NSA Chief Says U.S. at ‘Tipping Point’ on Cyberweapons Policy makers largely agree on rules of engagement for defense, but offense still undecidedBy Damian Paletta

http://www.wsj.com/articles/nsa-chief-says-u-s-at-tipping-point-on-cyberweapons-1453404976

WASHINGTON—The U.S. military has spent five years developing advanced cyberweapon and digital capabilities and is likely to deploy them more publicly soon, the head of the Pentagon’s U.S. Cyber Command said Thursday.

Adm. Mike Rogers, who is also director of the National Security Agency, said U.S. policy makers have largely agreed on rules of engagement for when cyberweapons can be used for defense.

There is still an open discussion, however, about when cyberweapons should be used for “offense,” such as carrying out attacks against a group or foreign country.

“You can tell we are at the tipping point now,” Adm. Rogers said. “The capacity and the capability are starting to come online [and] really starting to pay off in some really tangible capabilities that you will start to see us apply in a broader and broader way.”

Still, Adm. Rogers stopped short of specifying how exactly these cyberpowers could be deployed in coming months.

Despite a series of high-profile cyberattacks in the past two years, including a large-scale breach at Sony Pictures Entertainment Inc. in late 2014 and the theft of millions of records from the U.S. Office of Personnel Management in 2015, Adm. Rogers suggested many Americans have become complacent, since they don’t see the rise of cyber armies and cybercriminals affecting their daily lives.

That could change fast, he said, if a cyberattack achieves large-scale destruction, particularly in a fashion resembling a more traditional weapon. Analysts have said these sorts of acts could including attacking a country’s electrical grid or knocking a nation’s financial system offline.

“I’m watching capability when I go, ‘Wow, if the intent were to change, we’d have some real challenges here,’ and intent can change really quickly,” he said. “I would urge us not to draw the conclusion that there is nothing here we really need to worry about. I would argue it’s going to get worse before it gets better.”

Adm. Rogers, who has led the NSA and Cyber Command for two years, was brought in to stabilize the agency after a furor over the far-reaching surveillance program disclosed by former contractor Edward Snowden. The NSA has seen some of its powers clipped, most notably when Congress last year banned bulk collection of telephone records.

Adm. Rogers has said the agency needs to do more to restore public confidence, and he has been adamant that the government needs to develop specific rules about the emerging digital battlefield.

Following the OPM breach, which some U.S. officials attributed to Chinese hackers, many lawmakers have said the White House and Pentagon need to clarify rules of engagement and make them public. These could include specific punishments and retaliatory actions, as a way to deter future attacks.

Adm. Rogers said policy makers have been working to develop “the same kind of standards” for responding to cyberattacks that they use for other warfare.

The NSA director also said the agency will launch a reorganization this year to better mesh its two tasks—digital spying and data collection on the one hand and protecting information on the other.

“We have got to integrate much more,” he said. “This traditional approach we had…built walls of granite between them.”

Comments are closed.