The nation’s top intelligence officials told congressmen Thursday that passing new cybersecurity legislation is necessary because hackers on behalf of nation-states and groups such as the Islamic State are hitting the U.S. through persistent campaigns, despite recent well-publicized arrests and other would-be deterrents.
As a cybersecurity bill continues to lay dormant in the Senate, lawmakers in the House heard pleas from officials who said legislation is needed to lessen the affects of ongoing operations waged by not only foreign governments, but hackers in the homeland and abroad whose methods of attack are becoming more advanced day by day.
James Clapper, the director of the Office of National Intelligence, told a House committee on Thursday that “cyberthreats to U.S. national and economic security are increasing in frequency, scale, sophistication and the severity of impact.”
Downplaying the OPM breach that compromised the personally identifiable information of millions of government employees and contractors, Mr. Clapper told the Permanent Select Committee on Intelligence that the U.S. must be ready for future attacks in the digital realm that won’t end with the theft of user data.
“Although we must be prepared for a large, Armageddon-scale strike that would debilitate the entire U.S. infrastructure, it’s not our belief that that’s the most-likely scenario. Rather, our primary concern is the low- to moderate-level cyberattacks from a variety of sources, which will continue and probably expand. This imposes increasing costs, as you indicate, to our businesses, to U.S. economic competitiveness and to national security,” Mr. Clapper told the committee.
“In my 50-plus years in the intelligence business, I don’t recall a time when we’ve been beset by a greater variety of challenges and risks around the world, both regionally and functionally,” he added.
Although the details of roughly 21.5 million individuals were compromised in the OPM breach earlier this year that’s been widely blamed on China, Mr. Clapper said he wouldn’t categorize the hack as a cyber “attack” since it was entirely passive and didn’t result in the destruction of any data.
He said that he expects state-sponsored actors and extremist groups to soon adopt new methods, though, and believes a future wave of cyber assaults will involve the manipulation of electronic information in order to compromise its integrity.
Mr. Clapper told the panel that the Senate should act already on the Cyber Intelligence Sharing Act to combat these campaigns.
If approved, the legislation would encourage private sector businesses to share cyberthreat information with the federal government in hopes of giving experts in Washington a heads-up with respect to the kinds of attacks that are often spotted too late to be stopped.
The lower chamber has already given the bill its stamp of approval, but senators failed to act ahead of the summer recess and have yet to weigh in since reconvening this week.
Rep. Devin Nunes, California Republican and committee chairman, said he was “anxiously awaiting” the bill to be passed in the Senate, as did Adm. Mike Rogers, the chief of the NSA and U.S. Cyber Command, who also fielded questions at Thursday’s hearing alongside Mr. Clapper and counterparts from the FBI, CIA and Defense Intelligence Agency.
FBI Director James Comey said that groups such as the Islamic State have been “highly effective” with online recruitment campaigns carried out over social media on a rudimentary level.
Whereas more capable adversaries are alleged to be waging actual attacks on America’s computer networks, Mr. Comey said platforms such as Twitter have given way to “the most complicated spider web in the world,” the likes of which has enabled widespread radicalization that’s anything but easy to nip in the bud.
“Social media works whether you’re selling sneakers or selling the poison of the so-called Islamic State,” Mr. Comey said. “Unfortunately there is an audience for this kind of poison.”
Nevertheless, he said social media companies have been “responsive” and “responsible” with heeding the government’s request to shut down accounts that propagate extremist ideologies, and that similar efforts to stifle radicalization on the so-called “Deep Web” — the portion of the Internet not indexed by search engines — have been successful as well.
“We send a message that you think you’re hiding from us, but you’re not hiding from us,” Mr. Comey said.
Indeed, the government has made it clear recently that individuals who associate on the Web with terror groups are not shrugged off because of the realm in which they operate.
A teenager from Virginia was sentenced to 11 years in prison last month for supporting the Islamic State through a Twitter account, and Junaid Hussain, a British hacker accused of having managed online recruitment efforts for the extremists, was killed in August by an U.S. airstrike.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.