The top U.S. general in charge of cyber security warned on Tuesday that the United States is increasingly vulnerable to attacks like those that destroyed data on tens of thousands of computers in Saudi Arabia and South Korea in the past year.
Army General Keith Alexander, who heads the National Security Agency and U.S. Cyber Command, told the Reuters Cybersecurity Summit that computer networks were under constant attack and billions of dollars worth of intellectual property were flowing out of the country each year.
The result was “the greatest transfer of wealth in history,” Alexander said.
“Mark my words, it’s going to get worse. The disruptive and destructive attacks on our country will get worse and … if we don’t do something, the theft of intellectual property will get worse,” said Alexander, the longest-serving head of the NSA.
The four-star general said he was not aware of cyber assaults against the United States as destructive as the one that damaged computers at Saudi Arabia’s national oil company, Aramco, last year. In the South Korean incident, thousands of computers malfunctioned in March, disrupting work at banks and television broadcasters in an attack that officials there blamed on malware used by North Korea.
But Alexander said similar attacks could be seen “in the not-too-distant future” on key U.S. infrastructure sectors, such as public utilities and financial services.
Alexander said that Washington, among other things, needed to engage in more dialogue with China, which the Pentagon has accused of trying to break into U.S. military computer networks.
Top U.S. officials have grown increasingly vocal about threats to U.S. computer networks from China and other countries.
The Pentagon’s latest annual report on Chinese military developments accused China for the first time of trying to break into U.S. defense networks, calling it “a serious concern.”
China has dismissed as groundless both that report and a February report by the U.S. computer security company Mandiant, which said a secretive Chinese military unit was probably behind a series of hacking attacks targeting the United States that had stolen data from 100 companies.
Alexander said the activities cited by Mandiant were “just the tip of the iceberg” and he favored more “candor” in discussions with China.
“We need China as a trading partner. We need to take a step. We need to let them know that that’s unacceptable – stealing intellectual property – and all that’s going on as per the Mandiant report,” Alexander said.
“I have offered to my counterparts in the (U.S.) Pacific Command and others that at some point it would make sense for myself or my successor to do that,” he said.
The general argued forcefully for legislation that would make it easier for the government to work with industry on monitoring private computer networks for signs of intrusion, despite concerns raised by privacy advocates.
But he said the NSA had no interest in reading the emails of U.S. citizens, who by some estimates produce 420 billion emails a day.
“We can protect our networks and protect our civil liberties and privacy,” Alexander told the summit.
He said proposed legislation would not allow government agencies to view data that identified individual people, except in specific cases that required special waivers.
Moreover, all reports of intrusions would go to the FBI, the Department of Homeland Security and the NSA simultaneously so that the appropriate agency could take any required action.
(Additional reporting by Deborah Charles; Editing by Ros Krasny, Tiffany Wu and Paul Simao)