U.S. officials generally refrain in public from pointing fingers or giving names in connection with cyber-intrusions, especially against the private sector, but Mr. Rogers said he “thought it was important to name the offender.”
“This is not something that can be swept under the rug,” he said, noting that U.S. allies such as Germany and Britain have been more forward-leaning on publicly blaming China.
Last month, Army Gen. Keith B. Alexander, head of the National Security Agency and the commander of the U.S. military’s new Cyber Command, told a conference that he supported the administration’s practice of not identifying the author of major cyber-attacks because confronting foreign governments complicates the military’s efforts to track and attribute cyber-activity.
When confronted, “all they do is deny it” and seek to learn what they can from the confrontation about U.S. capabilities, Gen Alexander said.
Mr. Rogers and Rep. C.A. Dutch Ruppersberger, the ranking Democrat on the House Intelligence Committee, agreed that information sharing is key to securing critical U.S. computer networks.
“Without an open exchange of information about cyberthreats, companies are missing an opportunity to use shared experience to learn how to defend themselves more effectively,” Mr. Rogers said.
Added Mr. Ruppersberger, Maryland Democrat: “We must harness [the National Security Agency]’s expertise and share the critical information it collects about potential threats with all of our nation’s networks.”
Mr. Ruppersberger also called for the White House to empower its own cybercoordinator, who needed “operational and budget authority to work across all agencies and have some real clout” and “a direct line to the president.”
“The Air Force protects our skies. The Navy and the Marines protect our seas. The Coast Guard protects our coasts. The cybercoordinator must protect cyberspace,” he said.
Despite the concerns expressed by officials such as Gen. Alexander and Mr. Rogers, some observers remain skeptical about the higher-end estimates of the cost of foreign hacking, saying they are based on a “zero sum” idea of international trade and the global economy that economists long ago abandoned.
Victim companies “will make less money in patent and licensing fees,” said Martin Libicki of the Rand Corp. think tank.
That would be a quantifiable loss, Mr. Libicki said, but it is also relatively small. He suggested it would be “in the hundreds of millions or maybe even a billion or two, that order of magnitude.”
But he argued the much higher estimates some analyses produced were predicated on less-direct — and less-quantifiable — losses.
“If someone steals [General Motors’] designs for a car, how much does that cost G.M. and the U.S. economy?” Mr. Libicki said. “Will that necessarily have a bad effect on the U.S. economy?”