Spy agencies list cyberattacks, not terrorism, as top national security threat to USA

Terrorism is no longer the USA’s top threat according the Director of National Intelligence, James Clapper. Based on the “collective insights” of the Intelligence Community, top national security threats are now in the cyber arena, cyber espionage and cyberattacks.

James Clapper, Director of National Intelligence, lists cyberattacks, cyber espionage as top national security threats to US

Clapper testified [PDF] before the Senate (Select) Intelligence Committee about the “Current and Projected National Security Threats to the United States.” While discussing hacktivists, he mentioned that the Intelligence Community has seen a “significant change in their capabilities or intentions during the last year.” A “more radical group” of hacktivists “might form to inflict more systemic impacts—such as disrupting financial networks—or accidentally trigger unintended consequences that could be misinterpreted as a state-sponsored attack.”

“We track cyber developments among nonstate actors, including terrorist groups, hacktivists, and cyber criminals,” Clapper said. Regarding the threat of U.S. economic interests via cyber criminal tools sold on the black market, he said such tools “might enable access to critical infrastructure systems or get into the hands of state and nonstate actors.” Commercial companies also sell computer intrusion kits on the open market that “can give governments and cybercriminals the capability to steal, manipulate, or delete information on targeted systems. Even more companies develop and sell professional-quality technologies to support cyber operations—often branding these tools as lawful-intercept or defensive security research products. Foreign governments already use some of these tools to target US systems.”

Clapper said that some countries like “Russia, China, and Iran, focus on ‘cyber influence’ and the risk that Internet content might contribute to political instability and regime change. The United States focuses on cyber security and the risks to the reliability and integrity of our networks and systems. This is a fundamental difference in how we define cyber threats.”

Threats are more diverse, interconnected, and viral than at any time in history. Attacks, which might involve cyber and financial weapons, can be deniable and unattributable. Destruction can be invisible, latent, and progressive.

Spy agencies list cyberattacks, not terrorism, as top national security threat to USA

That particular portion of Clapper’s testimony reminded me of an interesting paper titled ‘Cyber Perfidy,’ written by Professor Neil C. Rowe. “Cyber perfidy can be defined as malicious software or hardware masquerading as ordinary civilian software or hardware.” Both “Stuxnet and its associated malware” are examples of cyber perfidy.

“Unfortunately, cyber perfidy is more central to cyberwarfare than traditional perfidy is to conventional warfare,” Rowe explained. It “can be identified whenever malicious software or hardware pretends to be ordinary software or hardware, where its goal is to harm software or hardware as part of a military operation.”

An analogy in conventional warfare would be a well. Generally speaking, poisoning a well is not acceptable by the laws of warfare, although it could provide the important tactical advantage of forcing a civilian population to move on. In a village where a communal well is the only source of water, poisoning it would be attacking a resource too central to the civilian community to satisfy the criterion of discriminability of civilian targets from military ones. It is even more a war crime if the poisoning is not announced and people start dying without knowing the cause. Cyber perfidy is similar to the poisoning without announcement, since the effectiveness of cyberattacks generally depends on keeping them secret as long as possible.

An example of a potential effect of “tampering with software or hardware in cyber perfidy” might be when ”the service can be modified to actually harm people, such as launching attacks against water treatment plants or hospital computer systems.” While he lists possible objections to the concept of cyber perfidy, Rowe conceded that cyberweapons are relatively new and may become “an accepted part of future warfare.” Back before torpedoes were a normal part of warfare, people objected that they were uncivilized weapons.

In conclusion, Rowe said that “the laws of war need to address cyberweapons from a fresh perspective. Clearly certain aspects of cyberweapons could be highly dangerous. Cyber perfidy would seem a good thing to prohibit in the laws of war because of its uncontrollability and destabilizing effects. It is, however, just one of the many ethical problems raised by cyberwarfare.”

I encourage you to read Rowe’s interesting Cyber Perfidy paper in full and perhaps also “Testing deception tactics in response to cyberattacks.”

You might also read Clapper’s testimony [PDF]. He did of course mention both North Korea and Iran, as well other “threats” to the USA now that Al-Qaeda no longer poses a major threat to launch complex attacks. But North Korea is worrisome to most Americans as it’s like a child having the capability to launch a nuclear weapon during a temper tantrum. Clapper said the Intelligence Community assesses “with low confidence that the North would only attempt to use nuclear weapons against U.S. forces or allies to preserve the Kim regime, we do not know what would constitute, from the North’s perspective, crossing that threshold.”

Regarding budget cuts, Clapper asked for the funding not to be inflexible. “All we want is to be treated the same as the Department of Defense.” To which Sen. Barbara Mikulski said “an amendment to help intelligence agencies avoid some of the pain of budget cuts would be a ‘poison pill’ that prevents the Senate from passing the funding measure needed to keep the government running beyond March 27.”

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon