By Tom Risen
Sept. 16, 2014
Equating hacking with an act of war is a difficult task, Rogers says.
NSA Director Michael Rogers, seen here speaking in Alexandria, Va. on Aug. 13, says the U.S. should be prepared to deal with cyberattacks from the Islamic State group.
National Security Agency Director Michael Rogers said Tuesday the U.S. needs to be prepared for digital attacks from terrorist groups including the Islamic State and work with other countries on what qualifies as an "attack."
When asked about reports that the Islamic State has pledged to form a “digital caliphate,” the Navy admiral noted that the terrorist group has been “aggressive” in its use of media and the Internet, but would not specify the level of cybersecurity threat posed by the fighters. The Islamic State has gained international notoriety and shown some online competence by posting videos of beheadings on YouTube.
“We need to assume there is a cyber dimension in every area we deal with,” Rogers said during a speech at a cybersecurity conference at the Capital Hilton hotel in the District of Columbia. “Counterterrorism is no different.”
Many cyberattacks directed at the U.S. and other Western nations do not come from terrorist groups that lack the resources or support of a nation-state. Russia and China both employ or support hackers that steal trade secrets from American companies to benefit their own economies, which may represent the greatest cybersecurity threat to the U.S. since such hacks have allowed China to copy designs for military technology including submarines and drones. Iran’s hackers also are becoming more sophisticated.
Rogers became NSA director in April, and is the first to enter the post since criticism of the agency’s broad surveillance spiked after whistleblower Edward Snowden leaked copies of classified government documents to news outlets.
“I am not focused on the past. I have great respect for those who came before me,” he said in response to a question about what role surveillance would play during his tenure.
Nations including Germany and companies in Silicon Valley have criticized the NSA for its efforts to collect phone and Internet data, but Rogers said he rejects the position that such backlash means the agency no longer has partnerships with corporations or other countries.
“That is not what I have observed in my five months as director,” Rogers said. “We follow the rule of law. When we make a mistake, we stand up and say we got it wrong.”
Supporting the public’s desire for a debate about how surveillance should be conducted, Rogers added that “there is a difference between a mistake and a choice,” and said he will hold accountable those who knowingly break laws protecting privacy.
“There is no place in this workforce for those of that ilk,” he said.
Cybersecurity is a growing part of war, but the trick is differentiating an attack such as seizing control of security systems from a crime such as credit card theft or an online nuisance like spam email. Working with other nations to define which hacks count as an act of war is tricky, Rogers said, because it would mean setting “red lines” that nations cannot cross without expecting retaliation.
“[We are going to need] a much broader dialogue on what is acceptable behavior, on what are those red lines,’” Rogers said. “If we are going to articulate a red line then we have to be prepared to act when people violate it.”
NATO is expected to update its charter this month to address cybersecurity while leaving open the question of whether hacks count as an attack on its member states that could start a war.
“We need to get into more specifics other than ‘we have been attacked,’” Rogers said of the need to revamp the military language of cybersecurity to make each situation easier to explain.
Corrected on Sept. 16, 2014: A previous version of this article included an incorrect quote from the NSA director
No comments:
Post a Comment