If he was trying to scare the hell out of his listeners about the current state of cybersecurity, consider the newest warning from the nation's top intelligence official a mission accomplished.
In stark testimony delivered today to Congress, Director of National Intelligence James Clapper described a fast-eroding economic and national security landscape that's being rapidly penetrated by foreign agents infiltrating the nation's computer networks. This was the first time Clapper has included cyberattacks in his yearly congressional report on security threats facing the nation -- the Worldwide Threat Assessment of the U.S. Intelligence Community (PDF) -- and they top the list.
"We judge that there is a remote chance of a major cyberattack against U.S. critical infrastructure systems during the next two years that would result in long-term, wide-scale disruption of services, such as a regional power outage," Clapper told the United States Senate Select Committee on Intelligence.Clapper added that foreign intelligence and security services have penetrated computer networks operated by the government and the private sector.
"Most detected activity has targeted unclassified networks connected to the Internet, but foreign cyberactors are also targeting classified networks. Importantly, much of the nation's critical proprietary data are on sensitive but unclassified networks; the same is true for most of our closest allies," he said.
Describing what he said was an increased risk to U.S. critical infrastructure, Clapper said attacks were more likely to emanate from less technically advanced "isolated state or nonstate actors" than from Russia or China, who were less likely to launch cyberstrikes during peacetime.
"These less advanced but highly motivated actors could access some poorly protected U.S. networks that control core functions, such as power generation, during the next two years, though their ability to leverage that access to cause high-impact, systemic disruptions will probably be limited," he said. "At the same time, there is a risk that unsophisticated attacks would have significant outcomes due to unexpected system configurations and mistakes, or that vulnerability at one node might spill over and contaminate other parts of a networked system."
Clapper also included hacktivists and cybercriminals in his list of potential threats.
"Most hacktivists use short-term denial-of-service operations or expose personally identifiable information held by target companies, as forms of political protest," he said. "However, a more radical group might form to inflict more systemic impacts -- such as disrupting financial networks -- or accidentally trigger unintended consequences that could be misinterpreted as a state-sponsored attack."
He said that cybercriminals were selling tools through a growing black market that could "enable access to critical infrastructure systems or get into the hands of state and nonstate actors." Interestingly, he added that "a handful of commercial companies sell computer intrusion kits on the open market," which governments and cybercriminals can deploy "to steal, manipulate, or delete information on targeted systems. Even more companies develop and sell professional-quality technologies to support cyberoperations--often branding these tools as lawful-intercept or defensive security research products. Foreign governments already use some of these tools to target U.S. systems."
He did not get more specific. We've contacted DNI for further comment and will update this post when there is more information.