Intelligence Director Warns of Cybersecurity Threats

But Says Chances of Major State-Sponsored Attack in Next Two Years is Remote

Intelligence Director Warns of Cybersecurity Threats

But says chances of major state-sponsored attack in next two years is remote

By John Eggerton -- Broadcasting & Cable, 3/12/2013 1:17:23 PM

Director of Intelligence James Clapper began his worldwide threat assessment to the Senate Intelligence Committee Tuesday by outlining the threats of cyberattacks.

While he said there is only a "remote" chance that there will be a cyberattack on critical U.S. infrastructure in the next two years that would result in wide-scale disruption, but that doesn't mean state actors, or nonstate actors, might not deploy less sophisticated attacks.

Clapper said there was increasing risk to that critical infrastructure from such attacks, which could have significant impact.

Among his other concerns are spies penetrating computer nets and getting access to both unclassified and classified material; industrial espionage; threats by China, Russia, Iran and others; the multistakeholder model of Internet governance; and hacktivists and cybercriminals.

"Most hacktivists use short-term denial-of-service operations or expose personally identifiable information held by target companies, as forms of political protest," he said in his testimony. "However, a more radical group might form to inflict more systemic impacts -- such as disrupting financial networks -- or accidentally trigger unintended consequences that could be misinterpreted as a state-sponsored attack."

Clapper also pointed to toolkits on the black market, and the open market, for breaking into networks. "These hardware and software packages can give governments and cybercriminals the capability to steal, manipulate, or delete information on targeted systems."

The president this week is meeting with members of the House and Senate. Among the topics of conversation will be his push for bipartisan cybersecurity legislation to backstop his executive order on information sharing and a best-practices cybersecurity framework.