NEW YORK (Reuters) - Other nations are increasingly employing cyber attacks without “any sense of restraint,” a top U.S. cybersecurity official said on Friday, citing “reckless” behaviours that neither the United States nor the Soviet Union would have dared at the height of Cold War tensions.
Debora Plunkett, of the secretive National Security Agency, whose responsibilities include protecting U.S. government computer networks, predicted that Congress would pass long-stalled cybersecurity legislation within the next year.
Lawmakers failed this summer to overcome disputes over cybersecurity regulations for private firms such as utilities.
Plunkett, head of the NSA’s Information Assurance Directorate, the agency’s cyber-defence arm, told a university audience that “we’re starting to see nation-state resources and expertise employed in what we would characterize as reckless and disruptive, destructive behaviours.”
Even during the Cold War, blocs of nations allied with the United States or with the Soviet Union worked to undermine each other, but still operated with a sense of restraint, she said.
“Some of today’s national cyber actors don’t seem to be bound by any sense of restraint,” she told a forum at the Polytechnic Institute of New York University.
Officials from the Obama administration and Congress have called for stronger cyber security, accusing China and Russia of hacking U.S. computer networks for economic gain, espionage and other motives.
U.S. standing to complain about other nations’ cyber attacks has been undermined, however, by disclosures that Washington, along with Israel, launched sophisticated offensive cyber operations of its own against Iran to try to slow that nation’s suspected quest for a nuclear weapon.
U.S. officials have not publicly acknowledged that effort and almost never speak of U.S. offensive capabilities in public.
When asked how large a threat hacking from China, Russia and other countries posed to the United States, Plunkett said: “Significant. I don’t know how else to describe it.”
Plunkett’s comments from the normally tight-lipped NSA reflect a growing concern among U.S. officials, lawmakers and agency heads about the country’s cyber security.
Security software maker Symantec Corp said on Friday that a hacker group that attacked Google Inc in 2009 - an operation later dubbed Operation Aurora - had since launched hundreds of other cyber assaults, focusing on defence companies and human rights groups.
Cybersecurity experts widely believe the Google attacks originated from China. Chinese officials have denied their country is a source of cyber attacks against the United States
Symantec said the group had used a technique that enabled attackers to hack into highly secured systems. That suggested the hackers were either a large criminal group, backed by a nation-state, or a nation-state itself, Symantec said.
In July, General Keith Alexander, head of the NSA, said during an interview at the Aspen Security Forum in Colorado, that the number of computer attacks from hackers, criminal gangs and foreign nations on American infrastructure had increased 17-fold from 2009 to 2011.
“The trend exists and we have to be prepared for it and think that it will only get worse because I believe that it will,” Plunkett said.
U.S. lawmakers in August stalled cyber legislation that would enable companies and the government to share information about hacking and create a set of voluntary cybersecurity standards for companies in charge of critical infrastructure like energy, water and transportation.
With the Nov 6 congressional and presidential elections looming, observers say cyber security will be overshadowed by issues like taxes and spending.
“I am thrilled that the conversation is happening. Am I disappointed that we’re not there? Sure ... I predict we’re going to have legislation. It will happen ... and I‘m also pretty convinced that one year after it happens, we’ll think it’s not enough,” Plunkett said.
Editing by Warren Strobel and Peter Cooney