House Intel Chief Wants To Increase Cyber Attacks Against Russia

Airmen with the 24th Air Force at Port San Antonio look into their screens during an open house at the facility.

U.S. Air Force photo

AA Font size + Print

Airmen with the 24th Air Force at Port San Antonio look into their screens during an open house at the facility.

The United States needs to be on the offensive when it comes to a preventing cyber war, says Rep. Mike Rogers. By Patrick Tucker

The United States should be conducting more disruptive cyber attacks against nations like Russia, according to Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee.

“I don’t think we are using all of our cyber-capability to disrupt” actors in Russia targeting U.S. interests, he said at The Washington Post’s cybersecurity summit on Thursday.

Rogers cited attacks out of Russia on the U.S. financial sector, specifically against JP Morgan Chase in August, as an example of nation states targeting U.S. companies and financial interests. The FBI is currently investigating whether or not the attacks were a response to the financial sanctions that the United States placed on Russia in March.

He didn’t directly implicate Putin’s government in the attack on JP Morgan Chase, but he called the attempted breaches a “decision [made] on the basis of sanctions,” and asked whether the intent was “to monitor transactions or go in destroy enough data to cause harm to transactions?”

He called it enough of an alarm to prompt the committee to “ramp up our efforts” and said the U.S. needs an “understandable policy on what offensive operations look like and should be.”

On Thursday, JP Morgan Chase released filings showing that the hack may have affected 76 million accounts, far broader than had been previously believed.

The power to wage cyber attacks is discussed under a Chairman of the Joint Chiefs Directive issued on June 21, 2013. And it’s alluded to in a March 5 Air Force instruction mandate titled “Command and Control (C2) for Cyberspace Operations“ (10-1701), but is otherwise classified.

Adm. Michael Rogers, the head of NSA and Cyber Command, said the United States has authority to conduct limited cyberwar activities. “Geographic combatant commanders already have authority to direct and execute certain Defensive Cyberspace Operations (DCO) within their own networks,” he testified at a recent Senate Armed Forces Committee hearing.

(RelatedNSA Chief: Yes, We Still Have Friends)

But Rep. Rogers cautioned that the private sector networks, which comprise 85 percent of the networks in the United States, are “not prepared to handle” even present-day hacks from nation states, much less a coordinated retaliatory back and forth of extremely sophisticated attacks, the sort of volleying that might be characterized as cyber war.

“If your [chief information officer] says he’s ready for what’s coming, find a new CIO,” he said.

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.