China is one of the sovereign actors Rogers named as regularly doing cyber-reconnaissance missions that might enable them to actually take down essential U.S. systems. News reports identified Iran and Russia as suspected others.
Writing about the hearing for the website Just Security, UCLA law professor Kristen Eichensehr noted that "the committee members and Adm. Rogers suggested that two things are needed to address these threats: cyber threat information sharing legislation and international norms of behavior for cyberspace."
Rogers told the representatives, "We need a legal framework that enables us to rapidly share information, machine to machine, and at machine speed, between the private sector and the government." But that looks unlikely.
The House passed a bipartisan bill sponsored by the Committee's leadership "to permit sharing of cyber threat information between the private sector and the government," Eichensehr observes. But it "drew a veto threat from the White House and generated broad public opposition due to privacy concerns about the businesses providing Internet users' information to the government."
The chairwoman and ranking member of the Senate Intelligence Committee, Dianne Feinstein (D-Cal.) and Saxby Chambliss (R-Ga.) are pushing for a vote on their alternative cybersecurity bill during the current lame duck session of Congress. It would protect companies from liability and safeguard their trade secrets if they share information with competitors and the federal government.
Rogers did not offer much hope as to international norms. That being the case, he said that merely staying on the defensive is a "losing strategy." The admiral added, "We need to define what would be offensive, what would be an act of war."
The admiral's testimony comes on the heels of a report by the Pew Research Center's Internet Project that said more than 60 percent of technology experts predicted a major cyber attack before 2025 that would cause "significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars."
The full report is available here.
Some say the threat is exaggerated or manufactured by contractors eager to cash in on defensive spending. Others say that U. S. capabilities are sufficient to deter a crippling cyber-attack, at least by state actors.
But given the stakes, can we afford to take that chance? And what about non-state actors ranging from Islamic extremists to homegrown terrorists?
The public should, indeed must, engage on this subject with the same passion it brings to the topic of illegal immigration. Yes, cybersecurity seems somewhat abstract whereas immigration involves flesh and blood human beings, but a cyber attack could carry catastrophic consequences for vastly more people.
Voters have to make their congressional representatives and the 2016 presidential contenders discuss this issue in specific terms. Vague generalities simply will not do. It would not hurt, of course, if President Obama showed some leadership on the issue in the meantime.
This is not a happy topic as Americans gather around their Thanksgiving tables. We can at least be thankful that a cyber disaster has not happened yet and that there are some voices like Admiral Rogers and those in Congress who are crying out in the wilderness about this literally life or death threat to American security.
John David Dyche is a Louisville attorney and a political commentator for WDRB.com. His e-mail is email@example.com. Follow him on Twitter @jddyche.
Copyright 2014 WDRB News. All rights reserved.