Far-Reaching Impact of the Cyber Threat

Director of National Intelligence's Annual Threat Assessment
Far-Reaching Impact of the Cyber Threat
Director of National Intelligence

(This article is adapted from testimony Director of National Security Dennis Blair delivered Tuesday to the Senate Select Committee on Intelligence.)

The national security of the United States, our economic prosperity, and the daily functioning of our government are dependent on a dynamic public and private information infrastructure, which includes telecommunications, computer networks and systems, and the information residing within. This critical infrastructure is severely threatened.

This cyber domain is exponentially expanding our ability to create and share knowledge, but it is also enabling those who would steal, corrupt, harm or destroy the public and private assets vital to our national interests. The recent intrusions reported by Google are a stark reminder of the importance of these cyber assets, and a wake-up call to those who have not taken this problem seriously. Companies who promptly report cyber intrusions to government authorities greatly help us to understand and address the range of cyber threats that face us all.

Acting independently, neither the U.S. government nor the private sector can fully control or protect the country's information infrastructure. Yet, with increased national attention and investment in cybersecurity initiatives, I am confident the United States can implement measures to mitigate this negative situation.

Evolving Threat and Future Trends

The United States confronts a dangerous combination of known and unknown vulnerabilities, strong and rapidly expanding adversary capabilities, and a lack of comprehensive threat awareness. Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication. While both the threats and technologies associated with cyberspace are dynamic, the existing balance in network technology favors malicious actors, and is likely to continue to do so for the foreseeable future. Sensitive information is stolen daily from both government and private sector networks, undermining confidence in our information systems, and in the very information these systems were intended to convey. We often find persistent, unauthorized, and at times, unattributable presences on exploited networks, the hallmark of an unknown adversary intending to do far more than merely demonstrate skill or mock a vulnerability. We cannot be certain that our cyberspace infrastructure will remain available and reliable during a time of crisis. Within this dynamic environment, we are confronting threats that are both more targeted and more serious. New cybersecurity approaches must continually be developed, tested, and implemented to respond to new threat technologies and strategies.

We face nation states, terrorist networks, organized criminal groups, individuals, and other cyber actors with varying combinations of access, technical sophistication and intent. Many have the capabilities to target elements of the U.S. information infrastructure for intelligence collection, intellectual property theft or disruption. Terrorist groups and their sympathizers have expressed interest in using cyber means to target the United States and its citizens. Criminal elements continue to show growing sophistication in their technical capability and targeting.

Today, cyber criminals operate a pervasive, mature on-line service economy in illicit cyber capabilities and services, which are available to anyone willing to pay. Globally, widespread cyber-facilitated bank and credit card fraud has serious implications for economic and financial systems and the national security, intelligence, and law enforcement communities charged with protecting them.

The cyber criminal sector in particular has displayed remarkable technical innovation with an agility presently exceeding the response capability of network defenders. Criminals are developing new, difficult-to-counter tools. In 2009, we saw the deployment of self modifying malware, which evolves to render traditional virus detection technologies less effective. The Conficker worm, which appeared in 2008 and created one of the largest networks of compromised computers identified thus far, continues to provide a persistent and adaptable platform for other malicious enterprises. Criminals are targeting mobile devices such as "smart phones," whose increasing power and use in financial transactions makes them potentially lucrative targets.

Criminals are collaborating globally and exchanging tools and expertise to circumvent defensive efforts, which makes it increasingly difficult for network defenders and law enforcement to detect and disrupt malicious activities Two global trends within the information technology environment, while providing greater efficiency and services to users, also potentially increase vulnerabilities and the consequences of security failures.

Network Convergence, Channel Consolidation

The first is network convergence - the merging of distinct voice and data technologies to a point where all communications (e.g., voice, facsimile, video, computers, control of critical infrastructure, and the Internet) are transported over a common network structure - will probably come close to completion in the next five years. This convergence amplifies the opportunity for, and consequences of, disruptive cyber attacks and unforeseen secondary effects on other parts of the U.S. critical infrastructure.

The second is channel consolidation, the concentration of data captured on individual users by service providers through e-mails or instant messaging, Internet search engines, Web 2.0 social networking means, and geographic location of mobile service subscribers, which increases the potential and consequences for exploitation of personal data by malicious entities. The increased interconnection of information systems and data inherent in these trends pose potential threats to the confidentiality, integrity and availability of critical infrastructures and of secure credentialing and identification technologies.

The Intelligence Community plays a vital role in protecting and preserving our nation's cyber interests and the continued free flow of information in cyberspace. As director of National Intelligence, I am creating an integrated and agile intelligence team to help develop and deploy a defensive strategy that is both effective and respectful of American freedoms and values. In the 2009 National Intelligence Strategy, I focused the Intelligence Community on protecting the U.S. from a multi-vector cyber threat, covering malicious actors seeking to penetrate a network from the outside, insiders, and potential threats hidden within the information technology supply chain. We are integrating cybersecurity with counterintelligence and improving our ability to understand, detect, attribute, and counter the full range of threats. I started this last summer when I charged my new National Counterintelligence Executive to create a cyber directorate within his office that would provide outreach for foreign intelligence threat warnings and ensure insider threats are thwarted by the U.S. through use of technology and operational countermeasures. I believe this emphasis can augment and improve existing cyber efforts toward improving national and economic security for our nation.

We cannot protect cyberspace without a coordinated and collaborative effort that incorporates both the U.S. private sector and our international partners. The president's Cyberspace Policy Review provides a unifying framework for these coordinated efforts. The five elements of the framework - leading from the top, building capacity for a digital nation, sharing responsibility for cybersecurity, creating effective information sharing and incident response, and encouraging innovation - serve to align the efforts of the Intelligence Community with its many government and private sector partners. As Director of National Intelligence, I will continue to ensure that information on these threats reaches executive and legislative leaders quickly, to allow them to make informed national security decisions. I will also stay in touch with private companies that provide network services so that we are both helping them stay secure and learning through their experience.

Comprehensive National Cybersecurity Initiative

Also, I continue to report to the president on the implementation of the Comprehensive National Cybersecurity Initiative (CNCI), which was designed to mitigate vulnerabilities being exploited by our cyber adversaries and provide long-term strategic operational and analytic capabilities to U.S. government organizations. By enabling the development of these new technologies and strategies, as a core component of a broad strategic approach to strengthening cybersecurity for the nation, the CNCI will give the United States additional tools to respond to the constantly changing cyber environment. Simultaneously, the CNCI stresses the importance of the private sector as a partner through information sharing and other best practices to address vulnerabilities. My Cyber Task Force produces quarterly reports on this government-wide effort, providing a balanced assessment of its progress at improving the U.S. Government's cybersecurity stance. The Congress funded most, but not all, of the Administration's request last year.

We will need full funding of this program to keep close to pace with our adversaries.

Further reading:

Q&A: Blair Speaks Out on Cybersecurity
Cybersecurity Elevated as U.S. Intel Priority

Around the Network