NSA Director Adm. Michael Rogers worries it is only a matter of time before other countries exploit vulnerabilities in the computer systems that control America’s energy infrastructure to bring them down.
Rogers said that last year the Department of Homeland Security responded to 198 cyber incidents across critical infrastructure sectors, with 40 percent targeting the energy sector.
“The energy sector continues to bear the brunt of our country's cyber-attacks because hackers recognize that the energy sector is our country's Achilles heel” said Rogers.
“I have told my organization is I fully expect that during my time as the commander we are going to be tasked to help defend critical infrastructure within the United States because it is under attack by some foreign nation or some individual or group,” Rogers told the House Select Committee on Intelligence.
He said his agency has seen nation states, groups and individuals aggressively working towards gaining the capability to selectively shut down parts of the American power grid and other utility sectors.
Rogers described intrusions of those networks as reconnaissance designed “to understand vulnerabilities that could be exploited in the future.”
“There shouldn’t be any doubt in our minds that there are nation states or groups that have the capability to do that,” said Rogers.
He added, “All of that leads me to believe it is only a matter of the "when," not the "if" that we are going to see something traumatic.”
Getting access to those systems could mean shutting down selective parts of the American infrastructure.
“If I want to tell it power turbines to go off line and stop generating power, you can do that,” said Rogers. "If I wanted to segment the transmission systems so you couldn’t distribute the power that was coming out of power stations, this would enable you to do that.”
Rogers did not challenge committee Chairman Mike Rogers’ assertion that a report by the private cyber security firm Mandiant blamed Chinese government hackers as having gotten access into some of America’s industrial control systems.”
Rogers also worries that nation states will begin using cyber criminals as their surrogates to enter America’s computer networks.
"I’m watching nation states attempt to obscure, if you will, their fingerprints. And one of the ways to do is to use surrogate groups attempt to execute that for you,” said Rogers.
He said recent activity by some cyber criminals targeting major companies to steal credit card information may already show links as they’ve used some tools historically used by nations states.
He said that “suggests to us that increasingly in some scenarios we’re going to see more linkages between the nation state and some of these groups that’s a troubling development for us."
Rogers likened that possibility as “cyber hitmen for hire really, to serve nation states.”