The head of U.S. Cyber Command warned lawmakers Tuesday that the prospect of non-state actors like the Islamic State seeking to use the cyber realm as a weapons system was “troubling” — and it could be a reality in the not-so-distant future.
Navy Adm. Michael Rogers, who also directs the National Security Agency, told the Senate Armed Services Committee that the possibility of non-state actors using cyberattacks to inflict pain on the U.S. and other nations was among his top three concerns.
Already, militants affiliated with the Islamic State in Iraq and Syria, or ISIS, have attempted to do damage through hacking attacks.
In testimony submitted before the committee, Rogers noted that ISIS-affiliated cyber operators had posted the personal information and photographs of more than 100 American troops online last spring in an act of threat and intimidation.
“Not only did the hackers for ISIL publicize the personal details on these Americans, but ISIL also called for jihad against them, urging followers in the United States to assassinate them and their family members,” Rogers wrote in his testimony, referring to another name for ISIS.
“While there is no direct link between this ISIL posting of personal information on service members and the recent extremist attacks in the U.S. and Europe, ISIL wants its followers on the Internet to take inspiration from such attacks,” he added.
Cyberspace, Rogers told the committee, was in some ways the great equalizer.
While state actors including Russia, China, Iran and North Korea are considered the greatest threats to the U.S. in the cyber domain as they are on other military strategic levels, the superiority gap between the U.S. and these competitors is much more narrow in cyber, he said.
Although the U.S. maintains a significant advantage over Russia in terms of naval forces, the two countries are peer competitors in cyberspace, Rogers said. China still lags behind the U.S. on cyber, he said, but not by much. If a non-state actor such as ISIS were to look to cyber to cause mischief, the barriers to entry would not be high, he said.
“Today what I would tell you is, I have not seen groups yet make huge investments in this but I worry that it’s a matter of time because it wouldn’t take long,” he said. “One of the challenges of cyber [is] … how it doesn’t recognize boundaries, it doesn’t take billions of dollars in investment, it doesn’t take decades of time and it doesn’t take a dedicated workforce of tens of thousands of people like you see most nation states deal with.”
Rather, the admiral said, it would be a matter of personnel and the will to succeed.
“It would not be difficult,” he said. “It’s about recruiting the right people with the right focus. It would certainly not be beyond their ability if they made that decision.”
In response to all these threats, Rogers said in testimony that Cyber Command was rapidly transitioning from “building the force” mode to a state of readiness. The command’s cyber mission force has 123 teams out of a target total of 133 and is building up to an ends strength of 6,187 from a force of 4,990 today, he said.
Separately Tuesday, Defense Secretary Ashton Carter said Cyber Command has received its “first wartime assignment” in the fight against ISIS.
“I have given the Cyber Command in the counter-ISIL fight really its first wartime assignment,” Carter said, referring to another name for the group known as the Islamic State in Iraq and Syria, or ISIS.
“What that means is to bring the fight to ISIL in Syria and Iraq,” he added. “It means interrupting their ability to command and control their forces, interrupting their ability to plot including against us here and anywhere else against our friends and allies around the world, interrupting their finances, their ability to dominate the population on territory they have tried to establish this nasty ideology.”
–Brendan McGarry contributed to this report.