Is U.S. Too Big for Georgia-Style Cyber Attack to Succeed?National Intelligence Chief Thinks So, But Calls for Vigilance
"We're too big; we're too complex; we are working on the defenses," said Dennis Blair, speaking with reporters on Thursday, referring to last summer's Russian invasion of Georgia, when Russian hackers were believed to have taken down key Georgia government websites. "But as you look out to the future, unless we work hard on this, we could be very vulnerable. So it's a very high priority for me."
Responding to a question about whether he sees cybersecurity as a more pressing issue today than he did two months ago during his confirmation hearing, Blair clarified his January position, saying he was responding to a specific question from a senator about whether terrorists would use computer technology as a weapon.
"From what we know about Muslim-extremist organizations that use terrorist tactics, they are looking for things that make a more visible bang, and kill and maim, than cyber," Blair said. "So, I was worried about more of these other kinds of attacks that these groups might make, rather than a cyber attack."
Blair said cyber threats come from organized nation states, specifically citing Russia and China. "China is, I think, winning the sweepstakes for the origin of the most attacks on U.S. organizations," he said. "I think it's actually second, after attacks originating in the United States, but it's up there in terms of foreign countries."
On another cybersecurity topic, Blair suggested that cybersecurity policy will be run out of the White House. "(There are) advantages and disadvantages of putting powerful people in the White House, versus putting powerful people in the agencies and departments," he said. "We've got to have a powerful team; we've got to have good policy from the White House; we've got to have capacity in the departments.
"And, most of all, we need to have a legal regime which takes account of the way the technology of cyberspace has made our previous neat, domestic-international law-enforcement homeland-defense distinctions irrelevant. That's what the real challenges is, and that's what we're working on in this review that is going on in the White House now."
Blair's remarks echoes comments Melissa Hathaway, the White House advisor who's half-way through a 60-day review of federal cybersecurity policy and procedures, made to lawmakers in a private briefing on Thursday, suggesting cybersecurity policy will emanate from the White House.
Blair noted that any cybersecurity policy will require collaboration among civilian, intelligence and defense agencies, specifically mentioning the role of the National Security Agency, which offers cryptographic and information assurance capabilities.
"The taxpayers of this country have spent enormous sums developing a world-class capability at the National Security Agency on cyber, and yet our problems in cyber security are much greater than the intelligence community, the military community or even the government," Blair said.
"The trick is to make use of the technical capabilities of the National Security Agency in a way that can protect American networks," he said. "The key to that is American's having confidence that they are being used for those beneficial purposes and are not being used to gather private information on Americans and a whole set of concerns that some of the early reactions to 9/11 excited."