Intel Director: Threat Mounts from Convergence

The American government's greatest ally to combat cyberthreats is American business.

That's the takeaway from testimony delivered to Congress last week by James Clapper, director of the Office of National Intelligence. Testifying before the Senate Armed Services Committee, Clapper said the formalization of military cyber capabilities creates another tool that foreign leaders could use to undermine America's critical infrastructure that were, in the past, assumed to be secure before or during a conflict:

"The IC (intelligence community) is reaching out to the private sector to ensure current understanding of the dynamic cyber environment. More government-private sector and international cooperation is still required across the cybersecurity landscape."

The fact that a top administration official highlights a government-business collaboration on cybersecurity isn't new. Over the past few years, at the RSA IT security conference, senior representatives of the Obama administration and Pentagon have repeatedly emphasized the need for collaboration between the public and private sectors (see White House RSA Message Consistent Over the Years).

Clapper, in his testimony, also offered a list of troubling data points about the vulnerability of government, military and private-sector IT systems and networks:

• Industry estimates that the production of malware has reached its highest levels, with an average of 60,000 new pieces identified daily. Nearly half of U.S. computers have been compromised. The trend should intensify in the next five years because of slow adoption of defense best practices and rapid advances in offensive vulnerability discovery and exploitation.
• A significant amount of Internet traffic - including data from the U.S. government and military and major American corporations - was redirected through networks in China for 17 minutes last April because of inaccurate information posted by a Chinese Internet service provider. That gave the Chinese the ability to read, delete or edit e-mail and other information sent along those paths.

Clapper said the threat intensifies as convergence of technologies amplifies the opportunities for disruptive cyberattacks:

"This phenomenon means that the same networks and devices are processing a full range of data and support a full range of applications, from banking to social networking, from supply chain management to healthcare records. The convergence adds much convenience, but it poses new security challenges across a swath of our government and economy.

Clapper said these new vulnerabilities enable criminals, foreign governments and non-state foes to steal, corrupt, harm and destroy public and private assets vital to America's national interest.