Monday, 14 September 2015

U.S. policies have influenced Iranian, North Korean behavior in cyberspace

In a Sept. 10 appearance that amounted to a “state of cybersecurity” presentation to the House Intelligence Committee, leaders of the government’s intelligence agencies detailed the threat environment facing the nation in cyberspace.

First, the intelligence chiefs sought to frame the nature of the threat. A “Cyber Armageddon” destroying U.S. infrastructure such as the electric grid is unlikely, according to Director of National Intelligence James Clapper.

Clapper was joined by CIA Director John Brennan, National Security Agency Director Adm. Mike Rogers, Defense Intelligence Agency Director Lt. Gen. Vincent Stewart and FBI Director James Comey in offering a panoramic view of the government’s take on cybersecurity challenges.

According to these front-line cyberwarriors, the low probability of a spectacular, 9/11-style attack shouldn’t make anyone comfortable.

“An ongoing series of low-to-moderate level cyberattacks from a variety of sources over time … will impose cumulative costs on U.S. economic competitiveness and national security,” Clapper warned.

The sophistication of the attacks, and the growing diversity of the attackers — nation-states, amply funded criminal gangs, terrorists — are one reason for the Cyber Threat Intelligence Integration Center (CTIIC) that President Obama created by executive order this year, Clapper said.

Another reason for an integration center is that an alphabet soup of agencies deal with these threats. Do they know how to coordinate among themselves?

The Obama administration doesn’t say no, but it also says a new entity is needed to make sure the threat information is effectively digested among multiple agencies.

“We’ve reached the point where we believe it’s time to knit together all the intelligence these separate activities need to defend our networks,” Clapper explained to a generally friendly panel of lawmakers, “because while these entities may be defending different networks, they are often defending against the same threats, and that was one reason the president directed me to form a CTIIC.”

Clapper thanked the intelligence panel for supporting the CTIIC proposal.

The House and Senate homeland security committees, on the other hand, have been more skeptical of the new entity amid concerns that it would eclipse cybersecurity information sharing and analysis functions, established by law, within the Department of Homeland Security. The Obama administration has stressed that would not be the case.

Clapper and his colleagues said policy moves — and, perhaps, unacknowledged covert actions — are affecting rogue international players such as Iran and North Korea.

Rogers, director of the NSA and head of Cyber Command, said North Korean actions targeting the United States have ceased since the infamous Sony Pictures cyberattack last year.

North Korean attacks against other countries have continued, Rogers cautioned. In fact, FireEye researchers just last week reported that North Korea planted a “zero-day exploit” in a type of word processor used by the South Korean government.

But U.S. sanctions and other deterrence policies detailed by Obama after the Sony Pictures attack — and perhaps covert actions, though Rogers didn’t say so — seem to have tempered the North Koreans’ interest in striking at U.S. cyber targets.

As for Iran, Rogers cited “significant activity” aimed at the U.S. financial sector in 2012-2013. The level of cyberattacks emanating from Iran tapered off beginning in 2013, the admiral said, as U.S.-Iran negotiations began over nuclear weapons.

“Flowing out of ’13 as the negotiations kicked in, in many ways, we saw less activity directed directly against us,” Rogers testified. “But I would remind people, I have not seen the Iranians step back from their commitment to cyber as a tool. … They continue to be fully committed to how can they use this capability to achieve a broader set of national objectives.”

The sanctions policies spelled out by Obama this year were developed with a bigger target in mind than Iran or North Korea; the real target was China and Chinese companies.

The Obama administration has leaked its intention to use the sanctions authority against Chinese companies in some way, but has not specified when or how. Many observers think it highly unlikely the United States would make a move prior to the upcoming summit between Obama and Chinese President Xi Jinping, who visits Washington this month.

House Intelligence ranking member Adam Schiff, D-Calif., thinks sanctions should be applied against the Chinese, but only after the summit.

“We should underscore that there is an increasing cost for such activity,” Schiff said of Chinese economic and other types of espionage in cyberspace. But announcing the sanctions before Xi’s visit “would be so in-your-face it would disrupt the rest of the summit,” Schiff said.

Beyond sanctions, the intelligence agency leaders stressed the need for Congress to finally pass cybersecurity information-sharing legislation. An info-sharing bill was approved by the House in April but has stalled in the Senate.

Key senators said the prospects look good for the Cybersecurity Information Sharing Act to reach the floor in the coming weeks. The bill, providing liability protection for companies that share cyberthreat indicators with government and other private-sector entities, will fall somewhere in the legislative queue after the debate on the Iran nuclear agreement.

But cyber legislation is always subject to political winds.

Just last week, questions arose about the Department of Homeland Security’s ability to protect cyber information. A USA Today story revealed cyber vulnerabilities at the Department of Energy.

Both developments replenish the rhetorical arsenal of bill opponents, and could raise significant obstacles to a measure that, otherwise, should have a clear path to passage in the Senate.

View the original content and more from this author here: http://ift.tt/1M5VHKM



from cyber security caucus http://ift.tt/1M5VEij
via IFTTT

No comments:

Post a Comment