Clapper Places Cyber at Top of Transnational Threat List

By Jim Garamone American Forces Press Service WASHINGTON, March 12, 2013 – Ten years ago, the idea that cyber posed a leading threat against the United States would be laughed at. But no one is laughing any more. James R. Clapper, the director of national intelligence, testified before the Senate Select Committee on Intelligence today, and cyber led off his presentation of transnational threats. Threats are more diverse, interconnected and viral than at any time in American history, the director said. “Attacks, which might involve cyber and financial weapons, can be deniable and unattributable,” he said in his prepared testimony. “Destruction can be invisible, latent and progressive.” In such a world, the role of intelligence grows, and finding ways to increase the efficiency of the intelligence community becomes paramount, Clapper said. “In this threat environment, the importance and urgency of intelligence integration cannot be overstated,” he added. “Our progress cannot stop. The intelligence community must continue to promote collaboration among experts in every field, from the political and social sciences to natural sciences, medicine, military issues and space.” Clapper explained that cyber threats are broken into two terms: cyberattacks and cyberespionage. Cyberattacks aim at creating physical effects or to manipulate, disrupt or delete data. “It might range from a denial-of-service operation that temporarily prevents access to a website to an attack on a power turbine that causes physical damage and an outage lasting for days,” he said. Cyber espionage refers to stealing data from a variety of sources. The threat is growing, Clapper said, but is not here just yet. “We judge that there is a remote chance of a major cyberattack against U.S. critical infrastructure systems during the next two years that would result in long-term, wide-scale disruption of services, such as a regional power outage,” Clapper said. State actors with the skills to do this, such as Russia and China, are unlikely to launch such an attack, he said, and other states or organizations do not have these skills. “However, isolated state or nonstate actors might deploy less sophisticated cyberattacks as a form of retaliation or provocation,” he added. “These less advanced but highly motivated actors could access some poorly protected U.S. networks that control core functions, such as power generation, during the next two years, although their ability to leverage that access to cause high-impact, systemic disruptions will probably be limited.” A number of attacks already have taken place, including numerous denial-of-service attacks against U.S. banks. In August, someone attacked the Saudi oil company Aramco, rendering 30,000 computers unusable. A more insidious cyber threat comes from foreign intelligence and security services that have penetrated numerous computer networks of U.S. government, business, academic and private-sector entities, Clapper said. “Most detected activity has targeted unclassified networks connected to the Internet, but foreign cyber actors are also targeting classified networks,” he said. “Importantly, much of the nation’s critical proprietary data are on sensitive, but unclassified, networks -- and the same is true for most of our closest allies.” Cyber thieves and spies are targeting and collecting sensitive U.S. national security and economic data, almost certainly allowing adversaries to close the military technological gap, Clapper said. “It is very difficult to quantify the value of proprietary technologies and sensitive business information and, therefore, the impact of economic cyber espionage activities,” he acknowledged. “However, we assess that economic cyber espionage will probably allow the actors who take this information to reap unfair gains in some industries.” U.S, intelligence agencies track cyber developments among terrorist groups, activist hackers and cyber criminals, the intelligence director said. “We have seen indications that some terrorist organizations have heightened interest in developing offensive cyber capabilities,” he added, “but they will probably be constrained by inherent resource and organizational limitations and competing priorities.” Activist hackers -- known as “hacktivists,” -- target a wide range of companies and organizations in denial-of-service attacks, but intelligence professionals have not observed a significant change in their capabilities or intentions during the last year, Clapper said. “Most hacktivists use short-term denial-of-service operations or expose personally identifiable information held by target companies, as forms of political protest,” he said, adding that this could change. Cyber criminals also threaten U.S. economic interests. “They are selling tools, via a growing black market, that might enable access to critical infrastructure systems or get into the hands of state and non-state actors,” the director said. Some companies abet these groups, he told the panel, selling computer intrusion kits to all comers.