SAN DIEGO, Calif. — The head of the National Security Agency reiterated that Russia engaged in cyber actions to influence the result of the U.S. presidential election and said the Moscow-directed interference is changing the way the NSA thinks about U.S. critical infrastructure.
“We have been very public – particularly if I put on my NSA hat – in categorizing the behaviors we saw, from a cyber perspective, the Russians engaged in terms of our election process. We were very confident that, ‘hey, this happened.’ What does that mean?” said Adm. Rogers, who also heads U.S. Cyber Command, said on Thursday at the West 2017 conference.
“It highlights to us that we need to rethink what critical infrastructure means in the digital age. We tended to view historically critical infrastructure as something associated with an output. ‘Hey, air traffic. Hey, pipelines. The financial world. Power distribution.’ Generally, we thought a very industrial set of processes that generated some sort of output.”
What the Russians did to influence the U.S. election adds a new dimension to what the U.S. should work to protect from influence from a cyber action or attack, he said.
“What about information, data and fundamental processes like the ability to ensure high confidence that in a Western democracy the electoral outcome is actually reflective of the majority of our citizens, which is at the heart of the democratic system?” he said.
“We have to think of it in a different way, and data increasingly has a value all of its own.”
Rogers cited the attacks on the Office of Personnel Management – in which the personal data of more than 21. 5 million people who had undergone the U.S. security clearance process was breached – and the Russia’s hack of Democratic National Committee emails and subsequent distribution on Wikileaks as new types of threats.
“You saw that in OPM, you saw that with the Russians – the way they penetrated systems, moved data and then provided that in very public, unaltered format,” he said.
“So we have to work through that. We need to work with a broader set of nations to clearly signal that this is unacceptable, and we need to drive the calculus in a different way.”
Separately during the conference event, Rogers said the Trump administration has made cyber security a priority and predicted administration-level action soon.
The discussion’s moderator, retired Adm. James Stavridis, former NATO supreme commander and U.S. Naval Institute chairman, said that a Trump executive order on cyber was in the works and asked Rogers on the status.
“There’s an ongoing dialogue that the administration – I don’t want to speak for them – but if you take their statements, they’ve been very upfront about the desire to make this a priority and a focus area in the early stages of the administration,” Rogers said.
“I expect it to play out sometime in the immediate near term. The process always takes longer than you would like, but I think this would play out. The biggest input I’ve tried to provide – and I’m just one voice – take this opportunity to step back and look at this with a new set of eyes and say, if you were creating this from the ground up, how would you do this?”