Cyber Threat: First Data Theft - Next Data Manipulation

o-JAMES-CLAPPER-facebook.jpg

Director of U.S. National Intelligence James Clapper calls data deletion or manipulation ‘next push of the envelope’ to US digital networks now threatened by wide-scale data theft.

A “Cyber Armageddon”, long imagined in Washington as a catastrophic event of digitally triggered damage to physical infrastructure, is less likely than “cyber operations that will change or manipulate data”, the US director of national intelligence, James Clapper, told the House intelligence committee recently.
Clapper, backed by the director of the National Security Agency, Admiral Michael Rogers, said that while such efforts had yet to manifest themselves, US business and governmental agencies had entered an era of persistent “low-to-moderate level cyber-attacks from a variety of sources”.

Yet both indicated that US digital networks are currently threatened by wide-scale data theft, like the recent intrusion into the networks of the Office of Personnel Management, not destruction or compromise.
Rogers and Clapper warned that a mutated phase of malicious digital penetrations would undermine confidence in data stored and accessible on US networks, creating an uncertainty that could jeopardize US military situational awareness.
“I believe the next push on the envelope is going to be the manipulation or the deletion of data which would of course compromise its integrity,” Clapper told the House panel.

Rogers testified that while the NSA and its military conjoined twin, US Cyber Command, had clear rules for protecting US networks, its authorities to engage in offensive action online were murkier. In 2013, the Guardian published a secret directive on US digital offensive capabilities and a framework for their use, thanks to the whistleblower Edward Snowden.
There is “still uncertainty about what is offensive and what is authorized”, Rogers said. “That’s a policy decision.”
While noting that offensive cyber attacks were “an application of force” akin to conventional military conflict, Rogers suggested that NSA or Cyber Command require a freer hand, warning: “A purely defensive strategy is not going to change the dynamic we find ourselves in now.”

Rogers also urged new international norms that would prohibit “extracting mass personally identifiable data”, although the Snowden document hoard demonstrates that to be the NSA’s practice worldwide.
Nor should the global community accept data destruction as a national practice, Rogers said – a cyber practice the US and Israel arguably inaugurated by allegedly creating the Stuxnet worm that hijacked and damaged industrial controls for Iranian nuclear centrifuges.

The FBI director, James Comey, joined by Rogers, reprised his plea for surreptitious access into end-to-end encrypted data. Comey argued that technologists had not truly tried to find a mathematical solution that would allow the US government access without subjecting sensitive data to increased insecurity.
Though leading cryptographers have likened Comey’s effort to “magical thinking”, Comey said: “My reaction to that is, really? Have we really tried?”

Clapper testified that there was no consensus within the intelligence agencies as to the ultimate culprit in the mass exfiltration of federal employees’ data at the Office of Personnel Management.
Rogers said the NSA had provided the office with “19 specific recommendations” to forestall a future hack, but did not indicate why the US agencies tasked with protecting government networks did not spot the vulnerabilities before 4 million personnel records were stolen, reportedly by China.
“I don’t think anyone is satisfied with the environment we find ourselves in right now,” Rogers said.
Ein News: http://http://bit.ly/1MoJpQW

« Autonomous Submarine Drones: A Threatening New Weapons Platform
Over 90% of UK Police Requests to Access Calls & Emails Are Granted »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

GFI Software

GFI Software

GFI Software works with System Administrators, IT Professionals and IT Executives to ensure that their IT infrastructures are monitored, managed, secured and compliant.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

XCure Solutions

XCure Solutions

XCure Solutions are a Finnish company specializing in data security, data protection and data recovery.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

Yelbridges

Yelbridges

Yelbridges is your reliable partner in all fields of IT-Security, from developing of Security Policies and Guidelines to the design and implementation of secure processes.

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Crown Sterling

Crown Sterling

Crown Sterling delivers next generation software-based, AI-driven cryptography in the form of random number generators and encryption products.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Cyberi

Cyberi

Cyberi provide specialist technical consultancy and cyber advisory services, from penetration testing and assurance to incident management and response, and technical security research.

Mirai Security

Mirai Security

Mirai Security are a cyber security company that specializes in Governance, Risk Management and Compliance, Cloud Security and Application Security.

Obscure Technologies

Obscure Technologies

Obscure Technologies is a firm of experts, specialised in brokering the best security solutions to market.

NextGen Cyber Talent

NextGen Cyber Talent

NextGen Cyber Talent is a non-profit providing a platform to increase diversity and inclusion in the cybersecurity industry.

Xact IT Solutions

Xact IT Solutions

Xact IT Solutions are a certified cybersecurity firm offering cybersecurity, compliance and managed services.