The commander of the U.S. Cyber Command warned last week that he expects a major cyberattack on critical infrastructure in the United States in the future.
“It is only a matter of the ‘when,’ not the ‘if’ we’re going to see a nation-state, group or actor engage in destructive behavior against critical infrastructure in the United States,” Adm. Mike Rogers, Cyber Command chief and director of the National Security Agency, warned in a speech March 2.
Adm. Rogers’ comments, made during a security conference in San Francisco, came seven weeks after a sophisticated cyberattack on the Ukrainian electrical power grid that disrupted large segments of the country’s power network.
The incident was a “very well-crafted attack,” Adm. Rogers noted, and was focused on disrupting electrical power.
The attackers also monitored how Ukrainian authorities reacted to the attack. “And their strategy also focused on how they could attempt to slow down the [electrical power] restoration process,” he said.
“Seven weeks ago it was the Ukraine. This isn’t the last we’re going to see this, and that worries me,” Adm. Rogers said.
According to a State Department security report, the Dec. 23 incident in western Ukraine caused a power loss for 200,000 homes and businesses for six hours. “The outage was the result of a cyber attack against the networks of the local power company, marking the first blackout to be caused by malicious software,” the report said.
The report identified the malware used in the attack as BlackEnergy 3, which is known to target critical infrastructure and that has been traced to Russia by security researchers. Ukraine’s security service said the operation was the work of Russian intelligence agencies, and the Ukrainian Energy Ministry said the attackers “used a Russian-based Internet provider and made phone calls from inside Russia as part of a coordinated cyber attack on Ukraine’s power grid.”
Adm. Rogers also warned that he is worried that future cyberattacks will seek to manipulate data during intrusions into networks.
“What happens when that same activity is used to manipulate data, to manipulate software or products, and suddenly we can no longer trust the data we’re visually seeing?” he asked.
For example, hackers could break into bank accounts and change the amounts contained in the accounts. Business transactions also could be manipulated with false or manipulated data by hackers.
Adm. Rogers also warned that terrorists currently use cybermeans to recruit members and propagandize. In the future terrorists may conduct cyberattacks in those operations, he said.
“They’re not interested in maintaining the status quo; they’re interested in tearing the status quo down,” the four-star admiral said.
Infrastructure cyberattacks, data manipulation and terrorists’ use of cyberattacks are among his main worries for the next few years, Adm. Rogers said.
ISIS threatens U.S. attacks
The Islamic State terror group released a video this week that contained a new threat to “kill, slaughter and burn” Americans.
An Islamic State Twitter user on Monday posted a link to the video produced by the group’s official media outlet called “A message to America from the Islamic caliphate supporters.” The post by @tabat_90_tabat and the YouTube video were removed.
“We will do your country like what we did in Paris,” an unidentified Islamic State terrorist says in the video, which also contains a clip of an earlier Islamic State video involving so-called British terrorist Mohammed Emzawi, the famous “Jihadi John,” beheading an American captive. Emzawi was killed in a U.S. drone strike Nov. 12.
The video shows an Islamic State fighter stating in accented English that the group is waging jihad and asking why President Obama and Secretary of State John F. Kerry have not learned that battling the group is “making you lose lots of wealth, and even losing the lives of your Army as well as your people.”
The narrator then says: “Paris isn’t any far from you. We will do to your country like what we did in Paris. We will kill, slaughter and burn your people. We will attack you very soon with anything we can lay our hands on.”
Asked if the attack threat is credible, a CIA spokesman said: “We take all threats against the United States seriously, but as a general matter we don’t comment on every piece of propaganda that ISIL deploys.”
Capturing North Korean nukes
Amid growing tensions on the Korean Peninsula, U.S. special operation forces are poised to conduct operations aimed at seizing North Korea’s nuclear weapons should the increasingly unstable Kim Jong-un regime collapse.
Army Gen. Joseph L. Votel, commander of U.S. Special Operations Command, said secret nuclear weapons seizures are part of the command’s responsibility.
U.S. and South Korean military forces currently are engaged in large-scale military exercises, which include special operations commandos, in a scenario that includes the collapse of the North Korean regime.
Asked during congressional testimony last week about increasing North Korean nuclear threats and whether a peaceful solution to tensions on the Korean Peninsula is possible, Gen. Votel said: “I don’t know if a peaceful solution is possible at this particular point.”
“What we are doing, of course, is we are retaining our capability to deal with those types of weapons in the venues in which we are asked to deal with them, which are fairly peculiar,” he told the Senate Armed Services Committee March 8.
Gen. Votel, nominee to be the next U.S. Central Command chief, did not elaborate. But he made clear that preparing to capture North Korea’s nuclear arms in a crisis remains a top priority. “We do maintain that capability as one of our no-fail missions,” he said.
In a sign of concern over North Korean instability, additional special operations forces (SOF) were deployed to South Korea. “There are more SOF men and women on the peninsula than we’ve had at any time in the past, and we are continuing to maintain a robust presence there with all our capability: air, maritime and ground SOF forces,” Gen. Votel said.
Mr. Kim recently ordered the execution of Gen. Ri Yong-gil, chief of the military’s general staff. Ri is among more than 70 officials killed by the 33-year-old dictator as part of efforts to solidify his rule in the highly militarized totalitarian state.
Less visible than its counterterrorism forces, SOCOM maintains highly trained units dedicated to going after and securing foreign nuclear weapons should they fall into the wrong hands as the result of a regime collapse, or due to theft by rogue military forces or terrorists.
The mission is called “render safe” and was discussed by Army Lt. Gen. Raymond A. Thomas, the nominee to be the next SOCOM commander, in Senate testimony made public Wednesday.
The command’s weapons of mass destruction teams are charged with three jobs: countering arms proliferation, arms interdiction and rendering dangerous weapons safe.
Gen. Thomas said commandos currently have the right mix of counterterrorism and counterproliferation forces, including what he called “the no-fail mission of render safe.”
No-fail missions are high-priority, meticulously planned operations that seek to reduce the chance of failure to near zero.
SOCOM “has sufficient render-safe capacity to respond to the most likely [counter-WMD] scenarios based upon today’s threat analysis,” Gen. Thomas said.
• Contact Bill Gertz on Twitter via @BillGertz.