WASHINGTON, D.C. — Multiple nations, including China, are capable of shutting down the computer control systems used to operate the power grid and other “basic infrastructure” in the United States, the director of the National Security Agency (NSA) warned on Thursday.
While testifying before members of the House Select Intelligence Committee, Adm. Michael Rogers, NSA director and commander of U.S. Cyber Command, said he agrees with the prediction by technology experts cited in a Pew Research Internet Project report that a major cyber attack causing widespread loss of life and financial harm would occur by 2025.
“We have seen individuals, groups inside critical U.S. infrastructure … that suggests to us that this vulnerability is an area that others want to exploit,” testified Rogers. “All of that leads me to believe it is only a matter of the when, not the if, that we are going to see something traumatic.”
He also warned of an upcoming “troubling” trend involving the use of criminal actors as “surrogates” by countries seeking to cover their tracks when attempting to infiltrate U.S. computer systems.
Adm. Rogers told lawmakers that besides China, “probably one or two” other nations already have the capability to shut down infrastructure control systems in America. Rogers said the identity of the other countries is considered classified information.
“There shouldn’t be any doubt in our minds that there are nation-states and groups out there that have the capability … to enter those industrial control systems and to shut down, forestall our ability to operate our basic infrastructure,” asserted the NSA chief. “Whether it’s generating power across this nation, whether it’s moving water and fuel … I’ll highlight those because those tend to be the biggest focus areas that we have seen.”
Getting into the control systems “enables you to shut-down very segmented, very tailored parts of our infrastructure and forestall the ability to provide that service to us as citizens,” said Rogers.
“Those control systems are fundamental to how we work most of our infrastructure across this nation,” he explained. “They are foundational to almost every network aspect of our life–from our water to our power, to our financial segment, to the aviation industry, just as examples.”
Regarding the use of criminals by countries seeking to hack into U.S. control systems, Rogers said, “The next trend that I think we’re going to see in the coming near term is you will start to see … some of those criminal actors now engaging not just in the theft of information designed to generate revenue, but also potentially as a surrogate for other groups, other nations.”
In delivering his opening remarks, Committee Chairman Mike Rogers (R-MI) noted:
China’s economic cyber espionage … has grown exponentially in terms of volume and damage done to our nation’s economic future. The Chinese intelligence services that conduct these attacks have little to fear because we have no practical deterrents to that theft. This problem is not going away until that changes.
According to outside experts, U.S. Cyber Command is also capable of carrying out cyber attacks against foreign infrastructure systems, which in theory should serve as mutual deterrence.
The Chinese government has officially denied any involvement in hacking U.S. computer systems.
On Friday, Hong Lei, a spokesman for China’s Foreign Ministry, said the Chinese government “forbids” cyber attacks and accused the U.S. of hacking into their computer systems.