January 29, 2014
Intelligence Community's Assessment of Cyber Threats to the US
By Office of the Director of National Intelligence
We assess that computer network exploitation and disruption activities such as denial of service attacks will continue. Further, we assess that the likelihood of a destructive attack that deletes information or renders systems inoperable will increase as malware and attack tradecraft proliferate. Many instances of major cyber attacks manifested themselves at home and abroad in 2013 as illustrated by the following examples.
- In March 2013, South Korea suffered a sizeable cyber attack against its commercial and media networks, damaging tens of thousands of computer workstations. The attack also disrupted online banking and automated teller machine services. Although likely unrelated to the 2012 network attack against Saudi Aramco, these attacks illustrate an alarming trend in mass data-deletion and system damaging attacks.
- In early 2013, the US financial sector faced wide-scale network denial-of-service attacks that became increasingly difficult and costly to mitigate.
In response to these and similar developments, many countries are creating cyber defense institutions within their national security establishments. We estimate that several of these will likely be responsible for offensive cyber operations as well.
Russia presents a range of challenges to US cyber policy and network security. Russia seeks changes to the international system for Internet governance that would compromise US interests and values. Its Ministry of Defense (MOD) is establishing its own cyber command, according to senior MOD officials, which will seek to perform many of the functions similar to those of the US Cyber Command. Russian intelligence services continue to target US and allied personnel with access to sensitive computer network information. In 2013, a Canadian naval officer confessed to betraying information from shared top secret-level computer networks to Russian agents for five years.
China's cyber operations reflect its leadership's priorities of economic growth, domestic political stability, and military preparedness. Chinese leaders continue to pursue dual tracks of facilitating Internet access for economic development and commerce and policing online behaviors deemed threatening to social order and regime survival. Internationally, China also seeks to revise the multi-stakeholder model Internet governance while continuing its expansive worldwide program of network exploitation and intellectual property theft.
Iran and North Korea are unpredictable actors in the international arena. Their development of cyber espionage or attack capabilities might be used in an attempt to either provoke or destabilize the United States or its partners.
Terrorist organizations have expressed interest in developing offensive cyber capabilities. They continue to use cyberspace for propaganda and influence operations, financial activities, and personnel recruitment.
Cyber criminal organizations are as ubiquitous as they are problematic on digital networks. Motivated by profit rather than ideology, cyber criminals play a major role in the international development, modification, and proliferation of malicious software and illicit networks designed to steal data and money. They will continue to pose substantial threats to the trust and integrity of global financial institutions and personal financial transactions.
Other Potential Cyber Issues
Critical infrastructure, particularly the Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems used in water management, oil and gas pipelines, electrical power distribution, and mass transit, provides an enticing target to malicious actors. Although newer architectures provide flexibility, functionality, and resilience, large segments of legacy architecture remain vulnerable to attack, which might cause significant economic or human impact.
Physical objects such as vehicles, industrial components, and home appliances, are increasingly being integrated into the information network and are becoming active participants in generating information. These "smart objects" will share information directly with Internet-enabled services, creating efficiencies in inventory supervision, service-life tracking, and maintenance management. This so-called "Internet of Things" will further transform the role of information technology in the global economy and create even further dependencies on it. The complexity and nature of these systems means that security and safety assurance are not guaranteed and that threat actors can easily cause security and/or safety problems in these systems.