Connect with us

Hi, what are you looking for?



U.S. Intelligence Community Highlights Cyber Risks in Worldwide Threat Assessment

AI, IoT and Fake News Highlighted as On-going Cyber Threats

AI, IoT and Fake News Highlighted as On-going Cyber Threats

In its statement to the Senate Select Committee on Intelligence on Wednesday, The Intelligence Community combined current and future cyber threats with its overview of kinetic and political threats to America.

Cyber adversaries, warns the Worldwide Threat Assessment of the US Intelligence Community (PDF), “are becoming more adept at using cyberspace to threaten our interests and advance their own, and despite improving cyber defenses, nearly all information, communication networks, and systems will be at risk for years.”

Russia, China, Iran and North Korea are given special reference as cyber threat actors. Russia’s “cyber operations will continue to target the United States and its allies to gather intelligence, support Russian decision-making, conduct influence operations to support Russian military and political objectives, and prepare the cyber environment for future contingencies.”

Cyber activity from China has declined since the bilateral Chinese-US cyber commitments of September 2015, but cyber espionage continues. China also selectively targets individuals or organizations it believes might threaten its domestic regime.

Iran, which the statement describes as “the foremost state sponsor of terrorism”, has already used its cyber capabilities against the US (such as an intrusion into the industrial control system of a US dam in 2013, and the data deletion attack on a US-based casino in 2014).

North Korea has similarly targeted the US, “specifically, Sony Pictures Entertainment in 2014 — and remains capable of launching disruptive or destructive cyber-attacks to support its political objectives.”

Advertisement. Scroll to continue reading.

Global threats come from terrorists and criminals. ISIS, Hezbollah and HAMAS are sources of terrorist-based cyber threats. In particular, “ISIS will continue to seek opportunities to target and release sensitive information about US citizens, similar to their operations in 2015 disclosing Information about US military personnel, in an effort to inspire attacks.”

Cyber criminals are “developing and using sophisticated cyber tools for a variety of purposes including theft, extortion, and facilitation of other criminal activities.” Ransomware is given special mention.

The statement warns that there are physical, economic and psychological consequences from cyber threats. The physical threats come from attacks on the critical infrastructure and from an increasing likelihood of attacks against critical IoT devices. “If adversaries gain the ability to create significant physical effects in the United States via cyber means, they will have gained new avenues for coercion and deterrence.”

The psychological consequences of attacks from both state and non-state actors can “distort the perceptions and decision-making processes of the target.” It also warns that “even a technically secure Internet can serve as a platform for the delivery of manipulative content crafted by foes seeking to gain Influence or foment distrust.”

Emerging threats come from artificial intelligence (AI), the internet of things (IoT), and perhaps surprisingly, the decline of Moore’s Law.

“The implications of our adversaries’ abilities to use AI are potentially profound and broad. They include an increased vulnerability to cyber attack, difficulty in ascertaining attribution, facilitation of advances in foreign weapon and intelligence systems, the risk of accidents and related liability issues, and unemployment.” Brian Dye, EVP of corporate products, told SecurityWeek that McAfee is already seeing adversaries attempting to poison machine learning (ML) defenses with false positives. The use of ML against ML will hasten this process, and make even advanced network defenses more vulnerable.

The IoT offers a new attack vector for adversaries. “In the future,” warns the Intelligence Community, “state and non-state actors will likely use IoT devices to support intelligence operations or domestic security or to access or attack targeted computer networks.”

The decline of Moore’s Law is likely to reduce the US technology advantage that “underpins many US economic and security advantages… potentially eroding US national security advantages.”

It is not within the remit of this statement to suggest solutions to cyber threats, but it does note that an international agreement on norms of cyber behavior is unlikely in the near future. Cyber norms are often considered to be the best long term hope for cyber stability, but “although efforts are ongoing to gain adherence to certain voluntary, non-binding norms of responsible state behavior in cyberspace, they have not gained universal acceptance, and efforts to promote them are increasingly polarized.”

In short, the Intelligence Community sees no diminution of the cyber threat to the US; newly emerging threat vectors making the situation more difficult; and no immediate sign of any long-term solution.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.