Little if anything is beyond the reach of cybercriminals, US admiral says

In this increasingly connected world, little if anything is beyond the reach of a determined cybercriminal, Adm. Michael Rogers, commander of U.S. Cyber Command, said Wednesday at an internet security conference.

"We're entering a world where literally nothing seems to be beyond the reach or intent of someone out there to try and access it, and often for a variety of purposes," he said.

His comments came during a panel discussion at the Cambridge Cyber Summit, co-sponsored by CNBC, MIT and The Aspen Institute.

The problem is compounded by growing mistrust of the U.S. government from citizens, which makes it harder than ever for agencies and law enforcement to keep its citizens safe, he said.

"We have to acknowledge that right now as a society we have broad distrust of the mechanisms and structures of government," he said.

Congress and other institutions of government are no longer held in the regard they once were, he said. The big challenge is creating the mechanisms of government that will enable government agencies to do their job in a way that is acceptable to Americans, he added.

Admiral Michael S. Rogers speaking that Cambridge Cyber Summit in Boston on Oct. 05, 2016.
David A. Grogan | CNBC

Government agencies have traditionally accessed citizens' phone records for information on those it believed posed a threat — an accepted practice. As a nation, we have previously accepted the fundamental premise that nothing is beyond the reach of the government, with appropriate oversight, said Rogers.

For whatever reason, the notion that the government is accessing citizens' emails is viewed entirely differently, though the motive of keeping people safe has not changed, said Rogers.

On the Reuters report that suggested U.S. government agencies demanded and were given unfettered access to Yahoo users' incoming emails, Rogers believes the story is "a bit speculative."

"That would be illegal," Rogers said of the idea that he could get a blanket look at all email. "We don't do that. And no court would grant us the authority to do that. We have to make a specific cast. And what the court grants is specific authority for a specific period of time for a specific purpose."

When it comes to conversations with the private sector, "we cannot vilify each other," he said. "It is not that one side's good and one side is bad."

When it comes to the creation of devices and services that will thwart court orders aimed at unlocking those devices, with the use of encryption, the big questions facing the nation is finding the middle ground, he said. Rogers acknowledged that this is a tough challenge for government, private companies and U.S. citizens to address.

"We are currently in a place where technology has outstripped our policy and our legal frameworks," he said. "That's something we as a society have to have a conversation about."

At the same time, the cyberthreat is growing.

"Every day we're watching major cyberpenetrations, theft, extraction of data on a global basis," he said.

The conference is sponsored by CNBC, MIT and The Aspen Institute.