At a House Intelligence Committee hearing, Michael Rogers, director of the National Security Agency and commander of U.S. Cyber Command, warned that multiple foreign governments are conducting regular electronic surveillance of the United States and are positioning themselves to disrupt critical control systems.
“It is easy to cover up a cyberattack with the right know-how,” Rogers said, stressing the difficulty of attributing digital intrusions compared with physical attacks.
Independent cybersecurity experts have long warned of this possibility, but this was the first time such a threat was confirmed so directly by the nation’s top cyber official. Rogers emphasized that a significant incident is not a question of if but when: “It is only a matter of when, not if, we are going to see something dramatic.”
The claim may not surprise those who follow developments in surveillance and cyber operations. Governments around the world, including the United States, are investing in both defensive and offensive cyber capabilities. U.S. Cyber Command is widely reported to possess tools that could intrude upon and damage other countries’ critical infrastructure, though Rogers declined to discuss specific offensive techniques or capabilities at the hearing.
As cities and industries adopt more internet-connected systems in pursuit of automation and “smart city” initiatives, the attack surface grows. More critical infrastructure online means more opportunities for disruption. In cyberspace, Rogers noted, actors can often act with impunity: “You can literally do almost anything you want and there is not a price to pay for it,” he said, underscoring the challenge of deterrence and attribution in the digital domain.
Pressed by Representative Mike Rogers of Michigan about which countries besides China might have comparable capabilities, the NSA director responded that “one or two others” possess similar capacities but declined to identify them, citing classified information.
The U.S. government is grappling with how to define the threshold at which a cyber intrusion constitutes an act of war. That debate reflects a difficult balance: accepting that intrusions will occur while determining which systems should be considered off-limits and warrant a military response. Observers have also questioned whether public statements like Rogers’s are intended to warn adversaries, to shape public perception, or to deflect criticism of the NSA’s own surveillance practices.
The growing interconnectedness of critical infrastructure, combined with advances in offensive cyber capabilities, makes cyber conflict an increasingly significant national security concern. Policymakers face the twin challenges of improving resilience and developing clear, enforceable norms that deter malicious behavior without escalating tensions unnecessarily.
Do you think cyberwarfare is a significant concern? Share your thoughts in the comments.