Threats from cyber-espionage, computer crime, and attacks on critical infrastructure will surpass terrorism as the number one threat facing the United States, FBI Director Robert Mueller testified today.
Mueller and National Intelligence Director James Clapper, addressing the annual Worldwide Threat hearing before the Senate Select Committee on Intelligence, cited their concerns about cyber-security and noted that China and Russia run robust intrusion operations against key U.S. industries and the government.
"I do not think today it is necessarily [the] number one threat, but it will be tomorrow," Mueller said. "Counterterrorism - stopping terrorist attacks - with the FBI is the present number one priority. But down the road, the cyberthreat, which cuts across all [FBI] programs, will be the number one threat to the country."
A report released in November by the National Counterintelligence Executive singled out Russia and China for their aggressive efforts to steal American intellectual property, trade secrets and national security information.
"The cyberthreat is one of the most challenging ones we face," Clapper said. "Among state actors, we're particularly concerned about entities within China and Russia conducting intrusions into U.S. computer networks and stealing U.S. data. And the growing role that nonstate actors are playing in cyberspace is a great example of the easy access to potentially disruptive and even lethal technology and know-how by such groups."
"We foresee a cyber-environment in which emerging technologies are developed and implemented before security responses can be put in place," Clapper said. U.S. officials estimate that there are 60,000 new malicious computer programs identified each day.
Last week the computer security firm Symantec released a report on a Trojan horse program dubbed "Sykipot," which researchers say was traced to computer servers in China and was allegedly targeting firms in the defense industry.
"The Sykipot attackers have a long running history of attacks against multiple industries. Based on these insights, the attackers are familiar with the Chinese language and are using computer resources in China. They are clearly a group of attackers who are constantly modifying their creation to utilize new vulnerabilities and to evade security products and we expect that they will continue their attacks in the future," Symantec noted in a blog posting.
In the past several years there has been a growing list of complex computer breaches that highlight the wide array of threats the officials were testifying about:
In the next month, Congress is expected to take up debate about pending cyber-security legislation that could possibly give the Department of Homeland Security new authorities to protect critical computer networks. Senators today on the Hill questioned the panel about why they have not done more to move forward on the issue.
"I can tell you that we are exceptionally concerned about that threat," Mueller said, citing the establishment of the National Cyber Investigative Joint Task Force that brings together the 18 intelligence agencies to work on various cyber threats.
"In the same way we changed to address terrorism, we have to change to address cybercrime." Mueller said. "And so we have to build up the collective addressing of that threat in the same way that we did so and broke down the walls in the wake of September 11th ."