Nations such as China and Russia have enough offensive cyber capabilities to one day carry out a “cyber Pearl Harbor” attack, said the head of the National Security Agency and U.S. Cyber Command.
“We’ve talked about our concerns with China and what they’re doing in cyber. Clearly the Russians and others have [those types of] capabilities,” said Navy Adm. Mike Rogers on Feb. 23. “We’re mindful of that.”
A cyber Pearl Harbor could include an attack on critical infrastructure or the financial sector, Rogers said during a cyber security forum sponsored by the New America Foundation, a Washington, D.C.-based think tank.
“You’ve seen some [smaller events already]. You look at what happened at Sony, you look at what we’ve seen nation states attempting to do against U.S. financial websites for some years now,” Rogers said. There would be dire implications for the nation if ordinary citizens were unable to access their bank accounts, he added.
In the Defense Department, there is great concern about intellectual property being stolen, he noted.
“Certainly in the Department of Defense, it’s an issue that has been of great concern to us as for some time,” he said. Nation states have penetrated some key defense contractors, and stolen the enabling technology that gives the U.S. military an operational advantage, he said.
Part of the NSA’s function is to keep tabs on potential threats to the United States. In 2013, the agency came under fire after Edward Snowden, a government contractor at the time, leaked classified information that revealed the agency was collecting enormous amounts of phone metadata from U.S. citizens.
Rogers defended the program and said the bulk collection of data absolutely helps the nation prevent attacks.
“The metadata collection generates value for the nation. I honestly believe that,” he said. “Is it a silver bullet that in and of itself guarantees that there will never be another 9/11 or there won’t be a successful terrorist attack? My comment would be no. … It is one component of a broader strategy designed to help enhance our security.”
At the same time, the onus is on the NSA to prove to the country that it isn’t abusing that data and it is collecting it within a lawful framework, Rogers said. He insisted that the data collection is in compliance with the Patriot Act.
Rogers would not specify a specific attack the bulk data collection helped foil.
The bulk collection authority under the Patriot Act expires in June. Congress will have to renew the authority, otherwise the NSA will lose access to the data, Rogers said.
“Do I think that if we lose it it makes our job harder? Yes. On the other hand, we respond to the legal framework that is created for us,” he said.
Since the revelations, it has been more difficult for the NSA to do its job, Rogers lamented. “Have I lost capabilities that we had prior to the revelations? Yes,” he answered. “It concerns me a lot.”