US Military: Cyber-Attacks Top List Of Threats

In comments at separate congressional hearings, the leaders of the US intelligence efforts and of the nation’s quickly growing Cyber Command warned that cyber operations by nation-states and rogue actors have become a major concern for the country, eclipsing the threat of terrorism and weapons of mass destruction.

In his delivery of the worldwide threat assessment to the US Senate Select Committee on Intelligence on 12 March, Director of National Intelligence James Clapper led his list of global threats with the current cyber operations against the nation’s interests, indicating that cyber-attacks and espionage are having more impact today than terrorism or the threat of weapons of mass destruction.

Bank attacks

Recent attacks on US banks, the destructive virus that deleted data from 30,000 workstations at Saudi Aramco, and the wholesale theft of sensitive data by various nations – chief among them China – had weakened the United States’ technological advantage, Clapper said in his prepared remarks (pdf).

“We assess that highly networked business practices and information technology are providing opportunities for foreign intelligence and security services, trusted insiders, hackers, and others to target and collect sensitive US national security and economic data,” Clapper said. “This is almost certainly allowing our adversaries to close the technological gap between our respective militaries, slowly neutralising one of our key advantages in the international arena.”

The assessment comes a few weeks after incident response firm Mandiant issued a report that outlined the overwhelming evidence supporting assertions that China is the nation behind at least one massive espionage campaign in cyberspace.

However, while cyber-espionage has become common, cyber-sabotage will continue to be rare, Clapper said. A successful attack on critical infrastructure is unlikely, for example, because rogue actors tend not to have the technical skills and more sophisticated nation-state adversaries would be unlikely to attack outside of wartime, he said.

Technical expertise

“The level of technical expertise and operational sophistication required for such an attack – including the ability to create physical damage or overcome mitigation factors like manual overrides – will be out of reach for most actors during this time frame,” Clapper said. “Advanced cyber actors – such as Russia and China – are unlikely to launch such a devastating attack against the United States outside of a military conflict or crisis that they believe threatens their vital interests.”

In a separate hearing, Gen. Keith Alexander, commander of the US Cyber Command, supported Clapper’s statements, saying that nation-states are unlikely to conduct major attacks through the Internet unless at war.

“We have some confidence in our ability to deter major state-on-state attacks in cyberspace but we are not deterring the seemingly low-level harassment of private and public sites, property, and data,” Alexander said in prepared remarks at a 12 March hearing before the US Senate Committee on the Armed Services. “States and extremist groups are behaving recklessly and aggressively in the cyber environment.”

The US Cyber Command is quickly ramping up its operations, and plans to hire up to 5,000 cyber-savvy soldiers to staff its operations.

Are you a security pro? Try our quiz!

Originally published on eWeek.