Cyber operations that target critical infrastructure, elections, supply chains and more may be “more destructive and disruptive” in the near future and as “states attempt more aggressive cyber operations, they are more likely to affect civilian populations and to embolden other states that seek similar outcomes,” according to intelligence agencies.
“One of the challenges we have right now is our adversaries are realizing that there are blind spots that they can afford themselves to, to conduct intrusions,” NSA Director Gen. Paul Nakasone told the House Intelligence Committee at a Thursday hearing of intelligence leaders.
The unclassified version of the 2021 Annual Threat Assessment released last week by the intelligence community concluded that “cyber threats from nation states and their surrogates will remain acute” as countries with nefarious aims “use cyber operations to steal information, influence populations, and damage industry, including physical and digital critical infrastructure.”
“Although an increasing number of countries and nonstate actors have these capabilities, we remain most concerned about Russia, China, Iran, and North Korea,” the assessment said. “Many skilled foreign cybercriminals targeting the United States maintain mutually beneficial relationships with these and other countries that offer them safe haven or benefit from their activity.”
As activity and attacks continue to increase, “democracies will continue to debate how to protect privacy and civil liberties as they confront domestic security threats and contend with the perception that free speech may be constrained by major technology companies,” the IC noted, while during the past decade “state sponsored hackers have compromised software and IT service supply chains, helping them conduct operations—espionage, sabotage, and potentially prepositioning for warfighting.”
FBI Director Chris Wray told the House Intelligence Committee that the “accelerating” level of “quality and sophistication” of deepfakes is also worrisome. “A lot of what’s out there right now is still relatively easy to debunk, but the quality is increasing very, very quickly and that’s something that’s of great concern,” he said.
The report said that China “presents a prolific and effective cyber-espionage threat, possesses substantial cyber-attack capabilities, and presents a growing influence threat,” and the country’s “cyber pursuits and proliferation of related technologies increase the threats of cyber attacks against the U.S. homeland, suppression of U.S. web content that Beijing views as threatening to its internal ideological control, and the expansion of technology-driven authoritarianism around the world.”
CIA Director Bill Burns told the House panel that China “poses the single biggest geopolitical test for the United States as far out into the 21st century as I can see.”
China “can launch cyber attacks that, at a minimum, can cause localized, temporary disruptions to critical infrastructure within the United States,” the IC assessment said, and “is also using its assistance to global efforts to combat COVID-19 to export its surveillance tools and technologies.”
“China’s cyber-espionage operations have included compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack, or influence operations,” the report added.
“We have now over 2,000 investigations that tie back to the Chinese government,” Wray told the Senate Intelligence Committee last Wednesday. “And on the economic espionage investigation side alone, it’s about a 1,300 percent increase over the last several years. We’re opening a new investigation into China every 10 hours.”
Russia will also “remain a top cyber threat as it refines and employs its espionage, influence, and attack capabilities,” with targets including “critical infrastructure, including underwater cables and industrial control systems, in the United States and in allied and partner countries, as compromising such infrastructure improves—and in some cases can demonstrate—its ability to damage infrastructure during a crisis.”
Director of National Intelligence Avril Haines told the House Intelligence Committee that Russia “is becoming increasingly adept at leveraging its technological prowess to develop asymmetric options in both the military and cyber spheres in order to give itself the ability to push back and force the United States to accommodate Russia’s interests.”
The assessment calls out Russia for the 2020 software supply chain operation against SolarWinds that compromised about 18,000 customers worldwide including government enterprise networks, critical infrastructure entities, and others in the private sector. That attack “demonstrates Moscow’s capability and intent to target and potentially disrupt public and private organizations in the United States,” the IC said.
“Russia is also using cyber operations to defend against what it sees as threats to the stability of the Russian Government. In 2019, Russia attempted to hack journalists and organizations that were investigating Russian Government activity and in at least one instance leaked their information,” the report added. “Russia almost certainly considers cyber attacks an acceptable option to deter adversaries, control escalation, and prosecute conflicts.”
Iran has shown the “expertise and willingness to conduct aggressive cyber operations,” making the country’s cyber ops “a significant threat to the security of U.S. and allied networks and data.”
“Iran has the ability to conduct attacks on critical infrastructure, as well as to conduct influence and espionage activities,” the assessment said, noting “multiple cyber attacks between April and July 2020 against Israeli water facilities that caused unspecified short-term effects.”
“Iran is increasingly active in using cyberspace to enable influence operations—including aggressive influence operations targeting the U.S. 2020 presidential election—and we expect Tehran to focus on online covert influence, such as spreading disinformation about fake threats or compromised election infrastructure and recirculating anti-U.S. content,” the assessment added. “Iran attempted to influence dynamics around the 2020 U.S. presidential election by sending threatening messages to U.S. voters, and Iranian cyber actors in December 2020 disseminated information about U.S. election officials to try to undermine confidence in the U.S. election.”
North Korea’s cyber program “poses a growing espionage, theft, and attack threat” and “probably possesses the expertise to cause temporary, limited disruptions of some critical infrastructure networks and disrupt business networks in the United States, judging from its operations during the past decade, and it may be able to conduct operations that compromise software supply chains.”
“North Korea has conducted cyber theft against financial institutions and cryptocurrency exchanges worldwide, potentially stealing hundreds of millions of dollars, probably to fund government priorities, such as its nuclear and missile programs,” the assessment said.
Wray told the Senate Intelligence Committee last Wednesday that the “private sector is central” to combating threats. “Ninety percent of the country’s critical infrastructure is in the hands of the private sector,” he said. “And it’s important to think of cybersecurity, not as a single event, but as a campaign. These are no longer a question of if an institution is going to be compromised, but when.”
“We need that first company — and someday you’re going to be the first company if you’re a CEO, someday you’re going to be the second or third or fourth company — we need in every instance those companies to be stepping forward, promptly reaching out to government so that we can prevent the threat from metastasizing across the rest of the industry,” Wray stressed.
Nakasone told the Senate panel that adversaries are “utilizing U.S. infrastructure in a means upon which we cannot surveil that, whether or not in the intelligence community or in the law enforcement community, to be able to react quick enough to what they’re doing.”
“The challenge we have right now… is what our adversaries are doing is not spearfishing. It’s not guessing passwords,” he said. “It’s utilizing supply chain operations. It’s using zero-day vulnerabilities, those vulnerabilities that a provider doesn’t even know about it.”