On November 20, 2014, the House Permanent Select Committee on Intelligence (“Committee”) held a hearing entitled “Cybersecurity Threats: The Way Forward.” The witness before the Committee was Admiral Michael S. Rogers, Commander, U.S. Cyber Command and Director, National Security Agency. In his testimony, Adm. Rogers discussed the scope of the cybersecurity threat facing critical infrastructure.
In response to questioning, Adm. Rogers stated that the Committee should assume that there are nation states that have the capability to infiltrate the United States’ critical infrastructure. He further stated that nation states have already been able to gain access to industrial control systems and appeared to be gathering information about how these systems work. Adm. Rogers also noted that organized crime, which has traditionally focused its activities with respect to cyber attacks on stealing data that it can sell, has begun serving as a surrogate for nation states to obscure the source of an attack.
According to Adm. Rogers, responding to these threats will require greater information sharing between the government and the private sector. Specifically, he stated that the government needs to be able to inform the private sector about known threats that companies might encounter and measures they should take to respond to these threats. He also stated that the government needs to be able to receive information from private companies about attacks on their systems. To facilitate this type of information sharing, Adm. Rogers encouraged the Committee to publicly define the types of information that would be shared between the government and the private sector. He testified that clearly defining the types of information that will be shared will ease fears that the private sector will share personal information about their customers with the government, as the government does not need such information to better protect the private sector against cyber attacks.