Over the past few weeks things cyber have blown up in our faces once again. While some of the media noticed, the gist of the reporting was on who was doing what to us now, not the growing scandal of our essentially supine reaction to it.
Back on March 12, DNI James Clapper gave the Senate Select Committee on Intelligence a worldwide threat assessment, in which cyber led the list. Despite the fact that the Obama administration had gone public on the threat of Chinese cyberattacks at about the same time, Clapper certainly didn’t seem all that concerned. As with the Obama White House, his emphasis was on potential threats to U.S. public infrastructure (electrical grids, transportation systems, water works). However, these he judged to be minimal for the next two years, first, because of the sophistication involved and, second, because those with the ability now—Russia and China—”are unlikely to launch such a devastating attack against the United States outside of a military conflict or crisis that they believe threatens their vital interests.” Incidentally, Clapper expressed the opinion that infrastructure attacks, when they do come, are more likely to come from nonstate actors, i.e., those who won’t be sophisticated enough for at least a couple of years.
This assessment left out any mention of Iran as a state cyberthreat, and this despite its denial-of-service attacks on U.S. banks last fall. It did, however, mention the attack on Saudi Aramco in August 2012 that destroyed 30,000 computers, but failed to mention Iran as the source.
Now, just two months after it was issued, Clapper’s assessment regarding state-sponsored cyber has already been overtaken by events.
On May 23, the Wall Street Journal revealed that Iran-backed hackers have been increasing cyber infiltration and surveillance missions against (guess what?) infrastructure in the form of computer networks running U.S. energy companies: “In the latest operations, the Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. They proceeded ‘far enough to worry people,’ one former official said.” The Journal indicated that Iranian hackers had also got into the control systems of power companies. U.S. officials were also cited as saying that the infiltrations were of the same sort that the Iranians used against Saudi Aramco.
The foregoing is serious enough for one to ask what in the world this administration is doing about cyber threats if the DNI chooses to linger so far behind the curve of events. But there’s more bad news—bad news that suggests that things in the cyber realm move far faster than the administration is prepared to acknowledge and respond to.
Although the non-classified version of the worrying Defense Science Board report on cyber came out in March, it took until this week for the Washington Post to lay its hands on some of the classified parts. The initial reporting simply had it that the DSB report noted continuous cyber attacks on the Pentagon but without indication of effect. The classified sections revealed that the Chinese have had access to data from 37 Pentagon weapons programs and 29 other U.S. defense technologies, and that this has happened over the past two years: “A chart included in the science board’s report laid out what it called a partial list of 37 breached programs, which included the Terminal High Altitude Area Defense weapon — a land-based missile defense system that was recently deployed to Guam to help counter the North Korean threat. Other programs include the F-35 Joint Strike Fighter, the F-22 Raptor fighter jet, and the hybrid MV-22 Osprey, which can take off and land like a helicopter and fly like an airplane.” The Post published separately the list of weapons very likely compromised on May 27.