Intelligence officials: U.S. needs to rethink how to respond to hacks

WASHINGTON — Top American intelligence officials told Congress on Thursday that the nation needs to become more effective in responding to cyberattacks, saying that foreign governments are ever more capable and willing to break into American computer networks.

Adm. Michael S. Rogers, director of the National Security Agency, told a Senate committee that China could mount a Russian-style meddling campaign if it wanted, and that Iran, North Korea and even terrorist groups pose a threat. The United States needs to be better prepared to respond, he said.


"The biggest frustration to me is speed, speed, speed," Rogers said. "I'm constantly asking the team, 'What can we do to be faster and more agile? How do we organize ourselves? What's the construct that makes the most sense?' We can't be bound by history and tradition."

Among the changes could be a major shake-up in coming months at Fort Meade, where both the NSA and the military Cyber Command are based. Rogers currently leads both organizations, but President Barack Obama and other senior officials have recently recommended splitting the job and giving the two organizations more independence.


Rogers and other intelligence officials addressed the committee in advance of next week's release of their report into Russian interference in the presidential election. The Russian meddling — hacking into the emails of the Democratic Party and Hillary Clinton's campaign chairman, and leaking private messages — is the latest in a string of major cyberattacks in recent years. China is believed to have stolen the personnel records of some 20 million federal government employees, and North Korea was blamed for leaking and destroying files from Sony Pictures Entertainment.

President Barack Obama was briefed Thursday on an intelligence community report on the Russian campaign, the White House said. James Clapper, the national intelligence director, said he expected an unclassified version would be released to the public next week, providing the most detailed account of the attacks to date. Clapper was reluctant to share details from the report, but told senators it would discuss the Russian government's motivations and describe elements of the campaign beyond the email hacks.

"This was a multifaceted campaign," Clapper said. "The hacking was only part of it. It also entailed classical propaganda, disinformation, fake news."

The government has struggled to come up with effective ways to respond to the attacks.

The intelligence community and the Department of Homeland Security first accused Russian officials of directing the election hacking campaign on Oct. 7. The government took public steps to censure Russia only last week, imposing sanctions and expelling Russian diplomats suspected of being spies. A Russian-owned country retreat on Maryland's Eastern Shore, which U.S. officials said was being used for collecting intelligence, was closed as part of the response.

President-elect Donald Trump, who is scheduled to be briefed on the findings Friday, has previously expressed deep skepticism about the intelligence community's conclusions. It's not clear whether he will uphold the Obama administration's efforts to rein Russia in.

The NSA and Cyber Command play a major role in keeping the nation's computers safe and also in conducting military strikes and espionage over computer networks. When Cyber Command was established in 2009 it was yoked to the NSA so that it could benefit from the older, larger intelligence agency's tools and expertise.

But as the job of leading the two has become more demanding, officials have urged splitting them apart. Obama said he strongly backed that view in a statement issued last month when he signed the annual defense policy law.


"The two organizations should have separate leaders who are able to devote themselves to each organization's respective mission and responsibilities, but should continue to leverage the shared capabilities and synergies developed under the dual-hat arrangement," the president wrote.

The law also boosts the status of Cyber Command, putting it on equal footing with the top-level organizations the Defense Department uses to carry out missions across the globe.

Trey Herr, a fellow at Harvard University who studies cybersecurity, said separating the two could help the Defense Department better figure out how to use hacking and other tools to support military operations.

"That's going to get muddled and happen more slowly as part of an intelligence organization," he said.

Mike Hayes, a retired Marine general who oversees the Maryland state government's relationship with military bases, said the changes should lead to more contracting opportunities for private businesses and could see additional personnel assigned to Fort Meade in the short term.

Clapper suggested during Thursday's hearing that the government should create an information agency to counter Russian propaganda efforts.


Setting up agencies and building cybersecurity tools is only part of the challenge the government faces. Officials also have to consider difficult questions about the appropriate response to cyberattacks by other countries and how to deter future attacks. Clapper said that countering hacks with hacks might not be the best option.

"We should consider all instruments of national power," Clapper said. "To date, noncyber tools have been more effective in changing our adversaries' cyber behavior."

But Sen. John McCain, who called the hearing, said the government lacks a policy for how to respond to major hacks, a criticism he has leveled in the past.

"I've asked time after time: What do you do in the case of an attack?" said McCain, the chairman of the Senate Armed Services Committee. "There's not been an answer.

"Unless we have specific instructions for these wonderful men and women who are doing all this work, then they're going to be bystanders and observers."