Iran Poses Cyber-Intel Threat to U.S.Intel Chief: Foreign Intrusions of American Networks Go Undetected
"Russia and China are aggressive and successful purveyors of economic espionage against the United States," National Intelligence Director James Clapper said in testimony delivered to the House Intelligence Committee on Tuesday.
"Iran's intelligence operations against the United States, including cyber capabilities, have dramatically increased in recent years in depth and complexity," Clapper said. "We assess that FIS (foreign intelligence services) from these three countries will remain the top threats to the United States in the coming years."
Clapper also said foreign intelligence services have launched numerous computer network operations targeting U.S. government agencies, businesses and universities, with many of the intrusions not being detected. "Although most activity detected to date has been targeted against unclassified networks connected to the Internet," he said, "foreign cyber actors have also begun targeting classified networks."
Insiders pose a growing threat, Clapper said, causing significant damage to American interests from the theft and unauthorized disclosure of classified, economic and proprietary information and other acts of espionage. "Trusted insiders using their access for malicious intent represent one of today's primary threats to U.S. classified networks," he said.
Playing Catch UpClapper, in his prepared testimony, said cybersecurity hasn't kept up with advances in information technology. "Innovation in functionality is outpacing innovation in security," he said, "and neither the public nor private sector has been successful at fully implementing existing best practices. ... Our technical advancements in detection and attribution shed light on malicious activity, but cyber intruders continue to explore new means to circumvent defensive measures."
The intelligence director said two of the greatest strategic challenges regarding cyberthreats are the difficulty of providing timely, actionable warning of threats and incidents, and the highly complex vulnerabilities associated with the IT supply chain for American networks. "Government engagement with private-sector owners and operators of critical infrastructures is essential for mitigating these threats," he said.