Cyber Threat: First Data Theft - Next Data Manipulation

Uploaded on 2015-09-17 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

o-JAMES-CLAPPER-facebook.jpg

Director of U.S. National Intelligence James Clapper calls data deletion or manipulation ‘next push of the envelope’ to US digital networks now threatened by wide-scale data theft.

A “Cyber Armageddon”, long imagined in Washington as a catastrophic event of digitally triggered damage to physical infrastructure, is less likely than “cyber operations that will change or manipulate data”, the US director of national intelligence, James Clapper, told the House intelligence committee recently.
Clapper, backed by the director of the National Security Agency, Admiral Michael Rogers, said that while such efforts had yet to manifest themselves, US business and governmental agencies had entered an era of persistent “low-to-moderate level cyber-attacks from a variety of sources”.

Yet both indicated that US digital networks are currently threatened by wide-scale data theft, like the recent intrusion into the networks of the Office of Personnel Management, not destruction or compromise.
Rogers and Clapper warned that a mutated phase of malicious digital penetrations would undermine confidence in data stored and accessible on US networks, creating an uncertainty that could jeopardize US military situational awareness.
“I believe the next push on the envelope is going to be the manipulation or the deletion of data which would of course compromise its integrity,” Clapper told the House panel.

Rogers testified that while the NSA and its military conjoined twin, US Cyber Command, had clear rules for protecting US networks, its authorities to engage in offensive action online were murkier. In 2013, the Guardian published a secret directive on US digital offensive capabilities and a framework for their use, thanks to the whistleblower Edward Snowden.
There is “still uncertainty about what is offensive and what is authorized”, Rogers said. “That’s a policy decision.”
While noting that offensive cyber attacks were “an application of force” akin to conventional military conflict, Rogers suggested that NSA or Cyber Command require a freer hand, warning: “A purely defensive strategy is not going to change the dynamic we find ourselves in now.”

Rogers also urged new international norms that would prohibit “extracting mass personally identifiable data”, although the Snowden document hoard demonstrates that to be the NSA’s practice worldwide.
Nor should the global community accept data destruction as a national practice, Rogers said – a cyber practice the US and Israel arguably inaugurated by allegedly creating the Stuxnet worm that hijacked and damaged industrial controls for Iranian nuclear centrifuges.

The FBI director, James Comey, joined by Rogers, reprised his plea for surreptitious access into end-to-end encrypted data. Comey argued that technologists had not truly tried to find a mathematical solution that would allow the US government access without subjecting sensitive data to increased insecurity.
Though leading cryptographers have likened Comey’s effort to “magical thinking”, Comey said: “My reaction to that is, really? Have we really tried?”

Clapper testified that there was no consensus within the intelligence agencies as to the ultimate culprit in the mass exfiltration of federal employees’ data at the Office of Personnel Management.
Rogers said the NSA had provided the office with “19 specific recommendations” to forestall a future hack, but did not indicate why the US agencies tasked with protecting government networks did not spot the vulnerabilities before 4 million personnel records were stolen, reportedly by China.
“I don’t think anyone is satisfied with the environment we find ourselves in right now,” Rogers said.
Ein News: http://http://bit.ly/1MoJpQW

« Autonomous Submarine Drones: A Threatening New Weapons Platform
Over 90% of UK Police Requests to Access Calls & Emails Are Granted »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

ZeroFox

ZeroFox

ZeroFox safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

ENVEIL

ENVEIL

ENVEIL’s technology is the first scalable commercial solution to cryptographically secure Data in Use.

InFyra

InFyra

InFyra is an IoT & Telecoms specialist consultancy, with extensive global and local experience in business and technology strategy, networks and solutions development.

The Legal 500

The Legal 500

The Legal 500 Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. Practice areas covered include Data Protection, Privacy and Cybersecurity.

Quantifind

Quantifind

Quantifind enables financial crimes/fraud analysts and investigators to make better decisions, faster, with intelligent automation.

IP2Location

IP2Location

IP2Location provide services to identify geolocation by IP address, and to detect IP addresses associated with anonymous proxy servers, which are often used for fraud and spamming purposes.

Risk Strategies

Risk Strategies

Risk Strategies is a leading specialty risk management consultancy and insurance broker offering smarter, practical approaches to risk mitigation including Cyber Liability insurance.

SafeStack Academy

SafeStack Academy

SafeStack Academy is an online cyber security and privacy education platform. Our content is designed by experts to suit small businesses, growing companies, and development teams.

Cyber Protection Group (CPG)

Cyber Protection Group (CPG)

Cyber protection Group specialize in Penetration Testing. We work with enterprise level companies as well as small to medium sized businesses.

BaaSid

BaaSid

BaaSid is next generation security technology for data security & security authentication based on De-centralized & Blockchain.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

NANO Corp

NANO Corp

At NANO Corp, we keep your network visible, understandable, operational and secure with state-of-the-art technology.

Haiku

Haiku

Haiku stands at the forefront of cybersecurity upskilling, leveraging video games to immerse you in a flow state for accelerated, enduring learning.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.

Parafox Technologies

Parafox Technologies

Parafox Technologies delivers data security, compliance, and risk solutions to help businesses grow securely and stay audit-ready.