U.S. director of national intelligence foresees low-to-moderate level cyberattacks, rather than “cyber Armageddon”

The United States’ director of national intelligence said on Thursday that rather than a “cyber Armageddon” scenario that debilitates the entire U.S. infrastructure, he foresees an “ongoing series of low-to-moderate level cyberattacks from a variety of sources over time, which will impose cumulative costs on U.S. economic competitiveness and national security.”

James Clapper made the comments before a House Permanent Select Committee on Intelligence on worldwide cyber threats, noted a statement from the Office of the Director of National Intelligence. Noting that cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication and severity of impact, Clapper concluded that unclassified information and communication technology networks that support U.S. government, military, commercial and social activities remain vulnerable to espionage and/or disruption.

“The ranges of cyber threat actors, methods of attack, targeted systems and victims are also expanding,” he said in a prepared statement. “In short, the cyber threat cannot be eliminated; rather, cyber risk must be managed.”

Clapper highlighted some of the recent malicious cyber activity, included the breach of 21.5 million personal records stolen from the Office of Personnel Management earlier this year and the 2014 data breach at Home Depot, which exposed information from 56 million credit/debit cards and 53 million customer email addresses. Home Depot estimated the cost of the breach to be US$62 million.

Of concern, Clapper said in the statement, is the “numerous actors [that] remain undeterred from conducting economic cyber espionage or perpetrating cyberattacks,” which he attributed to the “absence of universally accepted and enforceable norms of behaviour in cyberspace.”

These actors include nation states with highly sophisticated cyber programs (such as Russia or China), nations with lesser technical capabilities, but possibly more disruptive intent (such as Iran or North Korea), profit-motivated criminals and ideologically-motivated hackers or extremists.

“The motivation to conduct cyberattacks and cyber espionage will probably remain strong because of the relative ease of these operations and the gains they bring to the perpetrators,” he said. “The muted response by most victims to cyberattacks has created a permissive environment in which low-level attacks can be used as a coercive tool short of war, with relatively low risk of retaliation.”

In addition, even when a cyberattack can be attributed to a specific actor, the forensic attribution often requires a significant amount of time to complete, Clapper said. “Long delays between the cyberattack and determination of attribution likewise reinforce a permissive environment.”

Clapper suggested that in the future, there may be more cyber operations that change or manipulate electronic information to compromise its integrity (for example, accuracy and reliability), instead of deleting it or disrupting access to it. Successful cyber operations targeting the integrity of information would need to overcome any institutionalized checks and balances designed to prevent the manipulation of data, he said, such as market monitoring and clearing functions in the financial sector.

“In summary, the breadth of cyber threats posed to US national and economic security has become increasing diverse, sophisticated, and impactful,” he concluded.