Washington – Attackers hacking into American computer networks appear to be leaving “cyber fingerprints” to send a message that critical systems are vulnerable, the top US cyber-warrior said Thursday.
Admiral Michael Rogers, director of the National Security Agency and head of the Pentagon’s US Cyber Command, made the comments to a US Senate panel as he warned about the growing sophistication of cyber threats.
“Private security researchers over the last year have reported on numerous malware finds in the industrial control systems of energy sector organizations,” Rogers said in written testimony. “
We believe potential adversaries might be leaving cyber fingerprints on our critical infrastructure partly to convey a message that our homeland is at risk if tensions ever escalate toward military conflict.”
Rogers told senators that “threats and vulnerabilities are changing and expanding at an accelerated and alarming pace,” forcing the US to step up defensive measures.
In some cases, attackers may be setting up “a beachhead for future cyber sabotage,” said Rogers.
“The cyber intruders of today, in many cases, not only want to disrupt our actions, but they seek to establish a persistent presence on our networks,” he told the panel.
Of particular risk is so-called critical infrastructure networks — power grids, transportation, water and air traffic control, for example — where a computer outage could be devastating.
Rogers added that the military is about halfway toward building its new cyber defense corps of 6,200 which could help in defending the national against cyber attacks.
“Many of its teams are generating capability today,” he said.
“Three years ago we lacked capacity; we had vision and expertise but were very thin on the ground. Today the new teams are actively guarding (Defense Department) networks and prepared, when appropriate and authorized, to help combatant commands deny freedom of maneuver to our adversaries in cyberspace.”
Rogers said most of the team would have “at least initial operational capability” by September 2016, the end of the next fiscal year.
But he told the lawmakers on the Armed Services Committee that any budget cuts or delays in authorizing funds “will slow the build of our cyber teams” and hurt US defense efforts in cyberspace.
“If we do not continue to invest in our existing and future capabilities, we will lack the necessary capacity and risk being less prepared to address future threats,” he said.
Related: Learn More at the 2015 ICS Cyber Security Conference