NEWS AND ANALYSIS:
The commander of the U.S. Cyber Command warned Congress this week that Russia and China now can launch crippling cyberattacks on the electric grid and other critical infrastructures.
“We remain vigilant in preparing for future threats, as cyberattacks could cause catastrophic damage to portions of our power grid, communications networks and vital services,” Adm. Mike Rogers, the Cyber Command chief, told a Senate hearing. “Damaging attacks have already occurred in Europe,” he stated, noting suspected Russian cyberattacks that temporarily turned out the lights in portions of Ukraine.
Adm. Rogers said that unlike other areas of military competition, Russia is equal to the United States in terms its cyberwarfare capabilities, with China a close second.
The four-star admiral, who also heads the National Security Agency, said cyberwarfare “is one area we have to acknowledge that we have peer competitors who have every bit as much capacity and capability as we do.”
Russia, China, Iran and North Korea pose the greatest nation-state threats in cyberspace, and the Islamic State is mainly using cyber programs to recruit terrorists and propagandize, but could turn to cyberattacks against infrastructures in the future.
“The Russians I would consider in cyber a pure competitor,” Adm. Rogers said. “China is not in the same place, but rapidly attempting to get there.”
SEE ALSO: MedStar hackers exploited 9-year-old flaw to hold hospital data for ransom
Iran’s cyberattack capabilities also are increasing. “They’re increasing their investment, they’re increasing their level of capability,” Adm. Rogers said.
North Korea conducted a sophisticated cyberattack on Sony Pictures Entertainment in 2014 but has not launched a similar attack since.
Adm. Rogers told lawmakers his greatest concern is the “physical shutdown” of networks used for communications and logistics. A second major worry is cyber penetrations into critical military networks to manipulate data to provide false or misleading information that would cause warfighters to make disastrous decisions.
Most military operations involve the use of commercial infrastructure and thus their vulnerabilities to cyberattacks are a major concern.
“If you were able to take that away or materially impact the ability to manage an air traffic control system, to manage the overhead [satellite] structure and the flow of communications or data, for example, that would materially impact [the Defense Department’s] ability to execute its mission — let alone the broader economic impact for us as a nation,” Adm. Rogers said.
Most recent hostile cyber intrusions have been to steal data or conduct reconnaissance for future attacks.
SEE ALSO: DEA to decide within months whether to change federal status of marijuana
“What happens if the purpose of the intrusion becomes to manipulate the data, and so you can no longer believe what you are seeing?” he asked. “Think about the implications of that. If you couldn’t trust the military picture that you were looking at, that you’re using it to base decisions on, and let alone, the broader economic impacts for us as a nation.”
Ideological war needed to defeat jihadis
The United States has been at war against Islamic terrorists since 2001, but is failing to win the conflict because of political correctness and an inability to know the enemy.
That’s the conclusion of author Sebastian Gorka in his new book “Defeating Jihad: The Winnable War,” published last week.
Mr. Gorka, who holds the Horner chair of military theory at the Marine Corps University, argues that the war is not against terrorism but a global, totalitarian movement rooted deeply in Islam’s concept of jihad, or holy war.
Both former President George W. Bush and President Obama have failed to identify the real enemy as the global jihadi movement because of misguided, politically correct policies, he argues.
“Today, jihad is in the ascendancy,” Mr. Gorka writes, noting the Islamic State’s drive for a caliphate and its hold over territory larger than Britain with a daily income of $4 million and population of 6 million.
Additionally, Islamists are decapitating, crucifying and burning alive people in the name of Allah and attacks are increasing in West, like the slaughter in Paris and the deadly attack in San Bernardino, California.
Mr. Gorka outlines a concrete ideological plan to defeat the global jihadi movement, based on principles successfully used to defeat the Soviet Union. A new program of strategic counterpropaganda and strategic communications is needed to defeat the new totalitarian movement, he states.
“It is time for the America that vanquished the Third Reich and the Soviet Union to rise up from its slumber,” Mr. Gorka writes. “It is time for us to speak truthfully about those who wish to kill us or enslave us. It is time to speak the words ‘evil’ and ‘enemy.’ And it is time to draw a plan for victory, calling on strategies that have proved themselves against other totalitarian foes.”
McCain warns of hollow cyber force
Obama administration defense cuts and congressionally-mandated reductions are creating readiness problems that are no longer limited to the Pentagon’s conventional military forces.
Senate Armed Services Committee Chairman John McCain disclosed this week that the Defense Department’s new cyberwarfare forces are facing the same readiness problems because of defense spending shortfalls.
With cyberthreats from Russia, China and other enemies on the increase, some of the military services have omitted funding for basic cyber defense and offensive tools, Mr. McCain disclosed during a committee hearing on cyber issues on Tuesday. The funding means that cyber military units will lack the gear needed to assess and respond to networks under attack.
“In short, unless the services begin to prioritize and deliver the cyber weapons systems necessary to fight in cyberspace, we’re headed down the path to a hollow cyber force,” the Arizona Republican said. “Just as it would be unacceptable to send a soldier to battle without a rifle, it’s unacceptable to deprive our cyber forces the basic tools they need to execute their missions.
Mr. McCain also criticized the Obama administration for failing to develop a strategy to deter cyberattacks.
“I remain concerned that the administration’s cyber policy as a whole remains detached from reality,” the chairman said. “And for years, our enemies have been setting the norms of behavior in cyberspace while the White House sat idly by, hoping the problem would fix itself.”
Mr. McCain said in December the White House provided the committee an outline of its plan for a strategic deterrence policy on cyberattacks. The response was 18 months overdue and did not respond to the panel’s concerns.
“The response reflected a troubling lack of seriousness and focus, as it simply reiterated many of the same pronouncements from years past that failed to provide any deterrent value or decrease the vulnerability of our nation in cyberspace,” Mr. McCain stated.
The recent Justice Department announcement identifying Iranian hackers linked to cyberattacks on a New York dam and on U.S. financial institutions was a good step. But Mr. McCain said he was puzzled over why it took the administration “nearly five years after Iran began attacking U.S. banks for the administration to begin doing so.”
“That kind of indecisiveness is antithetical to deterrence and our nation simply cannot afford it,” he said.
The administration also failed to punish China for its role in hacking 22 million federal worker records from networks operated by the Office of Personnel Management. The White House was prepared to impose sanctions on China for the OPM hack in September but backed off after Chinese President Xi Jinping agreed to halt cyber economic espionage attacks.
Under questioning from the senator during a committee hearing, Adm. Mike Rogers, commander of the U.S. Cyber Command, was asked about the lack of cyber deterrence.
“Do you agree that the lack of deterrence or repercussions for malicious cyber behavior emboldens those seeking to exploit the U.S. through cyber?” Mr. McCain asked.
To which Adm. Rogers replied: “Yes,” without elaborating.
The Cyber Command chief has been pressing within the administration for more aggressive policies to deter cyberattacks. But administration officials say the White House has opposed the tougher policy that would require a demonstration of offensive cyberpower over concerns it could lead to an escalating cyber conflict.
• Contact Bill Gertz on Twitter at @BillGertz.