U.S. faces radical, shifting threat environment, says Clapper
The top U.S. intelligence official told a Senate panel that threats from Cyber attack, terrorists, nuclear proliferation are part of a growing diverse set of challenges facing the U.S.
In March 12 testimony before the Senate Select Committee on Intelligence to present his 2013 worldwide threat assessment, director of national intelligence James Clapper said the changing, more diffuse and diverse threat environment around the world demands “reevaluations of the way we do business, expanding our analytic envelope, and altering the vocabulary of intelligence.”
Alluding to rising electronic attacks and incursions, Clapper said “destruction can be invisible, latent, and progressive.” The intelligence community, he said, now monitors shifts in human geography, climate, disease, and competition for natural resources because they fuel tensions and conflicts. “Local events that might seem irrelevant are more likely to affect US national security in accelerated time frames.” In the face of such complexity, Clapper said the intelligence community has to continue to promote collaboration among experts and vision across multiple disciplines to understand how and why developments—and both state and unaffiliated actors—can spark sudden changes with international implications.
Specifically addressing the Cyber threat to critical infrastructure, Clapper said there was “a remote chance” in the next two years that a major electronic attack by an “advanced Cyber-actor” like China or Russia could produce catastrophic, long-term damage, like a regional power outage. Lesser-known actors, he warned, could strike sooner in that time frame with a stroke of luck.
“The level of technical expertise and operational sophistication required for such an attack—including the ability to create physical damage or overcome mitigation factors like manual overrides—will be out of reach for most actors during this time frame,” he said. “Advanced cyber actors— such as Russia and China—are unlikely to launch such a devastating attack against the United States outside of a military conflict or crisis that they believe threatens their vital interests,” he said.
Smaller, less-sophisticated electronic assaults by isolated state or nonstate actors in retaliation or provocation are worrisome, he added. Within the next two years, it is possible, said Clapper, that less-advanced, but highly motivated actors could access some poorly protected US networks that control core functions, like power generation. He added, that those actors’ ability to leverage that access to cause high-impact, systemic disruptions “will probably be limited.” At the same time, he said, an unsophisticated attacks could have dumb luck on its side -- producing a significant outcome because of unexpected system configurations and mistakes, or that a vulnerability at one node might spill over and contaminate other parts of a networked system.
A more insidious Cyber threat, he said, are electronic incursions that aren’t meant to disrupt or cause dramatic damage. Foreign intelligence and security services have penetrated numerous computer networks of U.S. Government, business, academic, and private sector entities, he said. Most of the activity that has been detected, he added, has targeted unclassified networks connected to the Internet, but foreign cyber actors are also targeting classified networks. According to Clapper, critical proprietary company data, that foreign actors could use to get a leg-up on the U.S. economically resides on sensitive but unclassified networks. The same is true for most of our closest allies, he said.
“It is very difficult to quantify the value of proprietary technologies and sensitive business information and, therefore, the impact of economic cyber espionage activities,” said Clapper. “However, we assess that economic cyber espionage will probably allow the actors who take this information to reap unfair gains in some industries.”