Cyber threats to U.S. national and economic security are increasing, but a single catastrophic attack, a “Cyber Armageddon” scenario, is not likely compared to ongoing low-to-moderate level cyber attacks, James Clapper, the Director of National Intelligence (DNI), said last week.
Despite improving network defenses, the many possibilities for hacking intrusions in the supply chain, compromised hardware or software, and malevolent activity by insiders will hold information and communications technology (ICT) at threat for years, Clapper said.
In the future, cyber operations may seek to change or manipulate electronic information to comprise its integrity instead of deleting it or disrupting access, Clapper said. “Decisionmaking by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving.”
Cyber deterrence is also difficult without universally accepted and enforceable norms of behavior.
“In short, the cyber threat cannot be eliminated; rather cyber risk must be managed. Moreover, the risk calculus employed by some private sector entities does not adequately account for foreign cyber threats or the systemic interdependencies between different critical infrastructure sectors,” Clapper said in his prepared statement for the Senate Committee on Armed Services Committee hearing.
A growing number of studies by industry experts strongly suggest several nations, including Iran and North Korea, have undertaken offensive cyber operations against private sector targets in support of economic and foreign policy goals, Clapper said.
However, he noted that government and private sector security professionals have made advances in detecting and attributing cyber intrusions. Examples include the indictment of five officers of China’s Peoples’ Liberation Army on charges of hacking U.S. companies in May 2014 and security experts reporting that members of an Iranian organization were responsible for operations targeting U.S. military, transportation, public utility, and other critical infrastructure networks.
Clapper also revealed that Iranian actors have been implicated in the February 2014 cyber attack on the Las Vegas Sands casino company.
“Iran very likely values its cyber program as one of many tools for carrying out asymmetric but proportional retaliation against political foes, as well as a sophisticated means of collecting intelligence,” he said.
Clapper also highlighted other major cyber threat actors:
- Russia’s Ministry of Defense is establishing a cyber command that will be responsible for conducting offensive cyber activities. Security studies assert Russian cyber actors are developing access to industrial control systems (ICS) remotely and they have already compromised the product supply chain of three ICS vendors so customers download malware directly from vendors’ websites alone with routine software upgrades.
- Chinese economic espionage also remains a significant issues as the “advanced persistent threat” activities continue. Although it is an advanced actor, Chinese hackers often use less sophisticated cyber tools and improved defenses would make the economic espionage most costly and difficult.
- North Korean was also noted as a state actor that uses its cyber capabilities for political objectives, including the Sony Pictures hack.
- Terrorist groups have experimented with hacking and could serve as the foundation for developing more advanced capabilities. “Terrorist sympathizers will probably conduct low-level cyber attacks on behalf of terrorist groups and attract attention of the media, which might exaggerate the capabilities and threat posed by these actors.”