WASHINGTON: Rep. Mike Rogers, chairman of the House intelligence committee, cast doubt today on reports that the Stuxnet and Flamer viruses were the work of the US and Israel. In fact, he argued, it’s against America’s interest to be staging any cyber attacks because the US is so vulnerable to retaliation.
“Don’t believe everything you read in the newspaper,” Rogers said of reports that both Stuxnet and Flamer were a joint US-Israeli endeavour. “I would be very, very cautious about assigning any nation-state originator to any of the [viruses]…. There was as much wrong in those [articles] as there ever was right.”
The New York Times reported earlier this month that President Obama ordered sophisticated attacks on computers used in Iran’s nuclear facilities as part of an operation called Olympic Games that began during the Bush administration. One of the tools developed as part of that effort was Stuxnet. It succeeded in disabling or destroying some of Iran’s centrifuges, used for processing nuclear materials. Flamer infested computers and allowed its designers to spy on whoever used the computer it infected.
Rogers went on to claim that the United States “does not use offensive capability.” While that may be true as a matter of policy, Gen. Keith Alexander, head of Cyber Command and the National Security Agency, has made clear that his priority is developing offensive capabilities because, quite simply, defense doesn’t get the job done in the cyber domain.
“We don’t want to throw that first punch,” Rogers said at a conference hosted by Bloomberg Government at the Newseum. America’s own private-sector networks are simply too vulnerable to a counter-attack. While there’s lots of speculation about US use of offensive cyber capabilities, he concluded, until our own networks are better protected, “today that’s probably not a good idea.”
Even a false accusation that the US has staged a cyber-attack could set off a dangerous “blame game” and lead to attacks on the US, Rogers added.
Cornered by a pack of reporters after the event, Rogers refused to say outright that Stuxnet and Flamer were or were not created and used by America. “I would not ascribe authorship of the design and implementation of that software” to any particular country, Rogers said. Of course, that non-denial could mean that Israel and America worked together to build the offensive cyber tools, that America built it and then it was deployed by Israel, or some combination thereog. “Some information was just simply not correct” in the news reports, Rogers went on, but he declined to say precisely what. That sort of agile reasoning is one reason he is chairman of the House intelligence committee.