Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
Clapper: Cyberthreats to Worsen
National Intelligence Director Blames Iran for Casino HackThe director of national intelligence, James Clapper, paints a grim picture of the cyberthreats the nation faces, saying as bad as 2014 was, 2015 and the coming years will be worse.
See Also: Gartner Market Guide for DFIR Retainer Services
In testimony before the Senate Armed Services Committee on Feb. 26, where he revealed that Iran was behind the February 2014 breach of Las Vegas Sands Corp, Clapper said the nation needs to prepare for a cyber-Armageddon though the likelihood of a catastrophic attack remains remote. He said intelligence agencies expect a continuing series of low- to moderate-level cyberattacks that will impose cumulative costs on U.S. economic competitiveness and national security.
Clapper said the nature of hacks is changing. "In the future, we'll probably see cyber-operations that change or manipulate electronic information that compromises integrity instead of simply deleting or disrupting access to it," he told the committee. "In the end, the cyberthreat cannot be completely eliminated; rather, we must be vigilant in our efforts to detect, manage and defend against it."
Unpredictable Cyber-Actors
Clapper specifically cited Iran as the attacker on the Sands Corp., which is headed by Sheldon Adelson, a strong and vocal supporter of Israel, which is believed to have worked with the United States to cripple Iranian nuclear centrifuges using the Stuxnet worm. Until his testimony, no U.S. official publicly tied Iran with the Sands attack (see Report: 'Wiper' Malware Hit Casino Firm). Clapper did not provide any details on how the U.S. identified Iran as the hacker.
He said Iran was also behind a series of distributed denial-of-service attacks against a number of major U.S. banks (see Why Hide Cyber Skirmishes with Iran?). "Iran very likely values its cyber program as one of many tools for carrying out asymmetric but proportional retaliations against political foes, as well as sophisticated means of collecting intelligence," Clapper testified.
Besides Iran, Clapper mentioned North Korea as another nation-state attacking American businesses to achieve its political objectives, citing the November attack on Sony Pictures Entertainment (see How NSA Hacked North Korean Hackers). "These destructive attacks demonstrate that Iran and North Korea are motivated and unpredictable cyber-actors," Clapper said.
Russian Threat Intensifies
Regarding other nation-states posing cyberthreats, Clapper said Russia is a more severe threat than intelligence agencies previously assessed. In his written testimony, Clapper said Russian cyber-actors are developing the means to access industrial control systems remotely and have already compromised the product supply chain of three industrial control systems vendors.
Clapper said Chinese economic espionage against American companies also remains a threat.
"The motivation to conduct cyber-attacks and cyber-espionage will probably remain strong because of the relative ease of these operations and the gains they bring to perpetrators," Clapper said. "The result is a cyber-environment in which multiple actors continue to test their adversaries' technical capabilities, political resolve and thresholds. The muted response by most victims to cyber-attacks has created a permissive environment in which low-level attacks can be used as coercive tool short of war, with low risk of retaliation."
Clapper said it's often difficult to determine whether attacks coming from a specific region are launched by a government or a group aligned with it. "Distinguishing between state and non-state actors within the same country is often difficult, especially when those varied actors actively collaborate, tacitly cooperate, condone criminal activity that only harms foreign victims or utilizes similar cyber tools," he said.
Terrorist groups will continue to experiment with hacking, Clapper said, with their sympathizers likely conducting low-level cyber-attacks on their behalf to attract media attention, which might exaggerate the true threat.