House Intelligence Committee chairman blames Iran for bank cyber attacks
WASHINGTON — The chairman of the House Intelligence Committee told the Tribune-Review on Wednesday that he is 99.9 percent confident Iran initiated recent cyber attacks on PNC and other major banks and that it clearly has the capability and desire to trigger more destructive assaults.
Rep. Mike Rogers, R-Mich., said Iran likely attacked computers at American banks to look for weaknesses to exploit.
“They're eager and ready to ramp up their actions here in the United States,” Rogers said. “Here's a country that's feeling isolated. Sanctions are hurting badly. … This is not a country that's going to make a rational decision about attacks of this nature.”
In “Cyber Rattling: The Next Threat,” a series of stories on cyber security that began Sunday, experts told the Trib that the bank attacks are part of a global war over information that could quickly escalate with destructive, and perhaps even deadly, computer attacks. Adversaries who might want to cause damage quickly are gaining more sophisticated capabilities, experts warned.
Rogers talked with the Trib after speaking about computer security concerns to about 150 people at the Center for Strategic and International Studies. Rep. C.A. “Dutch” Ruppersberger, D-Md., the ranking member on the House Intelligence Committee, warned that attacks might try to wipe out bank accounts or shut down critical infrastructure, such as power grids.
Lawmakers from both parties reintroduced legislation on Wednesday that they said would help the government and the private sector work together to prevent computer attacks and better respond when they occur. The Intelligence Committee is holding a hearing Thursday on the proposed legislation. (See related story from hearing.)
A similar bill failed last year over business concerns about government overreach. That led President Obama to announce during his State of the Union address on Tuesday that he signed an executive order on cyber security that calls for a cooperative government-business effort to protect computer systems.
A PNC Financial Services Group Inc. spokeswoman declined to speculate on the source of the sporadic attacks since September on its systems. CEO Jim Rohr has said he believes Iran was behind the “denial of service” attacks, which prevented some customers from accessing online accounts.
Iran has denied any involvement.
Foreign countries are actively spying on U.S. companies and stealing trade secrets, Ruppersberger said. Over the past year, he said, the number and sophistication of attacks by foreign countries, criminals and activists have “gotten a lot worse.”
“These cyber attacks are everywhere, attacking our businesses,” Ruppersberger said. “What worries us is a destructive attack.”
The new legislation would go further than Obama's executive order directing federal agencies to share information with private businesses and to produce strategies for thwarting attacks on key industries such as energy, transportation and banking.
The bill would increase the ability of the government and private businesses to communicate about threats and active attacks. It would give companies protection from lawsuits and antitrust violations for reporting dangerous activity and talking among each other.
Ruppersberger tried to tamp concerns about privacy, saying companies could report information only about computer and national security threats, child pornography, danger to children and imminent attacks such as a murder plot.
Both lawmakers said the federal government needs to do a better job of educating Americans about computer dangers and steps they can take to reduce them, such as updating firewall protections and ignoring email scams.
“We are in a cyber war,” Rogers told the audience. “Most Americans don't know it. Most folks in the world probably don't know it. And at this point, we're losing.”
Andrew Conte is a reporter for Total Trib Media. He can be reached at 412-320-7835 or firstname.lastname@example.org.