“The Big 4” Global Threats

On 29 January of 2019, the leaders of six U.S. intelligence agencies delivered a report in front of the Senate Intelligence Committee covering global threats and pressing issues facing the United States.

The annual “Worldwide Threat Assessment” is a report that ranks threats to U.S. national security from around the world. Although it does not include classified information, intelligence sources or methods, it provides insight of how the intelligence community determines adversaries’ motives, and our vulnerabilities they might exploit.

Of the topics discussed, cyber threats and electoral security was of significant interest. In a prepared written statement, director of National Intelligence Dan Coats describes the broad range of threats facing the United States, including threats from counterspace weaponry, homegrown violent extremists, Al Qaeda, ISIS, and drug trafficking. He also touches base on economic growth, human displacement, and religious freedom.

The “Big 4” Threats

According to Coats, “our adversaries and strategic competitors will increasingly use cyber capabilities—including cyber espionage, attack, and influence—to seek political, economic, and military advantage over the United States and its allies and partners.” The “big 4” adversaries China, Russia, Iran, and North Korea will continue to use cyber operations to disrupt critical infrastructure, influence ideas, and steal information.

China. Currently U.S. intelligence leaders believe China poses the most dangerous threat to the U.S. The report states that “China presents a persistent cyber espionage threat and a growing attack threat to our core military and critical infrastructure systems”, adding that the country has “the ability to launch cyber-attacks that cause localized, temporary disruptive effects on critical infrastructure”. In 2018, the U.S. Department of Justice charged two Chinese hackers associated with a hacking group known as “Advanced Persistent Threat 10” (APT 10). The two men were employees of the Chinese government accused of orchestrating a global cyber campaign to steal secrets from businesses and governments in the US and around the world.

Russia. The assessment believes Russia will continue to target critical infrastructure and influence elections. The 2020 U.S. election will be an opportunity for Russia and other adversaries to undermine US alliance and partnerships, and policies in the United States and elsewhere. This year Russia will continue working on expanding their abilities “to execute cyber-attacks in the United States that generate localized, temporary disruptive effects on critical infrastructure – such as disrupting an electrical distribution network for at least a few hours,” said Coats. In March of 2018, the Department of Homeland Security (DHS) issued an alert warning Russian government cyber activity targeting the West’s energy sector and other critical infrastructure. The group believed to be responsible is known as “Dragonfly”, with a number of attacks affecting organizations in the U.S., Turkey, and Switzerland.

Iran. Iran will continue to penetrate U.S. and allied networks for espionage to position itself for future attacks. In January, the Department of Homeland Security issued its first ever emergency directive advising federal agencies to take immediate action in response to a Global DNS hijacking campaign. The campaign targeted organizations in the Middle East, North Africa, Europe, and North America. The DHS order follows research published by FireEye analysts who believe an Iranian-based group of actors are responsible, and the activity aligns with the Iranian governments interests. The U.S. warns allies to harden its defense and weigh counterattacks.

North Korea. North Korea will continue to target financial institutions to gather intelligence to conduct disruptive cyber-attacks on the U.S. and South Korea. Pyongyang’s cybercrime operations include attempts to steal more than $1.1 billion from financial institutions across the world – including a successful cyber heist of an estimated $81 million from the New York Federal Reserve account of Bangladesh’s central bank, said Coats. The stolen money will likely be spent on advancing North Korea’s development of nuclear weapons and cyberwarfare.

Significance

We are entering the new era of cyberwarfare which cyber may be used to win future conflicts. Countries are seeing the value in obtaining adversary and competitor information. Adversaries will continue to grow their cyber capabilities in order to strike when needed. Adversaries and strategic competitors will use cyber capabilities as leverage to weaken the United States. Cyber-attacks will be considered the new weapons of mass destruction in an interconnected world. The increased amount of data produced will call for more data protection against advance persistent threats.

The digital tools and techniques used by U.S. adversaries and competitors will continue to grow in force and extremity calling for the public and private sectors to work closely together. The intelligence community must continue to grow its intelligence capabilities to meet the evolving cyber threats by maintaining focus on cybersecurity awareness, vulnerability management, and next-generation security techniques to mitigate advanced threats.

Sources

Director of National Intelligence – Daniel R. Coats, Worldwide Threat Assessment 29 Jan 2019

Cyberscoop, Cyberthreats rise to the top at Senate hearing 29 Jan 2019

Airforce Magazine, Data Evolution, Cyber Threats Under Scrutiny on Capitol Hill 30 Jan 2019

FireEye, Global DNS Hijacking Campaign: DNS Record Manipulation at Scale 09 Jan 2019

FireEye, APT10: Global Campaign Latest Manifestation of Longstanding Threat 06 Apr 2017

Symantec, Dragonfly: Western energy sector targeted by sophisticated attack group 20 Oct 2017