Michael Rogers, the former head of the U.S. National Security Agency, warned that foreign adversaries like Russia and China were edging closer into uncharted cyber warfare territory as they continued digital attacks on infrastructure and military installations worldwide.
So far, such cyber attacks haven’t crossed the threshold of constituting an act of war, Rogers told Semafor’s Gina Chon during a pre-recorded interview played at the Securing the Digital Future event on Tuesday. “It’s only a matter of time, though, before we cross this Rubicon,” he said.
Rogers said that China was penetrating critical infrastructure in countries like the U.S., Taiwan, and South Korea for “reconnaissance” and to understand the network structures in order to “go destructive” in the event of a war or crisis.
He acknowledged that there is no clear definition of what an “active war in cyber is,” and that just penetrating a network is not sufficient grounds to define as an act of war.
Rogers told Semafor that both the private and public sectors have developed better information sharing protocols that have helped increase cybersecurity protection over the last decade, with many of those systems evolving after the 2014 North Korean hack of Sony Pictures.
However, the idea that foreign adversaries could no longer penetrate U.S. systems, “is not realistic, in at least the near term,” Rogers said. “We need to be focused on cyber security, not just from a cyber defense perspective.. make the castle walls taller thicker, build a deeper moat.”
He also called for the U.S. to build more resilience to cyber attacks and develop the ability to stop an entity from moving rapidly through the system.
Rogers addressed the role of artificial intelligence in the government’s threat-detecting abilities, calling AI a “double-edged sword.”
Rogers said that AI would allow for the U.S. to generate more intelligence about what adversaries are doing, but also increase the hacking capabilities of those adversaries.
“It will enable them to generate better malware...malware that understands some of the defensive capabilities that are embedded in systems and therefore can bypass it or overcome it,” he said. “It will enable attackers to simulate, to anticipate, what kind of defensive moves companies and targets are going to put into place.”
The View From
By Jeetu Patel, Cisco
Phishing used to be easy to spot. If a prince with poor grammar sent you an email offering riches, you probably didn’t take it seriously. No one’s laughing at the scams of today. They’ve gotten more sophisticated, featuring perfect grammar and personal references. AI is making these more believable.
Our response needs to be equally as sophisticated. Security isn’t just a business issue — it’s a societal priority. Bad actors can undermine everything from education and health care to defense. That’s why public- and private-sector cooperation is essential.
We can’t lose sight of new, increasing threats in the age of AI, yet we must recognize the potential of AI-powered solutions in helping us secure and protect at machine-scale.
Innovative technologies being implemented across industries often demand AI to move with greater velocity. AI — alongside human intelligence — will drastically improve our global cyber workforce by addressing the skills shortage, helping us stay ahead of more sophisticated threats.
If leveraged responsibly, AI offers a massive opportunity. It can empower people to do their best work securely and efficiently to build a resilient global economy. We must treat security as a basic human right.