A stark warning was embedded in congressional testimony a short time ago that has sent shivers down the backs of most of those involved in cyber security. The director of the NSA, Adm. Mike Rogers, in his testimony before Congress, talked about a couple of changes in cyberattacks that have substantial implications for all of us!
In his testimony, he reaffirmed that, to date, most cyberattacks are designed to steal and exfiltrate data. He went on to talk about models that covertly manipulate or make changes to data. He reaffirmed what we all recognize: This type of malicious action will result in the loss of confidence in information and create huge problems.
Think about it: How do you make decisions when you do not know what data is real and what data has been manipulated?
Consider control systems for a moment. A cyberattack causes the pressure reading in a pipeline to be low. The system and or operators see this and take action to raise the pressure. What if they raised the pressure until the fake readings are in the normal range? Could that raise the pressure above the rating of the pipes and cause it to rupture? This example clearly demonstrates the seriousness of this type of cyberattack.
There is an interesting report by the Massachusetts Institute of Technology that examines ways to reduce the plethora of cyberthreats to country's critical infrastructure. It is worth a read for multiple reasons.
Are the admiral's comments what has cause many experts and several members of Congress to become more vocal and call upon the Trump administration to increase cyber protection of the nation's critical infrastructure? Clearly, Rogers' testimony in front of the Senate Armed Services Committee made it clear — cyberwar is no longer an abstract concept!