WASHINGTON -- Several foreign governments have hacked into U.S. energy, water and fuel distribution systems and might damage essential services, the top national security official said.
Those intrusions have left the U.S. vulnerable to a cyberattack that will cause significant loss of life or physical damage one day, National Security Agency Director Adm. Michael Rogers told the House intelligence committee at a hearing Thursday in Washington. Rogers said such an attack will occur during his tenure.
"This is not theoretical," Rogers said. Hacking attacks on U.S. networks are "literally costing us hundreds of billions of dollars" and will have "truly significant, almost catastrophic, failures if we don't take action."
Rogers is one of the highest-ranking U.S. officials to warn about looming cyberattacks. The warning demonstrates that hacking attacks against U.S. companies and agencies are escalating in seriousness despite awareness about them and efforts to fight foreign intruders.
Lawmakers have been told of the seriousness, but Congress has yet to pass cybersecurity legislation that companies and government officials have said is essential to warding off attacks.
A Chinese military officer indicted by the U.S. in May purportedly gained access to a utility's computers while on a scouting mission for information that China could use to wage war. The breach was followed by a Homeland Security Department warning to utilities in October to be on the lookout for malicious software that cybersecurity companies have connected to Russia.
"I fully expect that during my time as the commander, we are going to be tasked to help defend critical infrastructure within the United States because it is under attack by some foreign nation or some individual or group," Rogers said Thursday.
Hackers from the Chinese, Russian and Iranian governments have gained access to vital U.S. computers and could launch destructive attacks that include shutting down power grids, Rep. Mike Rogers, R-Mich. and chairman of the intelligence committee, said during the hearing.
China formally denies stealing Western intellectual property through government-sponsored hacking.
The National Security Agency director didn't identify any countries but didn't dispute that China, Russia and Iran have infiltrated U.S. critical infrastructure to carry out destructive attacks.
Outside experts have said the U.S. Cyber Command also has the capability to hack into and damage critical infrastructure, which in theory should amount to mutual deterrence. But Michael Rogers, who did not address his offensive cybertools, said the nuclear deterrence model does not necessarily apply to cyberattacks.
Only a handful of countries had nuclear capability during the Cold War, he said, and nuclear attacks could be detected and attributed in time to retaliate.
By contrast, the source of a cyberattack can easily be disguised, and the capability do significant damage is possessed not only by nation states but by criminal groups and individuals, Rogers noted.
Information for this article was contributed by Chris Strohm of Bloomberg News and by Ken Dilanian of The Associated Press.
A Section on 11/21/2014