Every year, U.S. intelligence agencies release a worldwide threat assessment. For the first time, cyberattacks were included in that assessment, in part because of the increase of cyber threats here.
The Internet is increasingly being used as a tool both by states and by nonstate actors, such as terrorist groups, to achieve their objectives, the report says.
The article went on to say this, which I don’t agree with:
However, there is only a “remote chance” of a major cyberattack on the United States that would cause widespread disruptions, such as regional power outages, the report says. Most countries or groups don’t have the capacity to pull it off.
Why don’t I agree? This falls into the mindset that cyberwarfare isn’t that much different from traditional warfare, and the wealth and/or the military might of a country is what counts. It also ignores how fragile our critical infrastructure is (doesn’t anyone remember the blackout that spread from Ohio to New York a few years ago?). Do we know how much “capacity” is really needed to be able to pull off a major cyberattack?
The report goes on to say the real damage is likely to be done via “less sophisticated attacks” conducted by isolated groups or states. Now that I do agree with, since that’s been primarily what we’ve been seeing. However, who is to say that these less sophisticated attacks can’t be coordinated into something serious, if not devastating?
I don’t mean to be such a pessimist. I think it is important that the intelligence community is recognizing the potential impact of cyberattacks against government entities, the critical infrastructure and industry. But I also think that the risks have been downplayed. That may be just for public consumption. An NBC article on the report quoted James Clapper, the director of National Intelligence, who pointed out concerns that security experts struggle to keep up with the changing technologies:
“In some cases, the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks.”
However, the article continued, Clapper “softened” his analysis in writing, with that comment on the chances of being hit by a major attack being remote.
At a time when every one of us could be doing more to step up cybersecurity, it is better we know the true extent of potential risks.