State actors present the biggest threat to the security of computer systems in the United States, top intelligence, defense and law enforcement officials agreed Thursday.
During the House Permanent Select Committee on Intelligence’s annual open worldwide threats hearing, four witnesses — Director of National Intelligence James Clapper, CIA Director John Brennan, Director of Defense Intelligence Agency Michael Flynn and FBI Director Robert Mueller — said they worry most about a cyber attack from “hostile” nations.
That threat, Clapper suggested, is more troubling even than the prospect of a terrorist group hiring hackers or renting the technological equipment necessary to launch a cyber attack.
“Any time you’re assessing a threat, there are obviously two dimensions — one is capability and the other is intent,” Clapper said. “So from a capability standpoint, the ability to wreak damage to the country, we’re more concerned with the potential of a nation-state, and obviously…Russia and China are probably the most capable.”
Other countries, Clapper added, “don’t have that capability, but might have a more malevolent intent.”
Cybersecurity analysts frequently cite Iran and North Korea as the other two nation-states that pose a threat; they are less sophisticated but more determined potential cyber attackers than China and Russia..
Asked by Rep. Terri Sewell (D-Ala.) whether the government “is currently organized appropriately to address these threats,” Mueller suggested it is not.
“I think we are reaching that point,” Mueller said, “but we are to a certain extent in the same position we were in the wake of September 11th in terms of understanding that we have to work closely together to address it.”
After 9/11, Mueller said, the intelligence community realized it had to work more closely with local law enforcement to thwart terrorist attacks.
“In the realm of cyber, it is the private sector” with whom federal officials must coordinate better.
The committee had approved legislation aimed at enabling information sharing between the government and the private sector just a day before; it passed the Cyber Information Sharing and Protection Act on an 18-2 vote Wednesday afternoon.
Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.), the co-sponsors of that bill, both emphasized the importance of cyber threats.
“We experience a daily onslaught of Russian and Chinese cyber attacks,” Rogers said in his opening statement. “Attacks that steal America’s technological innovation and ingenuity — the keys to our future military and economic success as a nation.”
After the committee spent most of its time discussing North Korea, drones and Al Qaeda, Ruppersberger brought the conversation back around to cybersecurity near the end, echoing Rogers.
“As we’re speaking now, we’re being hit by thousands of cyber attacks,” he said.
CISPA is expected to come to the House floor for a vote this month. While the committee passed a handful of privacy-related amendments endorsed by Rogers and Ruppersberger, the White House National Security Council echoed the concerns of civil-liberties advocates with a Wednesday-night statement that the bill needs additional changes to protect individuals’ privacy.