by Frank V. Vernuccio, Jr., J.D.
In recent hearings held by the House Armed Services Committee, James Clapper, the Director of National Intelligence and USMC Lt. General Vincent Stewart, Director of the Defense Intelligence Agency, provided a sobering assessment of the growing threat to America’s National Security posed by the high technology of the nation’s potential adversaries.
According to Director Clapper, “The consequences of innovation and increased reliance on information technology in the next few years on both our society’s way of life in general and how we in the Intelligence Community specifically perform our mission will probably be far greater in scope and impact than ever. Devices, designed and fielded with minimal security requirements and testing, and an ever-increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and US Government systems. These developments will pose challenges to our cyber defenses and operational tradecraft but also create new opportunities for our own intelligence collectors.”
General Stewart is concerned about both the growing capabilities of advanced state actors – such as Russia and China, as well as Iran and North Korea’s growing potential to conduct disruptive cyber-attacks . All four of those nations use a combination of government personnel, contractors, and loosely affiliated or ideologically aligned hackers, augmenting their capabilities and challenging America’s ability to discover where the attacks originate.
The ways in which cyber-attacks could damage the U.S. are numerous and significant, and include threats to key infrastructure sectors including health care, energy, finance, telecommunications, transportation, and water. According to Clapper, “ The US health care sector is rapidly evolving in ways never before imagined, and the cross-networking of personal data devices, electronic health records, medical devices, and hospital networks might play unanticipated roles in patient outcomes. Such risks are only heightened by large-scale theft of health care data and the internationalization of critical US supply chains and service infrastructure.”
Director Clapper outlined how each foreign actor—Russia, China, Iran, North Korea, and Islamic terrorists—have developed their cyber-attack potential.
He notes that “Russia is assuming a more assertive cyber posture based on its willingness to target critical infrastructure systems and conduct espionage operations even when detected and under increased public scrutiny.” Particular goals include intelligence gathering to support Russian decisionmaking in the Ukraine and Syrian crises, influence operations to support military and political objectives, and continuing preparation of the cyber environment for future contingencies.
Clapper is concerned at the success China continues to have in cyber espionage against the US. Government, allies, and private companies. There is another aspect as well, the Director notes. “Private-sector security experts have identified limited ongoing cyber activity from China but have not but have not verified state sponsorship or the use of exfiltrated data for commercial gainverified state sponsorship or the use of exfiltrated data for commercial gain.”
Clapper cites Iran for cyber espionage and web attacks against both the U.S. and regional allies. He also emphasized that “North Korea probably remains capable and willing to launch disruptive or destructive cyberattacks to support its political objectives. South Korean officials have concluded that North Korea was probably responsible for the compromise and disclosure of data from a South Korean nuclear plant.”
The Director points out that terrorists use the internet “to organize, recruit, spread propaganda, collect intelligence, raise funds, and coordinate operations. In a new tactic, ISIL actors targeted and released sensitive information about US military personnel in 2015 in an effort to spur “lone-wolf” attacks.”
General Stewart notes that non-state actors’ use of cyberspace to recruit, propagandize, and conduct open source research will endure as an enabler to their global decentralized operations, and the potential exists for a “lone wolf” cyber-attack.
Some observers believe that in dealing with China, the White House has been “out-maneuvered.” Writing in the Diplomat, Greg Austin reports that “In his visit to the United States…President Xi Jinping of China brilliantly outmaneuvered the United States …by declaring, with all of the diplomatic and international legal authority that a head of state wields, that his government did not collect “commercial intelligence.” After those comments, any conversation with Obama about stopping such practices was bound to be surreal and unproductive… The U.S. policy focus on China’s cyber espionage has also been undermined by the administration’s failure to draw sensible connections between its inflammatory rhetoric on cyber espionage and its more measured efforts to curb intellectual property theft in general.”
Frank Vernuccio serves as editor-in-chief of the New York Analysis of Policy & Government