The United States should be conducting more disruptive cyber attacks against nations like Russia, according to Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee.
“I don’t think we are using all of our cyber-capability to disrupt” actors in Russia targeting U.S. interests, he said at The Washington Post’s cybersecurity summit on Thursday.
Rogers cited attacks out of Russia on the U.S. financial sector, specifically against JP Morgan Chase in August, as an example of nation states targeting U.S. companies and financial interests. The FBI is currently investigating whether or not the attacks were a response to the financial sanctions that the United States placed on Russia in March.
He didn’t directly implicate Putin’s government in the attack on JP Morgan Chase, but he called the attempted breaches a “decision [made] on the basis of sanctions,” and asked whether the intent was “to monitor transactions or go in destroy enough data to cause harm to transactions?”
He called it enough of an alarm to prompt the committee to “ramp up our efforts” and said the U.S. needs an “understandable policy on what offensive operations look like and should be.”
On Thursday, JP Morgan Chase released filings showing that the hack may have affected 76 million accounts, far broader than had been previously believed.
The power to wage cyber attacks is discussed under a Chairman of the Joint Chiefs Directive issued on June 21, 2013. And it’s alluded to in a March 5 Air Force instruction mandate titled “Command and Control (C2) for Cyberspace Operations“ (10-1701), but is otherwise classified.
Adm. Michael Rogers, the head of NSA and Cyber Command, said the United States has authority to conduct limited cyberwar activities. “Geographic combatant commanders already have authority to direct and execute certain Defensive Cyberspace Operations (DCO) within their own networks,” he testified at a recent Senate Armed Forces Committee hearing.
(Related: NSA Chief: Yes, We Still Have Friends)
But Rep. Rogers cautioned that the private sector networks, which comprise 85 percent of the networks in the United States, are “not prepared to handle” even present-day hacks from nation states, much less a coordinated retaliatory back and forth of extremely sophisticated attacks, the sort of volleying that might be characterized as cyber war.
“If your [chief information officer] says he’s ready for what’s coming, find a new CIO,” he said.