ShareThis Page
Nation

NSA: China thefts could lead to attack

| Friday, Nov. 21, 2014, 12:01 a.m.

WASHINGTON — Several foreign countries, including China, have infiltrated the computers of critical industries in the United States to steal information that could be used in the planning of a destructive attack, the director of the National Security Agency said Thursday.

That was one of the cyberthreats outlined at a congressional hearing by Adm. Michael Rogers, who also said he expects that criminal gangs may become proxies for nations carrying out attacks on other nations.

“There are multiple nation-states that have the capability and have been on the (industrial) systems,” he said before the House Intelligence Committee.

“We see them attempting to do reconnaissance on our systems” to steal “specific schematics of most of our control systems” down to the engineering details, said Rogers, who also heads U.S. Cyber Command, the Pentagon's cyberoffensive unit.

In the past, U.S. intelligence officials warned that the Chinese had penetrated the electric grid. Now, Rogers has confirmed that “there's probably one or two others” that have also wormed their way in.

“There shouldn't be any doubt in our minds that there are nation-states and groups out there that have the capability ... to shut down, forestall our ability to operate our basic infrastructure, whether it's generating power across this nation, whether it's moving water and fuel,” he said. “Those tend to be the biggest focus areas that we have seen.”

A recent report by Mandiant, a security company, stated that Chinese government hackers have stolen data relating to manufacturing processes from a maker of power systems. Other security researchers say they have found evidence of the Russian government targeting U.S. industrial control systems.

In May, federal prosecutors announced charges against a special Chinese military intelligence unit of hacking into computers and illegally obtaining information from five entities with Pittsburgh ties — Alcoa, Allegheny Technologies Inc., Westinghouse Electric Co., U.S. Steel Corp., and the United Steelworkers union — and a German-owned solar manufacturer in Oregon. An indictment by a Pittsburgh federal grand jury accused five members of the People's Liberation Army of cyber-espionage.

Rogers, who in April became the head of the NSA and of Cyber Command, said that foreign criminal gangs have traditionally hacked into U.S. commercial systems to steal information, such as credit card numbers, that they could sell to generate revenue. He forecast that, in the coming year, “you will start to see ... in many instances some of those criminal gangs not engaging just in the theft of information . . . but also potentially as a surrogate for other groups, other nations” that want to “obscure their fingerprints.”

The gangs, most of which are Russian-speaking, have begun in some cases to use the tools developed by nation-states.

“Cyber hit men for hire,” quipped Rep. Mike Rogers, R-Mich., the committee chairman.

The Cyber Command head said he agreed with a recent Pew Research Center report that found a majority of cyberexperts predicted a catastrophic attack within the United States by 2025. “I fully expect that during my time as a commander, we are going to be tasked with defending critical infrastructure in the

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.

click me