Rogers: 'cyber war' is here to stay

U.S. Cyber Command continues to mature and get on-the-job training as nation-state hackers conduct daily scans and exploits against Department of Defense and related networks, the head of the command told senators.

In his written testimony for the Senate Armed Services Committee, Adm. Mike Rogers said that "cyber war" is no longer an abstract concept and that all conflicts today have a cyber dimension.

Rogers warned that several states continue to invest military resources in targeting the DOD, but he's even more concerned about potential attacks on critical infrastructure or the potential for adversaries to not just steal data, but to begin to manipulate it -- a fear that was raised but not realized during the 2016 election.

And, as the U.S. is continuing to investigate how and what Russia did to interfere in the 2016 presidential election, Rogers, who also heads the National Security Agency, said that agency gave France a "heads up" that Russia was penetrating their elections infrastructure and offered to help.

"We're doing similar things with our German counterparts, with our British counterparts," said Rogers, who added that allies must continue to share what they know about cyberthreats.

The offensive capabilities of adversaries will continue to have an advantage over the defense, Rogers said, "which is why the ideas of deterrence are so important here -- how do we shape and change an opponent's behavior?"

Sen. John McCain (R-Ariz.) lamented that the new administration promised a cyber deterrence strategy in its first 90 days, but has not delivered.

Rogers said the new team is working on developing such a policy.

"In broad terms, my input to the process has been we need to reassess authorities and delegations, we need to take a look at do we have the right investments in manpower, are we investing in the right capabilities?" Rogers said.

For example, he said, ISIS is operating in Iraq and Syria, yet some of their cyber infrastructure is in other locations. A lengthy interagency process was required to get authorities to carry out cyber operations outside the geographic battle space.

Rogers thinks that will change. "Everything I'm hearing from the current team is they acknowledge that the structures that are in place are not fast enough."

Rogers also argued for more structured coordination with the private sector so that DOD is better positioned to carry out defensive missions in case of attacks against critical infrastructure.

"Couldn't we create a mechanism where we can take advantage of the investments and the capabilities the private sector's already making?" he asked.

Rogers stated that the DOD is in the process of complying with the 2017 National Defense Authorization Act mandate to elevate U.S. Cyber Command to full combatant command status and that "we've identified the steps we would need to take."

He argued that the split of NSA and CyberCom is an eventuality, but that CyberCom will need to mature further before that can happen.

Another work in progress is building the Cyber Mission Force. All 133 teams reached initial operating capability in the fall of 2016. The deadine for full operational capability is Sept. 30, 2018, and Rogers says he can meet it.

"But I acknowledge," he noted in written testimony, "that the true challenge will be sustaining the readiness of the CMF and the remarkable men and women who serve within the teams."

McCain echoed those concerns. "Unless the services begin to prioritize and deliver the cyber weapons systems necessary to fight in cyberspace, we are heading down the path to a hollow cyber force," he said.