The United States needs to make it clear it is unacceptable and there is a price to pay if any adversary takes action like manipulating voter registration rolls, the head of U.S. Cyber Command told the Senate Armed Services Committee on Tuesday.
When asked about Russian meddling in the 2016 presidential election, particularly the Kremlin’s use of information operations, Adm. Michael Rogers, who also serves as the director of the National Security Agency, said the government needs “to publicly out this behavior” and “make it more difficult to succeed.”
He said as NSA director he told the FBI in the summer of 2015 of Russian attempts to influence the election and other parts of the government. Rogers explained that right now the FBI, the Department of Homeland Security and Cyber Command have different responsibilities and authorities to act in this area. “They were going after DoD at the same time.”
Rogers said the command could disrupt these operations if it received new authorities to do so.
“Data manipulation on a massive scale,” like tampering with voting rolls, outright destruction of critical infrastructure and non-state actors adopting cyber as a desirable weapon were the three worst-case scenarios he could picture.
Rogers said he is working with the Pentagon on ways to speed the flow of cyber data to combatant commands to defeat the Islamic State. He said he was “trying to have a dialogue with my bosses” to put the structures in place to speed the process. “We are basically looking at cyber writ large.”
He added in the three years since he assumed command the capability “gap is narrowing” between Russia and China and the United States across various areas of cyber and information operations, but “I would tell myself, ‘Rogers we’re not where we need to be.'” He called for more integration among government agencies and also with the private sector to better deter and detect. Looking specifically at the National Guard and reserves, he said questions such as employing their talents if an event “is not something catastrophic” and active-duty forces would not be used need to be answered.
As for his command’s forces, “I don’t want to show up for the first time” in the middle of a crisis, stressing the need for exercises and regular communications about what each is seeing in terms of cyber activities by outsiders.
In his opening remarks, Sen. John McCain, (R-Ariz.), said, “We have developed seams” in addressing cyber issues, and “we know our adversaries will be using them against us.” He suggested the Coast Guard model of cyber integration — both for law enforcement and national security — should be studied for possible use across government agencies.
Rogers said later in the hearing that “an act of war” has not yet been defined as it pertains to cyber. What is needed is agreement on a “specific set of attributes rather than a broad general discussion.”
As for the private sector being better able to defend itself, Rogers termed it “uneven by sectors.” He noted much of the nation’s critical infrastructure was built and put in place long before the digital age. “The cost of replacing that infrastructure is huge,” he said.
Earlier he noted that the focus of government had been on protecting that infrastructure and hadn’t re-examined its own information operations following the end of the Cold War. In answer to another question on information operations, he said, it is “not what our work force is optimized” for. “It’s a brave new world out there” when it comes to information operations from fake news to propaganda to lies and distortions.
Rogers said, for now, he would not separate the command of Cyber Command from the NSA directorship. “The right answer in the long term is to separate the two.”
In answer to a follow-up question, he said cyber could be established as a separate command “in a reasonably short period of time.” What would be needed is a shift of responsibilities from Strategic Command, the creation of a unified command plan and some investments in manpower.
As for recruiting, Rogers was satisfied on the military side but work needed to be done to attract more civilians. He wants to retain a “warrior ethos” in CYBERCOM. If cyber were an independent command, he envisioned “something like a third [remaining] with us” and the others rotating back to the services in cyber roles.
