Foreign hackers already have performed reconnaissance-type missions in order to determine how networks function and to find the weaknesses in them.
The nation's top security administrator told a congressional committee Nov. 20 that China has been identified as a key international player that has the cyber power to take down the U.S. power grid section by section if it chooses to do so.
So said Adm. Michael S. Rogers, chief of the U.S. Cyber Command and Director of the National Security Agency, in an appearance before the U.S. House of Representatives' Intelligence Committee, chaired by the coincidentally named Rep. Mike Rogers, R-Mich.
Adm. Rogers told committee members in testimony that hackers already have performed reconnaissance-type missions to determine how networks function and to find the weaknesses in them.
Russia, Iran, North Korea and Syria are also among the nations that have carried out these spy-type missions, other security sources in Washington have revealed in recent months. It is well-known in the cyber-security sector that each has an interest—and is, in fact, developing—offensive cyber-attack capabilities.
"The cyber-challenges we are talking about are not theoretical," Adm. Rogers said on a CSPAN Web replay of the meeting
. "This something real, and they have the potential to lead to truly significant, almost catastrophic, failures if we don't take action."
Rogers said that a concerted attack of this type could shut down critical IT networks that could knock out U.S. power and water grids, aviation systems and financial services in a matter of hours.
"What concerns us is that access, that capability can be used by nation-states, groups or individuals to take down that capability," Rogers said.
Rogers, who took over from Gen. Keith Alexander as the NSA's director seven months ago in the wake of the Edward Snowden government data revelations, said such an attack is "a matter of when, not if."
Rogers' testimony came only days after the counter-surveillance Freedom Act was rejected in the U.S. Senate, partly due to Republicans voting against the bill. Thus, the Senate is nowhere near coming up with new laws or regulations around tightening data security standards.
Finally, Rogers told the committee that he's not convinced that it's possible at this time to defend U.S. data stores effectively. The best defense we have at this time is a really good offense, he said.
"Defense is a losing strategy. We have to define what's an offensive action, what's an act of war—these are all things we're trying to come to grips with right now," Rogers said.
Adm. Rogers told eWEEK recently
that he is convinced that through effective working partnerships among government agencies, the military, law enforcement and key players in the private sector, long-term solutions will be found in the ongoing efforts to secure personal and business data and keep it out of the hands of cyber-criminals.
Rogers on Oct. 29 addressed attendees at the two-day Cyber Maryland Conference at the Baltimore Convention Center. About 1,000 stakeholders were registered. eWEEK
was on hand both to cover the event and to moderate a panel discussion on Internet of things (IoT) security.