U.S. power grid cyberattack: When, not if, says NSA chief


Written by

SAN FRANCISCO — It’s only a matter of time before a nation-state executes a successful cyber attack that causes significant damage to critical infrastructure in the U.S., the head of the National Security Agency told an audience of corporate cybersecurity specialists.

Adm. Michael Rogers issued his warning in a keynote at the 2016 RSA Conference, where he spoke about working to bridge the growing disconnect between the public and private sectors when it comes to cybersecurity.

Rogers said he worries over an infrastructure attack in the wake of a December incident in Ukraine that knocked parts of the country’s power grid offline. According to Rogers, the attackers not only took down the control systems for the power grid, but anticipated how engineers would respond, allowing them to slow down the process of bringing the grid back.

‘Seven weeks ago it was the Ukraine,’ he said. ‘That isn’t the last we are going to see of this. That worries me.”

Last month, officials pinned that attack on Russia and last week, the Department of Homeland Security’s ICS-CERT issued a warning about the malware and other techniques used in the attack.

Rogers also expressed fear over possible attacks that would manipulate data for the purpose of crippling financial institutions.

‘What are going to do as a society when you go to your bank account, and the numbers don’t match what you think they should be?’ Rogers asked. ‘What do you do if your business does financial transactions, and they don’t reflect what you are seeing?”

Rogers said these threats to our country should push the government and private sector to move past the hostility between the two sides, most recently over the FBI’s push to force Apple to unlock a phone that was used by a perpetrator in the San Bernardino shootings.

‘I believe in the power of industry and what we have seen in the valley over the last decade,’ he said. ‘We’re spending a lot of time talking to each other about what we can’t do. In many ways, we’re just talking past each other.’

A dialogue that moves past the bitterness is something Rogers rallied for, calling the privacy vs. security argument ‘fundamental to the very construct of our nation.’

‘These issues are so fundamental and so important to us as a nation, that I believe our citizens need leaders to say, ‘This is acceptable to us and this is not,’’ Rogers said. ‘There is no solution without risk, I acknowledge that. It’s about how we try to minimize that risk and be upfront with each other.’