified as behind an earlier attack on the national oil company of Saudi Arabia and a chemical organization in the same country, in addition to multiple attacks on U.S. banks and businesses.

“Some of the nation-state actors are also criminals at night so they can use nation-state tools,” Alexander said. “My concern about the evolution of cyberthreats is that the attacks are getting more destructive, the malware has more legs, and the impact on our commercial sector and our nation is increasingly bigger.”

Cultivating the energy sector

Alexander went on record last month to express concerns that Iran was unpredictable, and is the state actor most concerning to him. Iran’s interest in targeting the energy sector may turn into good business for Alexander’s firm as well.

In statements made during its funding round last year, IronNet executives disclosed that the company had six unnamed energy providers using its platform. In March, IronNet announced a partnership with BlueVoyant to provide advanced threat-detection capabilities for small-to-medium-sized energy providers.

“The energy sector has been great to work with in this area,” Alexander said. “We have big issues here to solve.”

High-level defense discussion

Solving issues around cyberattacks from nation-state actors in critical industries like energy will undoubtedly require a concerted effort between the U.S. government and private industry to share threat information. This has been easier said than done.

The central issue has been that U.S. Cyber Command, the Department of Defense agency responsible for cyberspace operation coordination in the protection and advance of national interests, has lacked the ability to see attacks on U.S. businesses, government or infrastructure before they occur.

“When I had Cyber Command, one of the frustrations that I discussed with both Secretary Gates and Secretary Panetta was we can’t see attacks on our country,” Alexander said.

The answer, according to Alexander, is to encourage the private sector to share threat knowledge with the government, something that a recent survey indicates would be just fine with information technology decision-makers.

But how and what information gets shared can still be a double-edged sword. Security researchers expressed alarm last month when it was discovered that a malware sample uploaded to a shared program, called VirusTotal by U.S. Cyber Command, was currently involved in active attacks. The sample was linked to the Russian cyberespionage group responsible for breaching a Democratic National Committee database in 2016.

There also continues to be resentment among some state officials who remain in the dark after a federal government contractor was victimized by Russian hackers who breached election systems in Florida and North Carolina on the eve of the 2016 presidential vote.

Alexander still believes that the exchange of information remains critical. “Part of the solution to that is understanding where information is coming from, being able to see the environment like you do the physical environment at speed,” he stated.

Mixed signals

The conundrum facing leaders in both the private sector and government is that the very technology that can save the world from future attacks can also cause issues too. Alexander offered a personal example of this as he recalled his time serving in a key staff assignment during Operation Desert Storm in the early 1990s.

The U.S. military was using an airborne reconnaissance tool known as Joint Surveillance Target Attack Radar Systems, or JSTARS. The technology included a moving target indicator mode that provided real-time imaging of potential armed convoys traveling on the ground.

The information was stored in a database and assumed to be current, but Alexander was skeptical, and his doubts correctly ended up scrubbing a mission that could have resulted in needless expense and casualties.

“Everyone was getting ready to launch on something, and I said that it didn’t sound right,” Alexander said. “The Iraqis are not attacking us down this line. I thought it was old news.”

Despite the difficulties confronting security researchers and government officials as they grapple with constant cybersecurity threats, Alexander believes that the nation will ultimately come up with solutions that will work for most and protect the country.

“Trust that the military and civilian leaders will do the right thing,” Alexander said. “Hold them accountable. We’ll get to a defensible architecture over the next year or two.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS Public Sector Summit. (* Disclosure: TheCUBE is a paid media partner for the AWS Public Sector Summit. Neither Amazon Web Services Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE