Foreign nations' cyber intrusions into key infrastructure network are preparation for damaging attacks in a future conflict, the commander of Cyber Command told Congress Tuesday.
Adm. Mike Rogers, the commander who is also director of the National Security Agency, said one of his major concerns is cyber attacks on critical infrastructures used to run the electric grid, financial systems, communications networks, the transportation systems, and others.
"We assess that several countries, including Iran, have conducted disruptions or remote intrusions into critical infrastructure systems in the United States," Rogers said in his prepared statement.
Iranian hackers were linked to cyber disruptions of U.S. financial institutions last year, and Russian-linked BlackEnergy malware was used in cyber attacks against Ukraine's electrical power systems.
Homeland Security also has warned U.S. critical infrastructure administrators to be alert for the use of BlackEnergy cyber attacks here.
"Infiltrations in U.S. critical infrastructure—when viewed in the light of incidents like these—can look like preparations for future attacks that could be intended to harm Americans, or at least to deter the United States and other countries from protecting and defending our vital interests," Rogers said.
Cyber Command hopes industry will agree to share telemetry data used by infrastructure owners to remotely monitor systems so that any attacks could be detected quickly.
One vulnerable location is the Pacific island of Guam. If the electric grid were disrupted in a cyber attack, military operations would be affected. The island is a major hub.
Rogers said both enemy states and non-state actors are seeking to subvert the United States through the use of cyber operations.
"The pace of international conflict and cyberspace threats has intensified over the past few years," Rogers told the Senate Armed Services Committee. "We face a growing variety of advanced threats from actors who are operating with ever more sophistication and precision."
Committee Chairman Sen. John McCain (R., Ariz.) asked Rogers why a new cyber policy promised by President Trump within 90 days of taking office has not been completed.
The chairman noted that the Pentagon's Defense Science Board has assessed that foreign offensive cyber warfare capabilities are expected to far exceed America's ability to defend key critical infrastructures. Rogers said he agreed and urged developing cyber deterrence against attacks.
"In order to do that we would have to have a policy followed by a strategy, right?" McCain asked.
"Yes, sir," Rogers said.
However, Rogers acknowledged that the administration currently does not have a new policy and strategy for dealing with cyber threats. "But the new team is working on that," he said.
McCain said the military appears to be struggling to take on the new cyber warfare mission. For example, all 127 Air Force cyber officers working for the cyber mission force opted to return to a non-cyber position after their first tour of duty.
"That is unacceptable and suggests a troubling lack of focus," McCain said.
Internationally, every conflict around the world has a cyber dimension, whether Russian operations against Ukraine or Islamic State terrorist recruitment, fundraising, and communications in Syria and Iraq.
"Cyber war is not some future concept or cinematic spectacle, it is real and here to stay," Rogers said.
"The fact that it is not killing people yet, or causing widespread destruction, should be no comfort to us as we survey the threat landscape. Conflict in the cyber domain is not simply a continuation of kinetic operations by digital means, nor is it some science fiction clash of robot armies. It is unfolding according to its own logic, which we are continuing to better understand."
The worst-case scenario of a future cyber war would involve destruction of critical infrastructure, Roger said. A second fear is a shift in cyber attacks in the future from data theft to data manipulation—intruding into networks and changing data on a massive scale that produce negative effects, such as changing votes in voting machines.
Combined-arms operations utilizing both cyber warfare units and traditional kinetic military missions have not been seen yet. However, "we have spotted hints of this occurring in Syria and Ukraine as the Russians attempt to boost the capabilities and successes of their clients and proxies," he said.
Rogers said Cyber Command is more than a year away from having all its 133 cyber mission teams fully operational. At full strength, the command will field around 6,200 military and civilian personnel.
The mission of the command is to protect defense and military networks from attack and to conduct offensive cyber attacks in wartime. The command also is set to respond to cyber attacks on critical infrastructure and other domestic networks.
Plans for elevating the command from its current status as an arm of the Strategic Command to a combatant command are expected in the future.
Critics have charged that Cyber Command is hampered by its close ties to the National Security Agency. NSA, as an intelligence agency, is more experienced in cyber intrusions and spying. But the agency lacks the authority and capabilities for the relatively new field of waging cyber warfare.
On the Russian cyber-enabled influence operation that targeted last year's presidential election, Rogers told the committee the command is not charged with information warfare—disinformation and influence activities by adversaries. Cyber command, however, is involved in some secret operations against Islamic State terrorists in this area, he noted.
The U.S. government has lost extensive infrastructure and personnel capable of countering foreign influence and political operations since the demise of the Soviet Union in 1991.
A reassessment of information warfare capabilities is needed, Rogers said.
"As the Soviet Union collapsed, we decided perhaps that expertise isn't required," Rogers said. "We did away with many institutions. Many of the individuals who have the skill sets are no longer with us. I think we need to step back and reassess that."
The four-star admiral warned that until foreign hostile actors engaged in such operations are made to pay a price, the activities will continue.
Cyber Command is not charged with conducting information warfare operations, which is mainly under Special Operations Command.
But military activities in the new domains of cyber, electronic, and information need to be integrated.
"I'm trying to conceptualize in my own mind, so how are we going to bring together electronic warfare, cyber, and the information dynamic, because it is all blurring in this digital world that we're living in," Rogers said. "We're still trying to figure out what's the right way forward."
On North Korea, Rogers said Pyongyang is using criminal cyber attacks against financial institutions to provide cash for the regime of Kim Jong Un.
"We have publicly acknowledged we have seen the North Koreans use cyber in a criminal mechanism, if you will, to generate monetary resources," he said. "Although I would highlight this is only one element of the North Korean broader attempt to generate revenue and get it back to North Korea."
Russia also was behind a recent hack of emails involving political candidates in the French presidential election campaign.
NSA learned of the Russian activity and informed French intelligence last weekend that "we're watching the Russians, we're seeing them penetrate some of your infrastructure," Rogers said.
NSA also is working with German and British authorities to identify Russian cyber political influence operations targeting elections in those nations, he said.