Administration needs to begin publicly assigning blame for cyber attacks: Former House intel chair

U.S. President Barack Obama (R) listens to China's Vice President Xi Jinping during their meeting in the Oval Office of the White House in Washington, February 14, 2012. Obama and Xi will hold talks on Tuesday that could help boost the international stature of China's leader-in-waiting while testing Obama's ability to balance U.S.-China diplomacy with election-year pressures. REUTERS/Jason Reed (UNITED STATES - Tags: POLITICS) - RTR2XUHB

(Cyberwar.news) While the Obama administration may not be happy about government systems being hacked by foreign actors, the White House should begin publicly calling out nations that do, says the former head of the House Permanent Select Committee on Intelligence.

Also, former Michigan GOP Rep. Mike Rogers said, private industry should not be expected to be able to adequately protect and defend their information systems from sophisticated nation-state hackers, FedScoop reported.

Regarding public attribution of cyber attacks, Rogers said failure to do so makes it impossible for the cybersecurity insurance market to develop.

“I believe that we’re going to have to have the U.S. government do attribution on attacks here if we’re going to get the insurance market to work properly,” former Michigan GOP Rep. Michael Rogers told a forum at the Stimson Center.

Without naming the company, Rogers raised one case involving a private sector firm he said suffered “significant” cyber penetration “and voluntarily disclosed it, mainly because they believed and I believe as a former government official that it was the government of China that did it and stole it, now they have 109 lawsuits, and if they all win they’re in trouble. They’re going away.”

He described the victim as a “major insurance company,” but decline to elaborate.

Several major insurance companies who cover federal employees had their IT systems breached last year. In most of those instances, Chinese hackers were suspected. Significantly, none of the data stolen has showed up for sale via criminal marketplaces on the dark web.

Former Department of Homeland Security Undersecretary Bruce McConnell said the Rogers’ characterization “oversimplifies” the problem, noting that cyber insurance, like other policies, contains exclusions.

“Insurance companies are well aware of the threat landscape and write their coverage accordingly,” McConnell said.

Rogers suggested that attribution by the government might also provide some kind of legal shield for the victimized insurance company, FedScoop noted.

“If the government had publicly come out and attributed who the attacker was, it would help the defense on those lawsuits,” he said.

“[It’s] Pretty hard for a single company to defend against a nation state that according to the U.S. Naval Academy has 800,000 cyber warriors looking at trying to get into your network,” said Rogers, who left the House of Representatives last year after a decade and half.

He was chairman of the House Intelligence Committee from 2011 to 2015.

CE - Fear no Fukushima

More:

Cyberwar.news is part of the USA Features Media network. Sign up to have our daily headlines emailed directly to you here.