Cyber Attackers Leaving Warning ‘Messages’: NSA Chief
From the post:
Admiral Michael Rogers, director of the National Security Agency and head of the Pentagon’s US Cyber Command, made the comments to a US Senate panel as he warned about the growing sophistication of cyber threats.
“Private security researchers over the last year have reported on numerous malware finds in the industrial control systems of energy sector organizations,” Rogers said in written testimony. ”
…
Of particular risk is so-called critical infrastructure networks — power grids, transportation, water and air traffic control, for example — where a computer outage could be devastating.
Rogers added that the military is about halfway toward building its new cyber defense corps of 6,200 which could help in defending the national against cyber attacks.
…
Wait for it…
But he told the lawmakers on the Armed Services Committee that any budget cuts or delays in authorizing funds “will slow the build of our cyber teams” and hurt US defense efforts in cyberspace. (emphasis added)
So, the real issue is that Admiral Rogers doesn’t want to lose funding. Why didn’t he just say that and skip lying about the threat to infrastructure?
The Naval Academy Honor Concept doesn’t back Rogers on this point:
They tell the truth and ensure that the full truth is known. They do not lie.
Ted G. Lewis in Critical Infrastructure Protection in Homeland Security notes:
Digital Pearl Harbors are unlikely. Infrastructure systems, because they have to deal with failure on a routine basis, are also more flexible and responsive in restoring service than early analysts realized. Cyber attacks, unless accompanied by a simultaneous physical attack that achieves physical damage, are short-lived and ineffective.
Everyone in the United States has experienced loss of electrical power or telephone communications due to bad weather. Moreover, industrial control systems aren’t part of the Internet.
Rogers is training “cyber-warriors” for the wrong battlefield. Rogers can’t get access to the private networks where Stuxnet, etc., might be a problem so he is training “cyber-warriors” to fight where they can get access.
Huh? Isn’t that rather dumb? Training to fight on the Internet when the attack will come by invasion of private networks? That doesn’t sound like a winning strategy to me. Maybe Rogers doesn’t know the difference between the Internet and private networks. They do both use network cabling.
It’s not just me that disagrees with Admiral Rogers’ long face about critical infrastructure. Jame Clapper, you remember, the habitual liar to Congress? and also Director of National Intelligence, he disagrees with Rogers:
If there is good news, he said, it is that a catastrophic destruction of infrastructure appears unlikely.
“Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication, and severity of impact,” the written assessment says. “Rather than a ‘Cyber Armageddon’ scenario that debilitates the entire US infrastructure, we envision something different. We foresee an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on U.S. economic competitiveness and national security.”
Of course, Clapper may be lying again. But he could be accidentally telling the truth. Picked up the wrong briefing paper on his way out of the office. Mistakes do happen.
Unless and until Admiral Rogers specifies the “…numerous malware finds in the industrial control systems….” and specifies how his “cyber-warriors” have the ability to stop such malware attacks, all funding for the program should cease.
Connecting the dots in procurement of cybersecurity services could provide more protection to United States infrastructure that stopping every cyber attack over the next several years.