The U.S. and China may have signed a Memorandum of Understanding last week to establish an agreement on trade and information security, but the National Security Agency director warned such an accord will not deter cyber espionage activities, CIO Online reported yesterday (Sept. 28).
In a Senate intelligence meeting last week, Adm. Michael Rogers, commander of U.S. Cyber Command and head of the NSA, warned that more still needs to be done to slow down the growing number of cyber spying threats and theft of the country’s intellectual property.
“The greatest amount of activity is still criminal-based, but when I look at [it] from a national security perspective I would argue at the moment the nation-state represents the greater national security challenge,” Rogers said.
While the “common understanding” reached between the U.S. and China during Chinese President Xi Jinping’s visit last week shows progress, many have cast doubt on the impact it will really have in protecting the U.S. in the ever-changing cyberspace landscape.
“I raised once again our very serious concerns about growing cyber threats to American companies and American citizens. I indicated that it has to stop. The United States government does not engage in cyber economic espionage for commercial gain,” President Obama said after his meeting with Xi last week, noting the two nations had outlined a “way forward” on cybersecurity issues, CIO Online reported.
“We’ve agreed that neither the U.S. nor the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage. In addition, we’ll work together, and with other nations, to promote international rules of the road for appropriate conduct in cyberspace,” he explained.
But in the meeting with Senate committee members, Rogers pointed to the fact that the cybersecurity issues facing the U.S. reach far beyond the activities believed to be originating in China, CIO Online said.
According to Rogers, defending the country on a cybersecurity front is unlike any other military or diplomatic issue, requiring a different way to approach the issue on a global scale.
But that type of solution is not without its limitations.
“I certainly think we can get to the idea of norms. A formal treaty, I don’t know. Because one of the challenges in my mind is how do we build a construct that ultimately works for both nation-states and non-state actors,” Rogers stated.
“And one of the challenges inherent in cyber is the fact that you are dealing – unlike the nuclear world, where you’re dealing with a handful of actors all nation-states – you’re dealing with a much greater number of actors, many of whom, quite frankly, are not nation-states and have no interest in sustaining the status quo, so to speak. In fact, if you look at ISIL and other groups, their vision would be to tear the status quo down. They’re not interested in stability.”
This is not the first time Rogers has spoken out about the staggering number of threats facing the U.S. in the cyber realm.
Shortly after the government confirmed the two massive cyberattacks on the U.S. Office of Personnel Management earlier this year, which ultimately compromised over 21 million Social Security numbers, 19.7 million forms with data and more than 5 million fingerprint records, Rogers stated more high-profile attacks were on the horizon.
“I don’t expect this to be a one-off,” Rogers said while speaking at the London Stock Exchange in July, adding the incidents have forced the government to take a closer look at its cybersecurity policies, The WSJ reported.
“We are in a world now where, despite your best efforts, you must prepare and assume that you will be penetrated,” he explained during the event. “It is not about if you will be penetrated, but when.”
Rogers said cooperation between both companies and the government is needed in order to truly protect networks. “Cyber to me is the ultimate partnership,” Rogers said. “There is no single entity out there that is going to say: ‘Don’t worry, I’ve got this.’”