China and "probably one or two other" countries have the capacity to shut down the nation's power grid and other critical infrastructure through a cyber attack, the head of the National Security Agency told a Congressional panel Thursday. Admiral Michael Rogers, who also serves the dual role as head of U.S. Cyber Command, said the United States has detected malware from China and elsewhere on U.S. computers systems that affect the daily lives of every American.
"It enables you to shut down very segmented, very tailored parts of our infrastructure that forestall the ability to provide that service to us as citizens," Rogers said in testimony before the House Intelligence Committee. Rogers said such attacks are part of the "coming trends" he sees based on "reconnaissance" currently taking place that nation-states, or other actors may use to exploit vulnerabilities in U.S. cyber systems.
A recent report by Mandiant, a cyber-security firm, found that hackers working on behalf of the Chinese government were able to penetrate American public utility systems that service everything from power generation, to the movement of water and fuel across the country. "We see them attempting to steal information on how our systems are configured, the very schematics of most of our control systems, down to engineering level of detail so they can look at where are the vulnerabilities, how are they constructed, how could I get in and defeat them," Rogers said. "We're seeing multiple nation-states invest in those kinds of capabilities."
Admiral Rogers declined to identify who the other countries, beside China, because of the classified nature of their identities. Russia is generally regarded as also having an aggressive cyber program. In addition to nation-state actors, Admiral Rogers noted the increasing presence of "surrogate" criminal actors in cyberspace that serve to obscure the hidden hand of criminal activity done on behalf of formal nation-states.
The testimony also comes in the wake of a report from the Pew Internet and American Life Project that cited a prediction by technology experts that a catastrophic cyber-attack that causes significant losses in life and financial damage would occur by 2025. Admiral Rogers told the committee he did not disagree with the assessment.
In addition to the threats from specific nation-states, Admiral Rogers said there are already groups within the U.S. cyber architecture who seek to cause major damage to corporate and other critical sectors of the American economy.
"It is only a matter of the when, not the if, that we are going to see something traumatic." he said.
Jamie Crawford, National Security Producer