Director of National Intelligence James Clapper told the Senate Intelligence Committee that cyberspace is affording bold actors opportunities to be even more aggressive.

"The challenge particularly in the cyber realm, I’ll say, is that there’s kind of an insidious progression of aggressiveness," DNI James Clapper said at Tuesday's hearing. "I’ve certainly seen this over the last six years or so where other countries get progressively more — as they develop more capability — they also have an intent and willingness to try to use it. And we’re seeing this particularly with the second tier, meaning North Korea and Iran, who don’t have the cyber capability — we don’t believe in the level of sophistication of certainly the Russians or the Chinese — but they are progressing.

"That’s, to me, what’s bothersome about this whole business of cyber and when do you draw the line to say enough’s enough."

Adm. Michael Rogers, head of the National Security Agency and commander of U.S. Cyber Command, told the Senate Armed Services Committee last week that while Russia is "the peer competitor," Iran and North Korea are currently at a moderate level, noting the level of investment, capability and willingness to employ cyber in some very aggressive ways beyond normal risk calculus is concerning.

Clapper noted that Russia has demonstrated "a progression of capabilities as they’ve acquired them and used them," adding they have used these capabilities against European nations and democracies.

"As the technology has increased [the Russians have] gotten more tools available to them, they’ve broadened the spectrum of things that they have done," Clapper said. "What is unique and what is disturbing, though, about this election, 2016, is the aggressiveness and the variety of tools they use and their activism in trying to convey information — which they stole — in an effort to influence the outcome of the election. That’s different than any previous case."

When asked by Sen. Marco Rubio, R-Fla., about the prospect that the Russians could, as they have alleged to have done elsewhere, hack into the computer of a U.S. official critical of Russian policies, plant illicit and illegal materials to the computer, and anonymously call the authorities to have the individual arrested, effectively silencing them, Clapper replied that this tactic is "certainly well within both their technical competence and their potential intent."

"The last two years running in my threat presentations, I’ve cited that I think the next worrisome trend in the cyber business will be the compromise of the fidelity of information. And whether it’s for a criminal purpose or a political purpose," Clapper added, citing a similar alarm bell also rung many times in the last few years by Rogers. "So this is well within the realm, I think, of possibility."

This makes all deterrence quite difficult, especially within the blurred lines of espionage and attack. This notion is an issue Clapper has hit on several times in front of Congress, particularly in front of the Senate Armed Services Committee last week and Senate Intelligence Committee on Tuesday.

"Well, there’s a lot of espionage, certainly collecting and exfiltrating information; obviously the Chinese come to mind. But in very much a contrast between the passive collection, the passive exfiltration as opposed to the actively purloining information and then using it for a political end — that’s the difference here," Clapper said of the alleged Russian influence operation against the U.S. election.

"If you’re conducting espionage, then if we’re going to punish — nation states are going to punish each other for conducting espionage, which is the passive collection of information, that’s a pretty heavy policy call, which I don’t think any of us want to make," he reiterated to the Intelligence Committee, parroting points he made to the Armed Services Committee last week about the intelligence community. "When it’s an activist campaign as it was here, that’s a different proposition."

About Mark Pomerleau

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

Share:
More In Cyber