Threats to the nation’s computer networks and systems continue to mount, but for now a “catastrophic” cyber attack is unlikely, the nation’s top intelligence official reported on Thursday.
The nation’s unclassified networks “remain vulnerable to espionage and/or disruption,” Director of National Intelligence (DNI) James Clapper stated in a report, but “the likelihood of a catastrophic attack from any particular actor is remote at this time.”
Clapper testified before the Senate Armed Services Committee on the subject of worldwide threats and delivered a 29-page report to the panel on the intelligence community’s assessment of the global threat.
“Rather than a ‘Cyber Armageddon’ scenario that debilitates the entire U.S. infrastructure, we envision something different,” the report says.
The types of cyber attacks facing critical infrastructures in the United States will continue to be at “low-to-moderate” levels, “which will impose cumulative costs on U.S. economic competitiveness and national security,” the report says. The risks of attacks against unclassified networks will remain “for years to come,” even though network defenses are improving, it says.
The DNI’s report says China, Iran, North Korea and Russia have conducted cyber attacks and espionage against the private sector and government. However, it says that some private sector entities fail to “adequately account for foreign cyber threats or the systemic interdependencies between different critical infrastructure sectors.”
On the positive side, the report notes that cyber attackers don’t enjoy the complete anonymity they once did.
“Although cyber operators can infiltrate or disrupt targeted ICT (information and communication technology) networks, most can no longer assume that their activities will remain undetected,” the report says. “Nor can they assume that if detected, they will be able to conceal their identities.”
Strides attributing the origin of cyber attacks and the attackers themselves have been made by both the government and private sector, the report says. However, attribution can be time consuming, which helps “reinforce a permissive environment” in which cyber attackers continue to remain undeterred, it says.
Regarding terrorists use of cyber, the report says they will “continue to experiment with hacking,” which in turn could lead to greater capabilities. Sympathizers will lend a hand here with “low-level cyber attack,” attracting media attention that “might exaggerate the capabilities and threat posed by these actors,” it says.
Clapper’s report comes a day after President Barack Obama directed that the DNI establish a new Cyber Threat Intelligence Integration Center (CTIIC) that will support existing federal entities charged with cyber security and network defense by “connecting-the-dots” related to foreign and other cyber incidents affecting U.S. national interests. The CTIIC is expected to be a relatively small organization consisting of about 50 personnel drawn from relevant federal agencies, according to the White House.