House Intel chairman says US 'under siege' from cyberattacks

House Intelligence Committee Chairman Mike Rogers (R-Mich.) on Wednesday said the United States is in the middle of a war in cyberspace and "losing" the battle.

ADVERTISEMENT
"We are absolutely under siege and we are fooling ourselves if we don't think we have a problem," Rogers said.

The chairman warned that countries like Russia and China are getting more sophisticated in their cyberattack capabilities, with Iran following closely on their heels. He said other countries have integrated offensive cyberattack capabilities into their military planning, which is changing the face of future warfare.

"We used to do it with bombers and artillery shells, now they're doing it with cyber warfare," Rogers said during a keynote at the winter meeting of the National Association of Regulatory Utility Commissioners.

While Russia and China would likely not launch a crippling cyberattack against the U.S. in peacetime, Rogers said, he cautioned that Iran may not use that same discretion. He said Iran was responsible for a cyberattack on the Saudi Arabian oil company Aramco. The attack corrupted 30,000 computers at the oil company and rendered them useless.

"What about countries like Iran? Backed in a corner, internationally isolated, developing their capability [for cyberattacks] — can they do something? Would they make a nonrational decision? I argue, absolutely," Rogers said.

"Look what they did to the ... Saudi Arabian company called Aramco," he said. "This is a very, very important economic tool for that country."

Rogers said if the Aramco attack was more successful, it could have shut down communications for "very large swaths" of the economy in Saudi Arabia and outside the region. He said the cyberattack could also have impacted the U.S.

Defense Secretary Leon Panetta referenced the Aramco attack during a speech last year and said it was "probably the most destructive attack that the private sector has seen to date."

To protect the U.S. against a devastating cyberattack, Rogers said he planned to reintroduce a cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA), that would let the intelligence community share classified cyber threat information with private companies so they can protect their computer networks from a forthcoming attack in real time.

He voiced opposition to applying new cybersecurity regulations on industry, arguing that companies are better equipped to protect their systems than the government is. However, he noted that the National Security Agency is doing great work on cybersecurity.

"The government is not going to keep up. If we're going to do this correctly, we're talking about exchanging packets of information, zeroes and ones if you will, one hundred millions times a second," he said. "So some notion that this is a horrible invasion of content reading is wrong. It is not even close to that."

The bill enjoyed support from a broad swath of companies, including Facebook and AT&T, who said legal hurdles slowed down information sharing about cyber threats between industry and government.

Last year civil liberties groups and privacy advocates launched online protests against CISPA because they argued that it lacked sufficient privacy protections and would increase the pool of people's electronic communications flowing to the intelligence community and the secretive National Security Agency. The White House shared similar concerns about the privacy protections in the bill and issued a veto threat against CISPA last spring.

Rogers said it's imperative that Congress pass a cybersecurity bill this year that would improve information sharing about cyber threats between government and industry.

"I think it's absolutely critical that we should get it done," Rogers said. "I think it's absolutely shameful that it's taken us this long to get this done."

He declined to give a specific timing about when he plans to reintroduce CISPA but said he would do it "very soon" and the bill would likely be "very close" to the version that passed the House last year.

Rogers told reporters that the committee is working with the White House to ensure it doesn't issue another veto threat against the bill, but noted that recent "personnel changes" have been "encouraging."