China and at least one other country are capable of hacking into critical infrastructure such as the electric power grid or water systems, potentially causing "catastrophic failures" that could kill Americans or damage property, the head of the National Security Agency confirmed publicly for the first time Thursday.
“The cyber challenges we’re talking about are not theoretical. This is something real," said Adm. Michael Rogers, who also leads U.S. Cyber Command.
He said his agency has detected "nation-states" probing critical infrastructure and industrial control networks, looking for vulnerabilities, and investing in the capability to damage or destroy those systems.
“All of that leads me to believe it is only a matter of the when, not the if, that we are going to see something dramatic,” Rogers said.
Though U.S. officials have long warned of a potential "cyber Pearl Harbor," this was the first time a senior official has confirmed that hackers working for a foreign government have the capability to pull it off.
House Intelligence Committee Chairman Rep. Mike Rogers, R-Mich., and ranking Democrat C.A. "Dutch" Ruppersberger, D-Md., both said the NSA chief's chilling assessment was proof of the need for Senate action on cybersecurity legislation before the end of the year.
The House passed a bill in July that would allow the government and private industry to share information about cyber vulnerabilities and better defend against cyber attacks. But a companion bill has stalled in the Senate over concerns about privacy and security.
If the legislation is not sent to President Obama before the 114th Congress convenes Jan. 6, lawmakers will have to start over, just as they did two years ago when previous cybersecurity legislation stalled for similar reasons.
“We need to move quickly to reconcile these two issues and pass this legislation. The threat is not going to wait," Ruppersberger said.
Though the cybersecurity legislation deals with shielding computer networks from attack and not the collection of intelligence, the debate over it has been clouded by the scandal involving the NSA's collection of data on U.S. citizens and the failure Tuesday of the Senate to move legislation to rein in the agency's surveillance programs, effectively killing it until the next Congress.
Rogers, the panel's chairman, addressed the concerns by noting that while the NSA isn't accessing Americans' private information, the Russians, the Chinese and the Iranians are as long as network vulnerabilities remain unplugged.
Ruppersberger, for his part, ticked off the multiple protections for Americans' privacy in the cybersecurity legislation.
"The checks and balances that we have in this legislation are the most stringent of any country in the world," he said.