Google cyber attacks a 'wake-up' call for US, intel chief says
Director of National Intelligence Dennis Blair warns that the US could face a crippling cyber attack, as cyber threats grow in scope and sophistication.
Alfred Jin / Reuters
The computerized critical infrastructure of the US is "severely threatened" by malicious cyberattacks now occurring on an "unprecedented scale with extraordinary sophistication."
That's the headline Dennis Blair, director of national intelligence, offered the Senate Select Committee on Intelligence Tuesday. But it was the largely unreported details he unpacked that could provide the wake-up call for government and private industry, whose computer networks he says are now under persistent and subtle assault.
In his remarks, Mr. Blair concluded that:
• Sensitive information is “stolen daily from both government and private sector networks.”
• Investigations are finding "persistent, unauthorized, and at times unattributable presences on exploited networks, the hallmark of an unknown adversary...."
• The US cannot be certain its cyberspace infrastructure will be available and reliable in a crisis.
• The US and the world face greater vulnerability to disruption as a result of the trend toward convergence of voice, facsimile, video, computers, and controls that operate critical infrastructure on a single network: the internet. These include banking, power, and water supplies
• Cyberthreats are increasingly subtle and sophisticated. Last year saw the deployment of “self-modifying malware, which evolves to render traditional virus detection technologies less effective.”
Such attacks are already happening, confirmed Daniel Geer, chief information security officer for In-Q-Tel, a nonprofit venture capital firm funded by the Central Intelligence Agency, at a security conference for the oil and gas industry in Houston in November. Other cybersecurity experts cite a growing threat from so-called "polymorphic" spyware that can change its digital signature to millions of different combinations to evade identification by anti-virus software.