This post is also available in: עברית (Hebrew)

James Clapper, director of U.S. intelligence, and other senior intelligence officers, have warned Congress that the next phase of escalating online data theft will likely involve the manipulation of digital information.

Clapper told lawmakers on the House Intelligence Committee that a “cyber Armageddon,” in which a digitally triggered damage to physical infrastructure results in a series of catastrophic events, is less likely than “cyber operations that will change or manipulate data.”

According to HomeLand Security News Wire , Clapper’s testimony was supported by Admiral Michael Rogers, the director of the National Security Agency, who said that while such attacks are yet to be carried out, U.S. business and governmental agencies had entered an era of persistent “low-to-moderate level cyber-attacks from a variety of sources.”

The Guardian reports that both said that U.S. digital networks are currently threatened by wide-scale data theft, like the recent breach of the networks of the Office of Personnel Management (OPM), not destruction or compromise.

Rogers and Clapper told lawmakers that the next phase of malicious digital intrusions, which would include not only the theft but also the manipulation or destruction of data, would undermine confidence in data stored on or accessible through U.S. networks, engendering an uncertainty which could jeopardize U.S. military situational awareness and undermine business activity.

“I believe the next push on the envelope is going to be the manipulation or the deletion of data which would of course compromise its integrity,” Clapper told the House panel.

Rogers testified that while the NSA and its military counterpart, the U.S. Cyber Command which he commands, had clear rules for protecting U.S. networks, their authority to engage in offensive cyber operations was less clear.

In 2013, the Guardian, relying on information leaked by Edward Snowden, published a secret directive on U.S. digital offensive capabilities and a framework for the use of such capabilities.

There is “still uncertainty about what is offensive and what is authorized”, Rogers said. “That’s a policy decision.”

Rogers suggested that while offensive cyberattacks were “an application of force” similar to conventional military conflict, the NSA or Cyber Command need a freer hand to engage in offensive cyber operations. He warned: “A purely defensive strategy is not going to change the dynamic we find ourselves in now.”

Rogers also said that it was urgent to create new international cyber standards which would prohibit “extracting mass personally identifiable data.”

Subscribe to our newsletter.