US ill-equipped to cope with mounting cyberattack threat

Dennis Blair, director of national intelligence, testified before the House Intelligence Committee, which was conducting its annual threat assessment hearing. Cyberattacks featured heavily both in Blair's testimony, and in the opening statement of the Committee's chair, Silvestre Reyes (D-TX).

Blair argued that the US was unprepared to defend itself against the rising threat of cyberattacks. In particular, increasing imports of foreign hardware and software for use in US networks is leaving the country open to potential attacks. "This increases the potential for subversion of the information in ... those systems," he said.

The technological balance favors attackers, rather than those wanting to defend their internet presence, Blair said, adding that the internet had also created a breeding ground for local radicalization.

"The United States continues to be the victim of a disturbing increase in the scope, virulence, and potency of cyber attacks. Whether the perpetrator is a terrorist organization or a state actor, the threat to our energy, financial, communications, and security infrastructures remains the same," Reyes said before calling Blair to the stand. "The intelligence community has a critical role to play in understanding the threat, securing our classified information technology systems, and working with the business community to secure its critical infrastructure."

The testimony came just days after security services company Mandiant published a report on advanced persistent threats. "We’ve been able to correlate almost every APT intrusion we’ve investigated to current events within China," Mandiant said in the document. The report sparked a debate between cyberwarfare expert Jeffrey Carr, and Richard Bejtlich, the director of incident response at General Electric. Bejtlich praised the report, while Carr criticized it, later moderating statements on his blog following a call with Mandiant. Nevertheless, Carr remains critical of the report.

What’s Hot on Infosecurity Magazine?