Nouvelle page 1
Clapper Places Cyber at Top
of Transnational Threat List
By Jim Garamone, American Forces
Washington D.C. – (AFPS)
– March 12, 2013 – Ten years ago, the idea that cyber posed a leading threat
against the United States would be laughed at. But no one is laughing any more.
James R. Clapper, the director of national intelligence,
testified before the Senate Select Committee on Intelligence today, and cyber
led off his presentation of transnational threats.
Threats are more diverse, interconnected and viral than at
any time in American history, the director said.
“Attacks, which might involve cyber and financial weapons,
can be deniable and unattributable,” he said in his prepared testimony.
“Destruction can be invisible, latent and progressive.”
In such a world, the role of intelligence grows, and finding
ways to increase the efficiency of the intelligence community becomes paramount,
Clapper said. “In this threat environment, the importance and urgency of
intelligence integration cannot be overstated,” he added. “Our progress cannot
stop. The intelligence community must continue to promote collaboration among
experts in every field, from the political and social sciences to natural
sciences, medicine, military issues and space.”
Clapper explained that cyber threats are broken into two
terms: cyberattacks and cyberespionage. Cyberattacks aim at creating physical
effects or to manipulate, disrupt or delete data. “It might range from a
denial-of-service operation that temporarily prevents access to a website to an
attack on a power turbine that causes physical damage and an outage lasting for
days,” he said. Cyber espionage refers to stealing data from a variety of
The threat is growing, Clapper said, but is not here just yet.
“We judge that there is a remote chance of a major cyberattack against U.S.
critical infrastructure systems during the next two years that would result in
long-term, wide-scale disruption of services, such as a regional power outage,”
State actors with the skills to do this, such as Russia and
China, are unlikely to launch such an attack, he said, and other states or
organizations do not have these skills.
“However, isolated state or nonstate actors might deploy less
sophisticated cyberattacks as a form of retaliation or provocation,” he added.
“These less advanced but highly motivated actors could access some poorly
protected U.S. networks that control core functions, such as power generation,
during the next two years, although their ability to leverage that access to
cause high-impact, systemic disruptions will probably be limited.”
A number of attacks already have taken place, including
numerous denial-of-service attacks against U.S. banks. In August, someone
attacked the Saudi oil company Aramco, rendering 30,000 computers unusable.
A more insidious cyber threat comes from foreign intelligence
and security services that have penetrated numerous computer networks of U.S.
government, business, academic and private-sector entities, Clapper said. “Most
detected activity has targeted unclassified networks connected to the Internet,
but foreign cyber actors are also targeting classified networks,” he said.
“Importantly, much of the nation’s critical proprietary data are on sensitive,
but unclassified, networks -- and the same is true for most of our closest
Cyber thieves and spies are targeting and collecting
sensitive U.S. national security and economic data, almost certainly allowing
adversaries to close the military technological gap, Clapper said.
“It is very difficult to quantify the value of proprietary
technologies and sensitive business information and, therefore, the impact of
economic cyber espionage activities,” he acknowledged. “However, we assess that
economic cyber espionage will probably allow the actors who take this
information to reap unfair gains in some industries.”
U.S, intelligence agencies track cyber developments among
terrorist groups, activist hackers and cyber criminals, the intelligence
director said. “We have seen indications that some terrorist organizations have
heightened interest in developing offensive cyber capabilities,” he added, “but
they will probably be constrained by inherent resource and organizational
limitations and competing priorities.”
Activist hackers -- known as “hacktivists,” -- target a wide
range of companies and organizations in denial-of-service attacks, but
intelligence professionals have not observed a significant change in their
capabilities or intentions during the last year, Clapper said.
“Most hacktivists use short-term denial-of-service operations
or expose personally identifiable information held by target companies, as forms
of political protest,” he said, adding that this could change.
Cyber criminals also threaten U.S. economic interests. “They
are selling tools, via a growing black market, that might enable access to
critical infrastructure systems or get into the hands of state and non-state
actors,” the director said. Some companies abet these groups, he told the panel,
selling computer intrusion kits to all comers.
James R. Clapper