Cyber Threat: First Data Theft - Next Data Manipulation

Uploaded on 2015-09-17 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

o-JAMES-CLAPPER-facebook.jpg

Director of U.S. National Intelligence James Clapper calls data deletion or manipulation ‘next push of the envelope’ to US digital networks now threatened by wide-scale data theft.

A “Cyber Armageddon”, long imagined in Washington as a catastrophic event of digitally triggered damage to physical infrastructure, is less likely than “cyber operations that will change or manipulate data”, the US director of national intelligence, James Clapper, told the House intelligence committee recently.
Clapper, backed by the director of the National Security Agency, Admiral Michael Rogers, said that while such efforts had yet to manifest themselves, US business and governmental agencies had entered an era of persistent “low-to-moderate level cyber-attacks from a variety of sources”.

Yet both indicated that US digital networks are currently threatened by wide-scale data theft, like the recent intrusion into the networks of the Office of Personnel Management, not destruction or compromise.
Rogers and Clapper warned that a mutated phase of malicious digital penetrations would undermine confidence in data stored and accessible on US networks, creating an uncertainty that could jeopardize US military situational awareness.
“I believe the next push on the envelope is going to be the manipulation or the deletion of data which would of course compromise its integrity,” Clapper told the House panel.

Rogers testified that while the NSA and its military conjoined twin, US Cyber Command, had clear rules for protecting US networks, its authorities to engage in offensive action online were murkier. In 2013, the Guardian published a secret directive on US digital offensive capabilities and a framework for their use, thanks to the whistleblower Edward Snowden.
There is “still uncertainty about what is offensive and what is authorized”, Rogers said. “That’s a policy decision.”
While noting that offensive cyber attacks were “an application of force” akin to conventional military conflict, Rogers suggested that NSA or Cyber Command require a freer hand, warning: “A purely defensive strategy is not going to change the dynamic we find ourselves in now.”

Rogers also urged new international norms that would prohibit “extracting mass personally identifiable data”, although the Snowden document hoard demonstrates that to be the NSA’s practice worldwide.
Nor should the global community accept data destruction as a national practice, Rogers said – a cyber practice the US and Israel arguably inaugurated by allegedly creating the Stuxnet worm that hijacked and damaged industrial controls for Iranian nuclear centrifuges.

The FBI director, James Comey, joined by Rogers, reprised his plea for surreptitious access into end-to-end encrypted data. Comey argued that technologists had not truly tried to find a mathematical solution that would allow the US government access without subjecting sensitive data to increased insecurity.
Though leading cryptographers have likened Comey’s effort to “magical thinking”, Comey said: “My reaction to that is, really? Have we really tried?”

Clapper testified that there was no consensus within the intelligence agencies as to the ultimate culprit in the mass exfiltration of federal employees’ data at the Office of Personnel Management.
Rogers said the NSA had provided the office with “19 specific recommendations” to forestall a future hack, but did not indicate why the US agencies tasked with protecting government networks did not spot the vulnerabilities before 4 million personnel records were stolen, reportedly by China.
“I don’t think anyone is satisfied with the environment we find ourselves in right now,” Rogers said.
Ein News: http://http://bit.ly/1MoJpQW

« Autonomous Submarine Drones: A Threatening New Weapons Platform
Over 90% of UK Police Requests to Access Calls & Emails Are Granted »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Wavestone

Wavestone

Wavestone is a strategy and technology consulting company with areas of expertise including digital transformation and cybersecurity.

NETAS

NETAS

Netas offers solutions in information and communication technologies including end-to-end value added solutions, system integration and technology services to providers and corporations.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

Quadible

Quadible

Quadible BehavAuth is an AI-platform that continuously authenticates the users, without the need of any input, by learning their behavioural patterns.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

Next47

Next47

Next47 is a global venture firm, backed by Siemens, committed to turning today's impossible ideas into tomorrow's indispensable industries.

11:11 Systems

11:11 Systems

11:11 Systems synchronizes every aspect of network services for your business. Build your network with the industry’s most trusted expert skills.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

View

View

View is the leader in smart building technologies including OT cybersecurity to securely connect buildings to the cloud and manage building networks and OT devices.

Systems Engineering

Systems Engineering

Systems Engineering is a SOC 2, Type 2-certified IT strategy and managed technology services provider.

Sirar by STC

Sirar by STC

Sirar is an advanced technology and cybersecurity company established by STC, the MENA region’s ICT and digital services provider.

Breez Security

Breez Security

Breez Security's mission is to address the increasingly complex and ever evolving challenges of identity security.