Rogers awaiting new Trump cyber policy
Foreign nations’ cyber intrusions into key infrastructure network are preparation for damaging attacks in a future conflict, the commander of Cyber Command told Congress Tuesday.
Adm. Mike Rogers, the commander who is also director of the National Security Agency, said one of his major concerns is cyber attacks on critical infrastructures used to run the electric grid, financial systems, communications networks, the transportation systems, and others.
“We assess that several countries, including Iran, have conducted disruptions or remote intrusions into critical infrastructure systems in the United States,” Rogers said in his prepared statement.
Iranian hackers were linked to cyber disruptions of U.S. financial institutions last year, and Russian-linked BlackEnergy malware was used in cyber attacks against Ukraine’s electrical power systems.
“Infiltrations in U.S. critical infrastructure—when viewed in the light of incidents like these—can look like preparations for future attacks that could be intended to harm Americans, or at least to deter the United States and other countries from protecting and defending our vital interests,” Rogers said.
Cyber Command hopes industry will agree to share telemetry data used by infrastructure owners to remotely monitor systems so that any attacks could be detected quickly.
One vulnerable location is the Pacific island of Guam. If the electric grid were disrupted in a cyber attack, military operations would be affected. The island is a major hub.
Rogers said both enemy states and non-state actors are seeking to subvert the United States through the use of cyber operations.
“The pace of international conflict and cyberspace threats has intensified over the past few years,” Rogers told the Senate Armed Services Committee. “We face a growing variety of advanced threats from actors who are operating with ever more sophistication and precision.”
Committee Chairman Sen. John McCain (R., Ariz.) asked Rogers why a new cyber policy promised by President Trump within 90 days of taking office has not been completed.
The chairman noted that the Pentagon’s Defense Science Board has assessed that foreign offensive cyber warfare capabilities are expected to far exceed America’s ability to defend key critical infrastructures. Rogers said he agreed and urged developing cyber deterrence against attacks.
“In order to do that we would have to have a policy followed by a strategy, right?” McCain asked.
“Yes, sir,” Rogers said.
However, Rogers acknowledged that the administration currently does not have a new policy and strategy for dealing with cyber threats. “But the new team is working on that,” he said.
McCain said the military appears to be struggling to take on the new cyber warfare mission. For example, all 127 Air Force cyber officers working for the cyber mission force opted to return to a non-cyber position after their first tour of duty.
“The fact that it is not killing people yet, or causing widespread destruction, should be no comfort to us as we survey the threat landscape. Conflict in the cyber domain is not simply a continuation of kinetic operations by digital means, nor is it some science fiction clash of robot armies. It is unfolding according to its own logic, which we are continuing to better understand.”
The worst-case scenario of a future cyber war would involve destruction of critical infrastructure, Roger said. A second fear is a shift in cyber attacks in the future from data theft to data manipulation—intruding into networks and changing data on a massive scale that produce negative effects, such as changing votes in voting machines.
Rogers said Cyber Command is more than a year away from having all its 133 cyber mission teams fully operational. At full strength, the command will field around 6,200 military and civilian personnel.
The mission of the command is to protect defense and military networks from attack and to conduct offensive cyber attacks in wartime. The command also is set to respond to cyber attacks on critical infrastructure and other domestic networks.
The U.S. government has lost extensive infrastructure and personnel capable of countering foreign influence and political operations since the demise of the Soviet Union in 1991.
Full article: Foreign States Preparing Cyber Attacks on Infrastructure in Future War (Washington Free Beacon)