05.09.17

Senator David Perdue: Keeping A Competitive Edge Against Adversaries’ Cyber Capabilities

“We’re in a crisis stage right now in regard to our ability to detect and deter.”

WASHINGTON, D.C. – U.S. Senator David Perdue (R-GA), a member of the Senate Armed Services Committee, asked Admiral Michael S. Rogers, Commander of the U.S. Cyber Command and Director of the National Security Agency, about the United States’ capabilities to detect and deter cyberattacks conducted by adversaries.  

Click here to watch the exchange or click on the image below. 

SASC

Ability To Detect And Deter Cyberattacks

Senator Perdue: We’re in a crisis stage right now—and I think you would agree with that—with regard to our ability to detect and deter. I understand that in the long-term, the “ideal” might be to have a single integrated-cyber service because of the context dimension. In the interim phase, when we’re in this crisis mode, do we have a sense that a single integrated-cyber service might be counterproductive to our ability to stand up to the immediate threats?  

Admiral Rogers: It would be difficult to do it today in the short term. That would take a long-term investment, significant structural, cultural changes. It’s another reason why I would argue, optimize the structures and the mechanisms that are in place. Now we’ve also got to hold them accountable—don’t get me wrong—you can’t just turn to them and say, “Well do what you always do.” There has to be accountability and oversight. But I’m comfortable that the current approach is going to generate the outcomes we need. Even as I acknowledge it is not moving as fast as I would like. We’ve got a huge mismatch between current capacity and capability and what I know is the requirement. We’re always in a tail chase.

Cyberattacks By Foreign Adversaries

Senator Perdue: You mentioned earlier that the primary motive in hacking from Russia and China—primarily state actors—has been the extraction of data. In North Korea, we saw a little bit of a different attack where they went in and actually started placing what I would call sleeper imbedded code for a bigger event later. Do we see a continuing growth in that type of activity?

Admiral Rogers: You do. You see every nation-state engage. They’ll penetrate a system. They’ll look to, not just extract, but study it, understand it, see where it connects to see if they can use this as a jumping-off point to get to somewhere else. One of the things we’re always looking for is, if a system has been penetrated, has the actor manipulated, changed, amended the configuration so they can gain access separately now? That’s one of the key things we always look for when we’re trying to do mitigation once someone has penetrated a system. So it’s the full spectrum. The simple answer is yes: it’s the full spectrum that we’ve seen a lot.

Senator Perdue: Have we seen any evidence in the U.S.?

Admiral Rogers: I’ve seen nation-states engage in activity in the U.S. where they’re clearly interested in a long-term presence–not just extracting data.

View Senator Perdue’s full remarks in the Senate Armed Services Committee hearing on U.S. Cyber Command here.

###

Senator Perdue is the only Fortune 500 CEO in Congress and is serving his first term in the United States Senate, where he represents Georgia on the Armed Services, Banking, Budget, and Agriculture Committees.