Destructive cyberattacks targeting the United States are a looming threat for which the country is not adequately prepared, a key lawmaker and a former director National Security Agency (NSA) said Friday.
A recent cyberattack that wiped out data on three-fourths of the oil company Saudi Aramco’s computers should stand as a wake-up call for the United States, said former NSA Director Keith Alexander.
“This is a whole new ballgame," Alexander said at a Bloomberg event Friday. “One that, quite frankly, as a country, I don’t think we’re prepared for.”
On a day when most Saudi Aramco employees stayed home to prepare for a religious holiday, a hacker planted a virus into the company’s networks, wiping out documents, spreadsheets and emails. In their place, the virus left an image of a burning American flag.
“These are the kinds of concerns that our country as a whole needs to look at,” Alexander said.
House Homeland Security Committee Chairman Michael McCaul (R-Texas) said these are the type of attacks that keep him up at night
“It’s the ability to shut things down — power grid, water supply, critical infrastructure,” he told a crowd at the Council on Foreign Relations on Thursday night. “It’s that ability that Iran’s trying to develop that concerns me.”
And it’s not just Iran. McCaul described a recent classified briefing on cyber threats from Russia.
“We’re seeing an evolving trend that’s coming out of countries like Russia,” he said. “It’s not only theft or espionage, but rather a destructive threat.”
Any attack resembling the Saudi Aramco sabotage “would have huge consequences on any portion of our government,” Alexander said.
Both McCaul and Alexander have been strong proponents of enhancing cyber threat information sharing between the government and private sector.
The Senate is currently considering the Cybersecurity Information Sharing Act (CISA), its version of a bill the House Intelligence Committee passed last year.
The bill would enable critical infrastructure companies to exchange cyber information with the NSA and other intelligence agencies. Privacy advocates have urged the White House to veto the bill, concerned it would allow the government to collect personal information on Americans.
McCaul has been pushing his own House-passed cyber information sharing bill, developed in his Homeland Security Committee. His bill would direct the private sector to swap cyber threat information with the Department of Homeland Security.
"These are very serious issues and I don’t think many members of Congress understand the gravity," McCaul said. "If a greater attack occurs, it's going to be on the head of Congress for not acting."