Continued from page 1

“Rank-ordering foreign intelligence threats is an art. [You have to ask,] ‘Which of these foreign intelligence activities present the greatest threat to the U.S. and our national security interests in the world?’[ThSp]” said Michelle Van Cleave, director of the counterintelligence executive’s office in the administration of President George W. Bush.

Putting Iran in the top tier “suggests that this administration is seriously concerned, as they absolutely should be, about Iranian foreign intelligence activities,” she said.

Iranian intelligence activities were prolific in areas where the U.S. was “deeply engaged” - Afghanistan, Iraq and the Middle East and, increasingly, the Western Hemisphere, Ms. Van Cleave said.

Cybersecurity specialists offered mixed responses to Mr. Clapper’s testimony about Iranian cyber capabilities.

The Washington Times reported in October that an Iranian hacker, possibly state-sponsored, is widely thought to have been behind several breaches last year of the Internet security system known as Secure Sockets Layer (SSL). Computer users know the system as the padlock in the browser that shows that online shopping, banking and other communications are secure.

Without mentioning Iran, Mr. Clapper said the SSL breach “represents a threat to one of the most fundamental technologies used to secure online communications and sensitive transactions.”

Foreign intelligence services “have launched numerous computer-network operations targeting U.S. government agencies, businesses and universities,” Mr. Clapper said without naming them. “Foreign cyber-actors have also begun targeting classified networks.”

He noted that the pace of technological development outstripped the efforts of security officials to defend vital U.S. information-technology networks. “We foresee a cyber-environment in which emerging technologies are developed and implemented before security responses can be put in place.”

Nigel Inkster, a former senior British intelligence official, said that the SSL attack was “ingenious” and that the Iranians “probably achieved quite a lot of what they wanted to” with it.

But Mr. Inkster, now director of the Transnational Threats and Political Risk Program of the International Institute for Strategic Studies in London, noted that the SSL attack seemed primarily designed to eavesdrop on Iran’s own citizens.

“It’s a harbinger of things to come,” he said.

James A. Lewis, a cybersecurity scholar at the Center for Strategic and International Studies, expressed skepticism that Iran’s cyber capabilities might pose a threat to the United States.

The Iranians had been “pursuing cyber capabilities,” he said, and even “tested certain capabilities against Israel.”

But he added that “we [the public] don’t know how successful they’ve been.”

“It’s not a problem right now, but it could be in the future,” Mr. Lewis said of the Iranian threat of a cyberattack.

Story Continues →