Navy Vice Admiral Michael Rogers, in line to become the next commander of US Cyber Command and leader of the National Security Agency, told lawmakers he’d like to see federal legislation setting forth guidelines for cybersecurity as soon as possible.
Rogers, appearing before the Senate Armed Services Committee as his nomination is mulled, called the National Institute of Standards and Technology’s recently released voluntary cybersecurity framework for critical industries “a step in the right direction.”
“But I do believe that in the end some form of legislation which addresses both the requirement and need to share information as well as trying to address the issue of setting standards for critical infrastructure, in the long run, is probably the right answer,” he added during the March 11 hearing.
When asked by committee member Richard Blumenthal, D-Conn., about the urgency for this type of legislation, Rogers responded, “The sooner the better.”
“It’s only a matter of time, I believe, before we start to see more destructive activity and that perhaps is the greatest concern of all to me,” Rogers said.
The NIST released the “living document” of principles and best practices to improve security and resiliency, Framework for Improving Critical Infrastructure Cybersecurity, following an executive order from President Obama a year ago.
Rogers, nominated by Obama in February, has been commander of the US Fleet Cyber Command since 2011.
If confirmed by the US Senate, Rogers will fill posts vacated by the March retirement of Gen. Keith Alexander, who served as CYBERCOM commander since 2010 and the head of the NSA since 2005. By law, CYBERCOM must be headed by a military officer.
In his opening remarks, Rogers said the US faces a “growing array of cyber threats from foreign intelligence services, terrorists, criminal group and hacktivists with increasing capability to steal, manipulate or destroy information and networks.”