Former Rep. Mike Rogers represented Michigan in the U.S. House from 2001-15, and as chairman of the Permanent Select Committee on Intelligence from 2011 until his retirement in January. In that role, he was responsible for writing the policies that American intelligence officials use to respond to threats around the globe.
Since Rogers left office, the country has seen an increase in the severity of security threats around the globe, particularly from China. Hackers linked to the Chinese government breached the Office of Personnel Management in June, stealing files on more than 22 million Americans. Similarly, Chinese-backed hackers have engaged in widespread commercial espionage, an activity the Obama administration aimed to stop with a bilateral September agreement.
Rogers warns that the situation could worsen as the Chinese use the stolen OPM data to target intelligence personnel and others in the defense industry. He also believes the administration’s response to the damage being done by the Chinese is inadequate, calling the September agreement a “PR stunt” and suggesting that more needs to be done to cause the Chinese “pain for their actions.”
Washington Examiner: You’ve said you expect the OPM data to be used as part of a phishing campaign. Can you expand on that?
Rogers: What we know is that the Chinese use about 80-85 percent of all the successful network penetrations by Chinese hackers, they use phishing campaigns to do that.
So when you take a look at the volume of information, which now the Chinese government is in possession of, from healthcare records to major private company breaches … If you can work to analyze all you can and synchronize that information, you can craft and conduct a sophisticated phishing campaign, very targeted at individuals of interest, and then craft those phishing emails to increase your success rate with people opening them. There aren’t many analysts out there that don’t believe that’s the case.
Examiner: How long will it take to see a campaign of that nature in effect?
Rogers: I think you’ll see it in spurts. I think you’ll see some short-term, they’ll give it a whirl, they’ll gauge their success, and I think as they better understand the data they have stolen, you’ll see a more accurate, more defined phishing campaign targeted at people they’re very interested in.
This is an intelligence bonanza for Chinese military and Chinese intelligence services.
Examiner: What kind of people are of interest to them outside of intelligence agents on their soil?
Rogers: We’ve already seen circumstances and consequences like that already, including having to walk people back, according to public reports, taking people out of service, we’ve watched that happen.
That clearly is going to happen. But now you can use this information to try to identify people in the defense industry, or maybe they’ve moved on to companies that have intellectual property of value to the Chinese government. You’ll see those second and third order effects, of being able to have access to all this information in one place, being able to analyze it, and being able to craft a specific target campaign.
Examiner: You mentioned theft of intellectual property. If you were the president, what would you be doing differently with respect to commercial espionage?
Rogers: A couple of things. I would aggressively work to pass the cybersecurity information sharing bill, number one. I think that is one of the earliest and best defenses that we could put up.
Secondly, we need to find a way to raise the consequences for Chinese economic espionage. Signing an agreement where we both agree that we won’t do it tells me that they are in exactly the wrong place to push back on Chinese economic espionage. That’s concerning.
That was a PR stunt that I don’t think had any depth of analysis in what they were doing. I would pursue strongly on countervailing duties on products that we know were stolen, intellectual property stolen from the United States, repurposed and put back into the workplace. You could continue this campaign of starting to say, we’ll sanction more broadly than just the individuals who are conducting it, but their command-and-control structure for those who are engaged in cyberespionage for the purposes of stealing intellectual property, and start ramping up our ability to put sanctions on those folks. Including, by the way, not being able to use the U.S. financial services sector.
That could have a huge and significant impact. A lot of these [Peoples’ Liberation Army] senior officers also have their hands in companies related to commerce. So you’ve got to start causing them pain for their actions.
Right now, there really is no consequence. Even the indictment of the five Chinese individuals, we saw that maybe stopped them for 15 seconds. They just changed around and ramped up. By the way, we’ve seen exponential movement since then, because they know that the U.S. is not going to cause them any pain, any consequence for the sheer volume of their intellectual property theft. That’s troubling.
Examiner: Why is President Obama so hesitant to impose sanctions?
Rogers: Well, clearly the agreement was, candidly, laughable. The Chinese got the U.S. government a piece of paper saying they won’t conduct economic espionage going forward. Well, it’s already against the law for the U.S. to conduct economic espionage. We don’t do it. Our intelligence services don’t steal intellectual property from another country’s company and give it to the private sector in order to produce that product. We do not do it, it’s against the law.
Guys like me as chairman were there to make sure they didn’t do it. That isn’t their interest, that isn’t their mandate. So you got off on the wrong foot by elevating this notion that every country participates in economic espionage.
No, the Chinese have built their economy on stolen intellectual property. And they’ve done it at the expense of American jobs and American prosperity. Signing that document just told me whoever was advising the president didn’t understand what the threat was on economic espionage. Not even close.
Examiner: CIA Director John Brennan was hacked, reportedly by a teenager. What’s the takeaway from that incident?
Rogers: It shows you how pervasive and how easy a crafted campaign can be. None of that was classified, it was his old email, but it just shows you that these tactics, even in this era of rising understanding, our networks, our personal information is incredibly vulnerable.
Our takeaway ought to be, everyone should pay attention to this. [In 2013], our hackers got ahold of very personal, intimate photos of actresses in California, that was bad enough, now you have this particular case … I hope it serves as awareness that if this guy’s emails were hacked, what can happen to you. It tells you how unsafe the information that we have in our emails is, and the kind of things we’re going to have to do to protect it
Examiner: The European Parliament passed a resolution calling for member countries to drop criminal charges against Edward Snowden. What do you make of that?
Rogers: I’ve had discussions with the EU Parliament, and there is a fundamental difference between the EU and member nation-states engagement and espionage.
I think it’s critical before they move forward and damage U.S. relations about somebody who, by the way, is a wanted criminal — they didn’t just vote on this as some opinion or political issue. Even though it has no basis, it is a bit offensive, and as Americans we should take it as offensive, that they would grant someone who is wanted under the charge of theft of government property and espionage, that they would encourage any asylum.
The EU, as we’ve learned, has no jurisdiction over their member states’ security apparatuses. Until they have some better understanding, it’s probably best they don’t make those irresponsible votes, especially when the threat to Europe is increasing daily, with [the Islamic State] talking about trying to filter jihadists into these countries, we know the Russians are aggressively pushing on all the EU nations, and voting to support an individual who again is wanted by the U.S. for criminal charges, who is in the loving arms of a [Federal Security Service] agent in Moscow, probably isn’t going to bode well for strong relationships moving forward.
Examiner: Do you think the DoJ should respond to Snowden’s offer for a plea deal?
Rogers: I think he should come back and face charges. The damage he’s done is pretty significant. The more they know, the more we realize. He came out a few months ago and said he hadn’t even read all the classified files that he stole. Now they’re in the hands of the Russians, and many believe the hands of Chinese intelligence services as well.
Related Story: http://www.washingtonexaminer.com/article/2576841
So if he wants to plead guilty to the full count, I would take that plea. If not, then he needs to present himself to the authorities in the U.S. and go to trial. If he really thinks he’s innocent, he should do exactly that. I doubt any of those things are going to happen. I would not try to cut some special deal just to get him to return. Life can be pretty miserable under [Vladimir] Putin’s Moscow and the Russian Federation, and he should enjoy every bit of that misery.
