A top US intelligence official warned Thursday of an evolving cyber security threat that will see criminals not just stealing data, but actively altering or deleting it.
Speaking to the House of Representatives Intelligence Committee, heads of several top security agencies, still reeling from a string of high-profile hacks, spoke about the vulnerabilities faced by government and businesses in America.
Director of National Intelligence James Clapper said attacks typically have involved the disruption of a website or massive thefts of information — such as the devastating hack of government databases that saw the theft of personal details of millions of federal workers and contractors.
“I believe that the next push on the envelope here is going to be the manipulation and deletion of data,” Clapper said.
In written comments to the committee, Clapper said there may be more cyber operations that will change or manipulate electronic information in order to compromise its accuracy and reliability.
“Decision making by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving,” Clapper wrote.
The data breach at the Office of Personnel Management swiped Social Security numbers and other information about current and former government workers and associates, affecting a staggering 21.5 million people.
Federal Bureau of Investigation Director James Comey told the intelligence committee there was no immediate indication the stolen data had been used adversely.
But “I don’t want to put people completely at ease,” Comey said. “There’s a significant counterintelligence threat that’s associated with someone having this information, a nation state.”
In his written comments, Clapper said his office was less concerned with a “cyber armageddon” scenario that debilitates the entire US infrastructure.
Instead, “we foresee an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security,” he wrote.
As they have done previously, US intelligence officials pointed to China, Russia, Iran and North Korea as the main culprits behind cyber attacks in the United States.
Admiral Michael Rogers, who heads the National Security Agency, said Iran had carried out a number of attacks against US financial institution’s websites in 2012-2013 but as negotiations on a nuclear deal progressed, Iran dialed these back.
“As the negotiations kicked in, we saw less activity directed against us,” he said. “But I would remind people I have not seen the Iranians step back from their commitment to cyber as a tool.”
The United States believes North Korea is behind another infamous hack, that of Sony Pictures. Rogers said he had not seen North Korea attempt another hack of that magnitude since then.