Risk
2/2/2010
04:35 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

U.S. 'Severely Threatened' By Cyber Attacks

The U.S. intelligence chief is urging greater cooperation and funding to defend against online threats.

Testifying before the Senate Intelligence Committee on Tuesday, the top U.S. intelligence official warned that U.S. critical infrastructure is "severely threatened" and called the recent cyber attack on Google "a wake-up call to those who have not taken this problem seriously."

"Sensitive information is stolen daily from both government and private sector networks, undermining confidence in our information systems, and in the very information these systems were intended to convey," said Dennis C. Blair, Director of National Intelligence, in prepared remarks outlining the U.S. intelligence community's annual assessment of threats.

While Blair's testimony covered terrorism, nuclear proliferation, geo-political conflicts, global economic problems, risks associated with climate change, and global health challenges, it addressed cyber threats first.

"Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication," he said, citing as an example the emergence in 2009 of malware that modifies itself to avoid detection.

Cyber criminals' capabilities presently exceed the response capabilities of those defending networks, Blair said, and urged companies to promptly report attacks to help the government understand and address the full range of cyber threats. He warned that cyber-facilitated bank fraud and credit fraud have serious implications for the economy and national security.

Looking ahead, he said that voice and data networks will converge over the next five years and that this convergence amplifies the potential disruption from cyber attacks.

To protect cyberspace, the U.S. government will need to collaborate more effectively with private sector partners and international authorities, said Blair.

He also urged Congress to fully fund the U.S. government's cyber security initiatives, noting that Congress had funded most, but not all, of the Administration's request last year.

Blair's comments come just days after the emergence of a leaked report from MI5, the U.K.'s counter-intelligence agency, about the risk of Chinese cyber-espionage and malware-infected electronic gifts.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5700
Published: 2014-09-22
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some o...

CVE-2014-0484
Published: 2014-09-22
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-3595
Published: 2014-09-22
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVE-2014-3635
Published: 2014-09-22
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows remote attackers to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one m...

Best of the Web
Dark Reading Radio