WASHINGTON (Reuters) - The United States is losing enough data in cyber attacks to fill the Library of Congress many times over, and authorities have failed to stay ahead of the threat, a U.S. defense official said on Wednesday.
More than 100 foreign spy agencies were working to gain access to U.S. computer systems, as were criminal organizations, said James Miller, principal deputy under secretary of defense for policy.
Terrorist groups also had cyber attack capabilities.
“Our systems are probed thousands of times a day and scanned millions of times a day,” Miller told a forum sponsored by Ogilvy Washington, a public relations company.
He said the evolving cyber threat had “outpaced our ability to defend against it.”
“We are experiencing damaging penetrations — damaging in the sense of loss of information. And we don’t fully understand our vulnerabilities,” Miller said.
His comments came as the Obama administration develops a national strategy to secure U.S. digital networks and the Pentagon stands up a new military command for cyber warfare capable of both offensive and defensive operations.
The Senate last week confirmed National Security Agency Director Keith Alexander to lead the new U.S. Cyber Command, which will be located at Ft. Meade, Maryland, the NSA’s headquarters.
Miller suggested the new organization, which is expected to be fully operational in October, had its work cut out for it.
Among its challenges are determining what within the spectrum of cyber attacks could constitute an act of war.
Miller said the U.S. government also needed to bolster ties with private industry, given potential vulnerabilities to critical U.S. infrastructure, like power grids and financial markets.
Hackers have already penetrated the U.S. electrical grid and have stolen intellectual property, corporate secrets and money, according to the FBI’s cybercrime unit. In one incident, a bank lost $10 million in cash in a day.
“The scale of compromise, including the loss of sensitive and unclassified data, is staggering,” Miller said. “We’re talking about terabytes of data, equivalent to multiple libraries of Congress.”
The Library of Congress is the world’s largest library, archiving millions of books, photographs, maps and recordings.
U.S. officials have previously said many attempts to penetrate its networks appear to come from China.
Google announced in January that it, along with more than 20 other companies, had suffered hacking attacks that were traced to China. Google cited those attacks and censorship concerns in its decision to move its Chinese-language search service from mainland China to Hong Kong.
Miller took an example from the Cold War playbook to explain how the United States military would need to prepare for fallout from a cyber attack, which could leave cities in the dark or disrupt communications.
In the 1980s, the Pentagon concluded that the military needed to prepare to operate in an environment contaminated by the use of weapons of mass destruction.
“We have a similar situation in this case. We need to plan to operate in an environment in which our networks have been penetrated and there is some degradation,” he said.
One of the challenges Miller singled out was the development of enough U.S. computer programmers in the future.
“In the next 20 to 30 years, other countries including China and India will produce many more computer scientists than we will,” he said. “We need to figure out how to not only recognize these trends but take advantage of them.”
Editing by Paul Simao