Director Of National Intelligence Admits That There's Little Risk Of A 'Cyber Pearl Harbor'

from the so-why-are-we-rushing? dept

“We judge that there is a remote chance of a major cyber attack against U.S. critical infrastructure systems during the next two years that would result in long-term, wide-scale disruption of services, such as a regional power outage,” Clapper said in his statement to the committee. “The level of technical expertise and operational sophistication required for such an attack — including the ability to create physical damage or overcome mitigation factors like manual overrides — will be out of reach for most actors during this time frame. Advanced cyber actors — such as Russia and China — are unlikely to launch such a devastating attack against the United States outside of a military conflict or crisis that they believe threatens their vital interests.”

“These less advanced but highly motivated actors could access some poorly protected US networks that control core functions, such as power generation, during the next two years, although their ability to leverage that access to cause high-impact, systemic disruptions will probably be limited. At the same time, there is a risk that unsophisticated attacks would have significant outcomes due to unexpected system configurations and mistakes, or that vulnerability at one node might spill over and contaminate other parts of a networked system,” he said.

But the Cyber Command chief stressed that the U.S. needs to clamp down on this intellectual property theft, warning it will ultimately "hurt our nation significantly."



"For the nation as a whole, this is our future. This intellectual property, from an economic perspective, represents future wealth and we're losing that," Alexander said.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

We've been pointing out forthat all the talk about "cyberattacks" and "cybersecurity" appear to be FUD, mostly designed to scare up money for "defense" contractors looking for a new digital angle. And yet, we keep seeing fear-mongering report after fear mongering report insisting that we're facing imminent threats of such a dire nature that multiple people keep referring to this ridiculous concept of the "cyber Pearl Harbor" which is going to happenif we don't pass vaguely worded bills that will surely ramp up huge contracts . And yet, every time we'd hear these cinematic scare stories, we'd point out thathas yet died from a "cyber attack" and ask: where was the actual evidence ofYes, we've seen hack attacks that are disruptive or really about espionage. But that "big threat" coming down to get us all? There's been nothing to support it.And perhaps that's because it doesn't exist. Amazingly, the Director of National Intelligence, James Clapper, actually admitted in a Senate hearing that there's little risk of any "cyber Pearl Harbor" in the foreseeable future:He later admitted that some others -- who weren't as knowledgeable -- might be able to sneak in some attacks here or there, but that the impact would likely be minimal:Of course, at the very same hearing, the NSA's General Keith Alexander kept up the propaganda about threats. Alexander has been among those who have been spreading FUD about the "threats" -- including ridiculous claims about Anonymous shutting down the power grid -- so sticking to that line is hardly much of a surprise. This time around he focused on an increasing rate of attacks on Wall Street banks He also pulled out the old "the Chinese are stealing our business secrets!" claim. That always sounds good for Congress, but it is unclear how much real impact it has had.It doesn't appear he has any real basis for saying that. There are all sorts of ways to compete and to innovate, and falling back on relying intellectual property laws may be the least useful and least efficient manner for doing so.It would be nice if we could stop all the blatant fear mongering and focus on anyproblems, such as highlighting what important information isn't being shared today, since we keep getting told that it's our lack of information sharing that will lead to a cyber pearl harbor. Now that we know the threat isn't imminent, can we sit back and look at the actual evidence, understand what theproblem is, and see if there's a way to solve it that doesn't involve giving up everyone's privacy rights?

Filed Under: cispa, cybersecurity, digital pearl harbor, dni, james clapper, keith alexander, nsa