Here’s part of the report by the US Director of National Intelligence, Dennis C. Blair, to the US Senate. I publish this part, because it is interesting to see asset of the situation by other countries, namely Russia, China, but also the EU – do they share the seriousness of the warnings, and what do they do. For the EU, I know – they don’t do that much 🙁
-
Far-Reaching Impact of the Cyber Threat
The national security of the United States, our economic prosperity, and the daily functioning
of our government are dependent on a dynamic public and private information infrastructure,
which includes telecommunications, computer networks and systems, and the information
residing within. This critical infrastructure is severely threatened.
This cyber domain is exponentially expanding our ability to create and share knowledge, but
it is also enabling those who would steal, corrupt, harm or destroy the public and private assets
vital to our national interests. The recent intrusions reported by Google are a stark reminder of
the importance of these cyber assets, and a wake-up call to those who have not taken this
problem seriously. Companies who promptly report cyber intrusions to government authorities
greatly help us to understand and address the range of cyber threats that face us all.
I am here today to stress that, acting independently, neither the US Government nor the
private sector can fully control or protect the country’s information infrastructure. Yet, with
increased national attention and investment in cyber security initiatives, I am confident the
United States can implement measures to mitigate this negative situation.
The Evolving Threat and Future Trends
The United States confronts a dangerous combination of known and unknown vulnerabilities,
strong and rapidly expanding adversary capabilities, and a lack of comprehensive threat
awareness. Malicious cyber activity is occurring on an unprecedented scale with extraordinary
sophistication. While both the threats and technologies associated with cyberspace are dynamic,
the existing balance in network technology favors malicious actors, and is likely to continue to
do so for the foreseeable future. Sensitive information is stolen daily from both government and
private sector networks, undermining confidence in our information systems, and in the very
information these systems were intended to convey. We often find persistent, unauthorized, and
at times, unattributable presences on exploited networks, the hallmark of an unknown adversary
intending to do far more than merely demonstrate skill or mock a vulnerability. We cannot be
certain that our cyberspace infrastructure will remain available and reliable during a time of
crisis. Within this dynamic environment, we are confronting threats that are both more targeted
and more serious. New cyber security approaches must continually be developed, tested, and
implemented to respond to new threat technologies and strategies.
We face nation states, terrorist networks, organized criminal groups, individuals, and other
cyber actors with varying combinations of access, technical sophistication and intent. Many
have the capabilities to target elements of the US information infrastructure for intelligence
collection, intellectual property theft, or disruption. Terrorist groups and their sympathizers have
expressed interest in using cyber means to target the United States and its citizens. Criminal
elements continue to show growing sophistication in their technical capability and targeting.
Today, cyber criminals operate a pervasive, mature on-line service economy in illicit cyber
capabilities and services, which are available to anyone willing to pay. Globally, widespread
cyber-facilitated bank and credit card fraud has serious implications for economic and financial
systems and the national security, intelligence, and law enforcement communities charged with
protecting them.
The cyber criminal sector in particular has displayed remarkable technical innovation with an
agility presently exceeding the response capability of network defenders. Criminals are
developing new, difficult-to-counter tools. In 2009, we saw the deployment of self modifying
malware, which evolves to render traditional virus detection technologies less effective. The
Conficker worm, which appeared in 2008 and created one of the largest networks of
compromised computers identified thus far, continues to provide a persistent and adaptable
platform for other malicious enterprises. Criminals are targeting mobile devices such as
“smartphones,” whose increasing power and use in financial transactions makes them potentially
lucrative targets. Criminals are collaborating globally and exchanging tools and expertise to
circumvent defensive efforts, which makes it increasingly difficult for network defenders and
law enforcement to detect and disrupt malicious activities
Two global trends within the information technology environment, while providing greater
efficiency and services to users, also potentially increase vulnerabilities and the consequences of
security failures. The first is network convergence—the merging of distinct voice and data
technologies to a point where all communications (e.g., voice, facsimile, video, computers,
control of critical infrastructure, and the Internet) are transported over a common network
structure—will probably come close to completion in the next five years. This convergence
amplifies the opportunity for, and consequences of, disruptive cyber attacks and unforeseen
secondary effects on other parts of the US critical infrastructure. The second is channel
consolidation, the concentration of data captured on individual users by service providers
through emails or instant messaging, Internet search engines, Web 2.0 social networking means,
and geographic location of mobile service subscribers, which increases the potential and
consequences for exploitation of personal data by malicious entities. The increased
interconnection of information systems and data inherent in these trends pose potential threats to
the confidentiality, integrity and availability of critical infrastructures and of secure credentialing
and identification technologies.
The Intelligence Community plays a vital role in protecting and preserving our nation’s cyber
interests and the continued free flow of information in cyberspace. As Director of National
Intelligence, I am creating an integrated and agile intelligence team to help develop and deploy a
defensive strategy that is both effective and respectful of American freedoms and values. In the
2009 National Intelligence Strategy, I focused the Intelligence Community on protecting the US
from a multi-vector cyber threat, covering malicious actors seeking to penetrate a network from
the outside, insiders, and potential threats hidden within the information technology supply
chain. We are integrating cyber security with counterintelligence and improving our ability to
understand, detect, attribute, and counter the full range of threats. I started this last summer
when I charged my new National Counterintelligence Executive to create a cyber directorate
within his office that would provide outreach for foreign intelligence threat warnings and ensure
insider threats are thwarted by the USG through use of technology and operational
countermeasures. I believe this emphasis can augment and improve existing cyber efforts toward
improving national and economic security for our nation.
We cannot protect cyberspace without a coordinated and collaborative effort that
incorporates both the US private sector and our international partners. The President’s
Cyberspace Policy Review provides a unifying framework for these coordinated efforts. The five
elements of the framework—leading from the top, building capacity for a digital nation, sharing
responsibility for cybersecurity, creating effective information sharing and incident response, and
encouraging innovation—serve to align the efforts of the Intelligence Community with its many
government and private sector partners. As Director of National Intelligence, I will continue to
ensure that information on these threats reaches executive and legislative leaders quickly, to
allow them to make informed national security decisions. I will also stay in touch with private
companies that provide network services so that we are both helping them stay secure and
learning through their experience.
Also, I continue to report to the President on the implementation of the Comprehensive
National Cybersecurity Initiative (CNCI), which was designed to mitigate vulnerabilities being
exploited by our cyber adversaries and provide long-term strategic operational and analytic
capabilities to US Government organizations. By enabling the development of these new
technologies and strategies, as a core component of a broad strategic approach to strengthening
cybersecurity for the nation, the CNCI will give the United States additional tools to respond to
the constantly changing cyber environment. Simultaneously, the CNCI stresses the importance
of the private sector as a partner through information sharing and other best practices to address
vulnerabilities. My Cyber Task Force produces quarterly reports on this government-wide effort,
providing a balanced assessment of its progress at improving the US Government’s cyber
security stance. The Congress funded most, but not all, of the Administration’s request last year.
We will need full funding of this program to keep close to pace with our adversaries.