CYBERCOM Chief Says More Industry Heads Will Roll After Hacks

CYBERCOM Chief Mike Rogers

CYBERCOM Chief Mike Rogers Marcio Jose Sanchez/AP

At federal agencies, bosses have been slow to take the blame for hacks.

This story has been updated. 

The commander of the military's cyberspace troops warned Monday that more corporate heads will roll as companies continue to overlook security holes.  

But at federal agencies -- and, still, in many private firms -- bosses have been slow to take the blame for hacks.

U.S Cyber Command Director Adm. Mike Rogers' remarks came a week after Donna Seymour, the chief information officer of the Office of Personnel Management, resigned following uproar over her handling of a data breach detected 10 months ago.

So far, the nation has witnessed supervisors depart after breaches at superstore Target, motion picture company Sony, and extramarital dating site Ashley Madison. 

"You're seeing the ramifications in corporations where you have major penetrations and you start to lose corporate leadership as a direct result. That is not an insignificant trend," said Rogers, who previously served as head of the Navy's Fleet Cyber Command. He was speaking from San Francisco at a cyber risk board forum hosted by NYSE Governance Services and security firm RSA. 

As a naval officer, Rogers said, he grew up in a culture of personal responsibility for failure. When a ship experiences "an issue,” the “commanding officer has ultimate accountability,” he said. “It doesn't matter if it was the middle of the night and that skipper had been up 30 hours working hard . . . ultimately accountability resides in the individual."

Rogers did not address a naval system intrusion tied to Iran discovered when he oversaw Navy information security. Reportedly, a contract with network support provider HP missing certain security clauses facilitated the breach of the unclassified Navy Marine Corps Intranet. It took Rogers and his team about four months and $10 million to boot the hackers. 

A senior defense official in 2014 told the Wall Street Journal the security weaknesses stemmed from "decisions made years ago as to what the Navy network structure should be and what kind of risk it was comfortable taking." The contract had last been updated in 2010. Rogers assumed command of Navy Cyber Fleet in 2011.

Fleet Cyber Command spokesman Lt. Cmdr. Sean Riordan told Nextgov that no one in the Navy stepped down or was forced out after the intranet hack was detected.

Former OPM Director Katherine Archuleta resigned in July 2015, but only after repeated calls from Republicans and Democrats for her and Seymour to leave the agency. 

Former Target chief executive Gregg Steinhafel in May 2014 resigned after a payment system infection in late 2013 that compromised 40 million consumer credit- and debit-card accounts. Last December, Target reached a $39 million settlement with several U.S. banks over the incident. 

The company had settled with Visa for $67 million in August 2015. Target also was forced to pay $10 million to settle a class-action case from consumers.

The Sony Pictures hack, which set loose personnel details and unreleased films, led to the resignation of former firm co-chair Amy Pascal and cost the company roughly $15 million.

Ashley Madison CEO Noel Biderman left last August after attackers leaked private information on clients. Among the data dumped online were more than 15,000 U.S. government email addresses, including some linked to members of the military where adultery is against the Code of Conduct, CNN reported. 

Speaking generally, Rogers said, "it's starting to become more and more prevalent" that a manager’s job performance is tied to cybersecurity.