National Security Agency (NSA) Director Navy Adm. Michael Rogers says the United States government needs to develop a stronger response against cyber attacks.
These kinds of online intrusions, he believes, affect every aspect of the American life while everyone else from around the world is keeping an eye on how the country responds.
Speaking at the International Cyber Security Conference hosted by Fordham University in New York, Rogers, who also heads the NSA's newly minted digital warfare initiative Cyber Command, said the U.S. has for the first time become the target of a "malicious act by a nation-state specifically designed to achieve a coercive effect."
Rogers was referring to the massive cyber attack that crippled Sony Pictures Entertainment's entire computer network in November, leading to the release of terabytes of documents containing all sorts of sensitive information, from employee Social Security numbers and unreleased films to embarrassing emails sent by top Sony Pictures executives.
Although private cyber security experts question the authenticity of the Federal Bureau of Investigation's (FBI) claim that North Korea masterminded the catastrophic Sony Pictures hack, Rogers said he has "very high confidence" that Pyongyang was responsible for the attack. He also said that it was critical for the U.S. to publicly identify North Korea to discourage other nation-states and parties from launching further attacks on public and private U.S.-based entities.
"Many nation-states, groups and individuals seem to have come to the conclusion that there is little price to pay for engaging in these behaviors," Rogers said. "Nation-states, groups and individuals are going to watch how the U.S. responds to this as a nation."
Rogers commended the U.S. decision to impose economic sanctions on certain North Korean government agencies and individuals, including the country's primary intelligence agency and arms exporter as well as Pyongyang representatives in state-owned enterprises in Iran, Russia, China, Sudan and Namibia.
"Merely because something happens to us in the cyber arena doesn't mean that our response has to be focused in the cyber arena," he said. "I was very happy to see what we as a nation-state decided to do."
However, the NSA director stopped short of saying what other types of punishments he recommends for cybercriminals attacking American Internet infrastructure, adding that Congress will have to decide on the matter. He did say, however, that the matter must be resolved quickly as cybercriminals, especially those from other countries, are becoming more sophisticated.
He also suggested that the agency has a key role in helping private companies protect themselves against cyber attacks, saying that it is not realistic for private companies "to deal with (cyber attacks) totally by themselves."
The NSA director called on private companies to be more open to sharing information with the government to help ward off cyber attacks. He did, however, acknowledge that the broken trust between government agencies and private companies -- arising from Edward Snowden's revelations about the NSA's overarching spying program -- must first be mended before such a sharing of information can occur.
"What we've seen in the last six to nine months in general ... trends are going in the wrong direction," he said. "Doing more of the same and expecting different results, my military experience tells me, is not a particularly effective strategy."