Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

US Spymaster Warns Over Low-level Cyber Attacks

A steady stream of low-level cyber attacks poses the most likely danger to the United States rather than a potential digital “armageddon,” US intelligence director James Clapper said on Thursday.

US officials for years have warned of a possible “cyber Pearl Harbor” that could shut down financial networks, poison water supplies or switch off power grids.

A steady stream of low-level cyber attacks poses the most likely danger to the United States rather than a potential digital “armageddon,” US intelligence director James Clapper said on Thursday.

US officials for years have warned of a possible “cyber Pearl Harbor” that could shut down financial networks, poison water supplies or switch off power grids.

But Clapper told lawmakers that American spy agencies were more focused on lower-profile but persistent assaults that could have a damaging effect over time.

“Rather than a ‘cyber Armageddon’ scenario that debilitates the entire US infrastructure, we envision something different,” Clapper told the Senate Armed Services Committee.

US Warns of Cyber Attacks“We foresee an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security,” he said.

The past year had seen “destructive cyber attacks” for the first time on US soil carried out by other countries, Clapper said.

He cited North Korea’s alleged hacking of Sony Pictures in November and an Iranian attack a year ago against the Las Vegas Sands Casino Corporation.

Pyongyang was accused of targeting Sony over a comedy film that portrayed the fictional assassination of North Korea’s leader. And Iran went after Sands purportedly because the company’s CEO, billionaire Sheldon Adelson, is known as a hawkish supporter of Israel.

Foreign “actors” are conducting reconnaissance and gaining digital access to US infrastructure systems, so they can launch a cyber attack if necessary in the future, he said.

Russia and China had particularly sophisticated cyber capabilities, according to the director of national intelligence.

Russia is creating its own cyber command that will be able to orchestrate propaganda and insert malware into adversaries’ computer systems, he said.

Countries such as Iran and North Korea have “lesser technical capabilities but possibly more disruptive intent,” he said.

Clapper acknowledged America had “offensive capabilities” in cyberspace but offered no details.

But he said there were questions about how to use such weapons and what sort of doctrine would govern digital operations.

“I think the issue, though, is what is the policy? What is it that would achieve cyber deterrence? And that is an issue that, at the policy level, we’re still, frankly, wrestling with,” he said.

The United States and Israel were reportedly behind an elaborate cyber attack on Iran’s nuclear program in 2010 that damaged hundreds of centrifuges. Dubbed “n,” the operation employed the Stuxnet computer worm that was introduced through an infected USB flash drive, according to the New York Times.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.