Director of Intelligence James Clapper began his worldwide
threat assessment to the Senate Intelligence Committee Tuesday by outlining the
threats of cyberattacks.
While he said there is only a "remote" chance that
there will be a cyberattack on critical U.S. infrastructure in the next two
years that would result in wide-scale disruption, but that doesn't mean state
actors, or nonstate actors, might not deploy less sophisticated attacks.
Clapper said there was increasing risk to that critical
infrastructure from such attacks, which could have significant impact.
Among his other concerns are spies penetrating computer nets
and getting access to both unclassified and classified material; industrial
espionage; threats by China, Russia, Iran and others; the multistakeholder
model of Internet governance; and hacktivists and cybercriminals.
"Most hacktivists use short-term denial-of-service operations
or expose personally identifiable information held by target companies, as
forms of political protest," he said in his testimony. "However, a
more radical group might form to inflict more systemic impacts -- such as
disrupting financial networks -- or accidentally trigger unintended
consequences that could be misinterpreted as a state-sponsored attack."
Clapper also pointed to toolkits on the black market, and
the open market, for breaking into networks. "These hardware and software
packages can give governments and cybercriminals the capability to steal,
manipulate, or delete information on targeted systems."
The president this week is meeting with members of the House
and Senate. Among the topics of conversation will be his push for bipartisan
cybersecurity legislation to backstop his executive order on information
sharing and a best-practices cybersecurity framework.