14 September 2015

U.S. Spy Chief: Get Ready for Everything to be Hacked All the Time

BY ELIAS GROLL
SEPTEMBER 10, 2015

With U.S. government and business networks being frequently probed by cyberspace operatives, the United States’ top spy said Thursday the greatest online threat isn’t a crippling digital strike against American infrastructure — but the near-constant, lower-grade attacks that are carried out routinely.

Director of National Intelligence James Clapper also raised eyebrows among House lawmakers when he declined to describe a recent breach of servers belonging to the Office of Personnel Management as an “attack.” Rather, Clapper called the operation, which U.S. officials privately attribute to China, “a passive intelligence collection activity, just as we do.” The breach resulted in the exfiltration of the personal information of some 21.5 million current, past, and prospective federal employees.

In testimony to the House Intelligence Committee, Clapper described a permissive online environment in which hackers worldwide are able to operate essentially without impunity. That environment has resulted in difficulties for U.S. officials to deter future attacks, Clapper said, and has led American intelligence officials to conclude that cyber threats will probably intensify in the near future.

“Although we must be prepared for a large, armageddon-scale strike that would debilitate the entire U.S. infrastructure, it is not our belief that that is the most likely scenario,” said Clapper, who testified alongside the heads of the CIA, NSA, FBI, and DIA. “Rather, our primary concerns are the low- to moderate-level cyber attacks from a variety of sources, which will continue and probably expand.”

U.S. officials and security experts have speculated that the information taken from OPM servers, which included forms used in background checks for security clearances, could be used for counterintelligence purposes. But Clapper said the intelligence community has so far not detected any use of that data against the United States. Earlier this month, OPM Acting Director Beth Cobert said the agency so far has not detected any use of the purloined data to carry out fraud.

Though Clapper likened the operation against OPM to activities carried out by the United States, much of Thursday’s hearing was preoccupied with the lack of norms in cyberspace and how the absence of a common framework, such as the Geneva Conventions, has resulted in a highly permissive environment. Discussions within the global intelligence community have ratcheted up recently, Clapper said, about how to provide some “rules for the road” governing conduct in cyberspace.

U.S. officials have struggled to build a framework to deter nation-states that have invested in hacking capabilities from breaching American networks, and that remains a challenge. “We will continue to see this until we create both the substance and the psychology of deterrence,” Clapper said, referring to the breach of OPM servers. “The muted response by most victims to cyber attacks has created a permissive environment in which low-level attacks can be used as a coercive tool short of war, with relatively low risk of retaliation,” Clapper said in prepared remarks

According to the spy chief, the next frontier in cyberspace will feature the manipulation of data, rather than theft or destruction. Such tools, Clapper said, could be used to alter decision making, and prompt business executives and others to question the credibility of information they receive.

While the White House is considering the deployment of cyber-related sanctions on China, potentially as soon as this week, so far the effort to deter criminals and nation-state hackers has focused on diplomatic and law enforcement tools. To that end, FBI Director James Comey cited stepped-up efforts to cooperate with law enforcement agencies abroad and ensure that criminals using the dark web and other tools to evade authorities continue to “look over their shoulders.”

But even as Clapper warned of increasing “frequency, scale, sophistication, and severity of impact” of cyber attacks, one of America’s prime adversaries in cyberspace, North Korea, appears to have held off attacking U.S. networks since breaching the servers of Sony Pictures. NSA Director Michael Rogers said that since the Sony hack, his agency has not observed any North Korean attacks on U.S. companies.

He added, however, that his agency has “watched them carry out attacks against other nations since the Sony breach.” He did not say which nations.

No comments: