On Jan 31, 2012, Greg Miller reported for the Washington Post on testimony given by James Clapper, the Director of National Intelligence. You can find Director Clapper's prepared remarks here. That testimony (which is going on today) is for a threat assessment hearing for the Senate Intelligence Committee.
According to the article, Clapper cites the Iranian plot to assassinate the Saudi ambassador to the US as evidence of "an aggressive new willingness within the upper ranks of the Islamist republic to authorize attacks against the United States." That aggressive new willingness may prompt the Iranians to conduct an attack on US soil.
Clapper's testimony also noted heightened concerns over cyber-attacks.
You can find the Washington Post article here.
***
Now, in the context of Iran's aggressive new willingness to attack, could the attack on U.S. soil be from a cyberattack? I'm not suggesting that Iran will attack the US; it seems that Director Clapper is just accounting for the possibility. However, if Iran does attack, it might prefer to use a cyberattack. For one, Iran may have an advanced cyber-capability: in the wake of Stuxnet, Iran began to assemble a hacker army. Moreover, after the downing of the RQ-170, news outlets were abuzz with Iran's possible cyber-capabilities. The DNI referenced Iran's increasing cyber-capabilities (see below).
Indeed, it seems that Iran has at least considered a cyberattack on US soil. Remember how Iranian agents plotted with a Venezulan ambassador to attack US nuclear plants? The US State Department expelled that ambassador, so there had to be something there. Would Iran make use of that cyber-capability to prove a point? I think it would be a lot easier to pull off a cyberattack than close the Strait of Hormuz.
***
That threat assessment hearing is going on right now. Wired's Danger Room (@Danger Room) has a few interesting tweets regarding Director Clapper and cyber:
"DNI Clapper specifically calls out Russia & China for infiltrating US nets & 'stealing' data."
"Sen Rockefeller: would somebody, anybody finally friggin' do *something* about cybersecurity?"
From DODBuzz (@DoDBuzz), with regard to Director Clapper's response to who has cybersecurity responsibility within the US:
"Clapper's "this ain't [m]y job, bro," exemplifies what everyone always says anytime the Hill considers cyber-threats. Yet he keeps warning."
"Clapper: There could be more done to take advantage of technical expertise at NSA. EG, DoD response was to stand up CyberCom."
"Clapper: There is a debate, maybe DoD should be responsible for defending more than itself. Mueller: We have lots of expertise here."
Interesting. Remember, DOD can only protect DOD networks. Should DOD have the legal ability to bring its formidable cyber-arsenal to bear in the domestic US?
***
A few excerpets from the DNI testimony (with regard to cyber):
"Hackers are also circumventing network security by targeting companies that produce security technologies, highlighting the challenges to securing online data in the face of adaptable intruders."
"Two of our greatest strategic challenges regarding cyber threats are: (1) the difficulty of providing timely, actionable warning of cyber threats and incidents, such as identifying past or present security breaches, definitively attributing them, and accurately distinguishing between cyber espionage intrusions and potentially disruptive cyber attacks; and (2) the highly complex vulnerabilities associated with the IT supply chain for US networks."
With regard to cyber-espionage, "[Foreign Intelligence Services] have launched numerous computer network operations targeting US government agencies . . . [that] are not being detected."
"Iran's . . . cyber capabilities have dramatically increased in recent years in depth and complexity. We assess that [Foreign Intelligence Services] from [Iran, China, and Russia] will remain the top threats to the United States in the coming years."
Leave a Reply