James Clapper, the director overseeing all of the federal government’s intelligence agencies, presented Congress with a report the other day about the top national security threats facing our country. Terrorism didn’t receive top billing. The cyberthreats from foreign governments and terrorists did.
Although no hostile entity at this point seems to have the power to create a catastrophic disruption of U.S. infrastructure or the economy, foreign governments and terrorists are steadily exploring opportunities for inflicting such damage, said Clapper and Gen. Keith Alexander, head of the military’s Cyber Command and the code-breaking National Security Agency.
“Foreign intelligence and security services have penetrated numerous computer networks” across the United States, Clapper testified. Among the best-known examples are China’s ambitious efforts to build up its cyber-offense capability, as well as Iran’s computer attacks on U.S. banks and Saudi Arabia’s national oil company last year after the international community ratcheted up economic sanctions against the ayatollah’s regime.
Reinforcing that assessment were the events this week in South Korea, where a cyber-attack disabled some 32,000 computers at broadcasters and banks. The investigation continues, but North Korea is a suspect.
Clapper’s report stated that even cyber-operations by foreign governments or terrorists with less than cutting-edge technology have a considerable potential to inflict damage.
“These less advanced but highly motivated actors could access some poorly protected U.S. networks that control core functions, such as power generation, during the next two years, although their ability to leverage that access to cause high-impact, systemic disruptions will probably be limited,” the report said. “At the same time, there is a risk that unsophisticated attacks would have significant outcomes due to unexpected system configurations and mistakes, or that vulnerability at one node might spill over and contaminate other parts of a networked system.”
In response to this threat, Alexander said the Cyber Command is adding 40 more cyberteams, 13 focused on offense and 27 on training and surveillance.
During the hearings, lawmakers expressed concern that the military has not made adequate progress in beefing up its cyberforces and in developing rules of engagement for cyber-operations.
At the same time, lawmakers acknowledged the military’s challenge in finding the needed number of highly technical staffers for such operations. The sequester and the ongoing failure of Congress to pass a budget have caused great complications for such efforts, the hearings explained. Gen. Robert Kehler, commander of the U.S. Strategic Command and a specialist on cyber-issues, has made the same point.
For one thing, the furloughing of the Pentagon’s civilian employees will undermine the military’s recruitment of civilian technology specialists, who provide a significant part of the military’s cyberforces. Another problem is stop-and-start funding for other parts of the cyber-efforts, due to congressional budget thumb-twiddling and deadlock.
The hearings made clear that our military’s cyber-operations are a work in progress, including the question of when to use them, and what constitutes the “offensive” use of the Pentagon’s cybercapabilities. A report in Foreign Policy magazine said the discussion of such offensive operations has included not just computer-based attacks against a hostile government or terrorist groups but also specially designated aircraft or submarines that would focus on attacking foreign cyber-operations facilities.
Computer networks are now intertwined with just about every aspect of life, and that unfortunately increases our country’s vulnerability to those who would seek to harm us. To guard against what former Defense Secretary Leon Panetta called a “cyber-Pearl Harbor,” the military is right to energetically pursue smart cyberstrategies. And our elected leaders need to work out responsible budgets so those vital efforts can be properly funded.