Six months after China pledged to halt cyber espionage against the United States, Beijing’s hackers continue to conduct cyber attacks on government and private networks, the commander of U.S. Cyber Command told Congress.
Despite a formal pledge made by Chinese leader Xi Jinping in September, "cyber operations from China are still targeting and exploiting U.S. government, defense industry, academic, and private computer networks," Adm. Mike Rogers, the Cybercom chief, said in prepared testimony to a House Armed Services subcommittee on Wednesday.
Rogers echoed comments on continued Chinese cyber attacks made by Director of National Intelligence James Clapper in February.
Clapper said in Senate testimony that "it remains to be seen" if China will abide by the informal pledge made during a summit meeting in Washington with President Obama.
Rogers said he agreed with Clapper that China’s commitment to halt cyber espionage attacks remains an open question.
China has been linked by U.S. intelligence agencies to wide-ranging cyber attacks aimed at stealing information and mapping critical computer networks for future attacks in a crisis or conflict.
Despite the Chinese hacking activity, the Obama administration has taken no action against China for years of large-scale cyber attacks that officials say have cost the nation billions of dollars in stolen intellectual property and compromised networks.
Rogers also warned that nation states with advanced cyber warfare capabilities are taking steps to mask their cyber attacks by cooperating with non-government hackers.
Unspecified nation states are expanding cooperation "with a much broader range" of hackers in a bid to hide the source of sophisticated cyber attacks.
"I think this is in no small part an attempt to obscure what the real originator of the activity is," he said.
The use of surrogate hackers makes it more difficult for the U.S. government to confront foreign states about cyber attacks. "And they say, ‘It’s not us. It’s some criminal group; we don’t control all that,’" Rogers said.
Rogers also disclosed new details about cyber attacks against the email system used by the military’s Joint Chiefs of Staff, an attack that officials have blamed on Russia.
The July attack shut down an unclassified email server for 10 days and disrupted an email system used by 4,000 users on the network. Pentagon officials believe the attack came from Russian government hackers.
"Ultimately we were able to defeat the [intrusion] attempt in almost 60 other networks simultaneously except in this one particular network," Rogers said, noting that the final defense against cyber attacks is the user of a computer.
"In this case we had a user who clicked on a link that I said ‘What would lead you to do this? Read this. It doesn’t make any sense.’"
Because computer users in the Joint Staff clicked on an email link that downloaded a virus, the Pentagon was forced to spend time and money and limit use of the system. "We can’t afford to have this sort of thing," Rogers said.
Under questioning from Rep. Elise Stefanik (R., N.Y.), Rogers said he is "comfortable" that Cyber Command has enough military capabilities to counter cyber threats from Russia, China, and other states and entities.
"I’ve yet to run into a threat scenario that we couldn’t deal with," he said.
But Rogers voiced worries about his command having enough forces to deal with the threats. "What concerns me is capacity—how much of it do you have and as the threats proliferate, our ability to deal with high-end, simultaneous complicated threats, that’s probably the biggest limiting factor right now," he said.
The four-star admiral testified before the House Armed Services subcommittee on emerging threats and capabilities, which oversees the command.
The command spends around $500 million annually and is in the process of creating cyber mission teams that are deployed with warfighting commands and other military units. The teams conduct both defensive and offensive cyber operations.
The command is based at Fort Meade, Md., and works closely with the National Security Agency, the electronic spy agency that Rogers also leads.
Separately, Defense Secretary Ash Carter testified before the Senate Armed Services Committee on Thursday and revealed the Pentagon is adding $900 million for cyber defenses and operations in fiscal 2017. Much of that sum is focused on countering advanced threats from states like China and Russia.
"Reflecting our renewed commitment to deterring even the most advanced adversaries, the budget also invests in cyber deterrence capabilities, including building potential military response options," Carter said.
Rogers said he is concerned that evolving cyber attacks are being used to acquire large databases that can be used for future cyber attacks or for foreign intelligence operations.
Two recent examples were the cyber attacks against the Office of Personnel Management, which obtained records on more than 22 million federal workers, and the Anthem Healthcare cyber attacks that obtained some 80 million health records.
"OPM, Anthem, those are good examples to use of data now [being] a commodity that have value for a variety of purposes, whether that be counterintelligence, whether it be social engineering and helping to refine cyber activity. You’ll see increased attacks against Big Data concentrations in the future," Rogers said.
Ransomware attacks—malicious cyber attacks that encrypt data on a targeted computer and then extort the owners of the data to have it decrypted—also pose a growing threat.
Security researchers this week traced ransomware attacks to China, Reuters reported on Tuesday, noting that cyber tools used in the attacks were associated with earlier Chinese-linked cyber attacks.
"If you watch over the next year, you’ll see a lot more ransomware activity," Rogers said.
In his prepared testimony to the subcommittee, Rogers said cyber attacks by a range of nations and non-state actors are intensifying.
While North Korea has not conducted a repeat of its November 2014 cyber attack against Sony Pictures Entertainment, "we have seen a wide range of malicious cyber activities aimed against American targets and victims elsewhere around the world, and thus we are by no means sanguine about the overall trends in cyberspace," he said.
Cyber attacks are ubiquitous. "Literally every American who has connected to a network has been affected, directly or indirectly, by cyber crime," Rogers said. "By this point millions of us have had personal information stolen, or seen our accounts or credit compromised."
Some 300 American companies involved in critical infrastructure, such as electrical power, finance, communications and transportation, are working with Cybercom to study ways to protect against major cyber attacks, Rogers noted.
"We remain vigilant in preparing for future threats, as cyber attacks could cause catastrophic damage to portions of our power grid, communications networks, and vital services," he said.
Coordinated cyber attacks in Ukraine last December disrupted the power grid and damaged electricity control systems.
"If directed at the critical infrastructure that supports our nation’s military, cyber attacks could hamper our forces, interfering with deployments, command and control, and supply functions, in addition to the broader impact such events could have across our society," Rogers said, adding that the major cyber threats remain Russia, China, Iran, and North Korea.
Rogers said cyber attackers from several nations have explored computer networks used to control critical infrastructure and "can potentially return at a time of their choosing" to disrupt or damage the infrastructure.
"Russia has very capable cyber operators who can and do work with speed, precision, and stealth," Rogers said.
"Iran and North Korea represent lesser but still serious challenges to U.S. interests," he said. "Although both states have been more restrained in this last year in terms of cyber activity directed against us, they remain quite active and are steadily improving their capabilities, which often hide in the overall worldwide noise of cybercrime."
Both Iran and North Korea work against the United States in cyberspace but direct most of their malicious hacking against regional states.
On ISIS, Rogers said he is concerned about the terror group’s cyber capabilities. Most ISIS cyber activity involves propaganda, recruiting, radicalization, and fundraising.
ISIS-affiliated cyber operators a year ago publicized online personal data of more than 100 American service members, including many in the United States.
"Not only did the hackers for ISIL publicize the personal details on these Americans, but ISIL also called for jihad against them, urging followers in the United States to assassinate them and their family members," Rogers said.
While there was no direct link between the activity and the recent terrorist shootings in the United States and France, "ISIL wants its followers on the Internet to take inspiration from such attacks," Rogers said.
Cyber Command attacks against ISIS "make it more difficult for ISIL to plan or conduct attacks against the U.S. or our allies from their bases in Iraq and Syria," he said.
Rogers said Cybercom also has begun to think more about strategic deterrence in cyber space by creating capabilities that would dissuade foreign hackers from considering attacks.
Cybercom currently has set up 123 cyber mission teams staffed by 4,990 people. Twenty-seven of the teams are fully operational and 68 are in early stages of deployment.
The teams include combat mission teams that work with warfighters, like those in U.S. Central Command waging cyber war against ISIS.
The command also has a national mission team that defends U.S. critical infrastructure. Cyber protection teams are devoted to defending defense networks from attack.
The cyber protection teams were called in last year to help with the cyber attack on the Pentagon’s Joint Staff computer system.