Cyber Threat: First Data Theft - Next Data Manipulation

o-JAMES-CLAPPER-facebook.jpg

Director of U.S. National Intelligence James Clapper calls data deletion or manipulation ‘next push of the envelope’ to US digital networks now threatened by wide-scale data theft.

A “Cyber Armageddon”, long imagined in Washington as a catastrophic event of digitally triggered damage to physical infrastructure, is less likely than “cyber operations that will change or manipulate data”, the US director of national intelligence, James Clapper, told the House intelligence committee recently.
Clapper, backed by the director of the National Security Agency, Admiral Michael Rogers, said that while such efforts had yet to manifest themselves, US business and governmental agencies had entered an era of persistent “low-to-moderate level cyber-attacks from a variety of sources”.

Yet both indicated that US digital networks are currently threatened by wide-scale data theft, like the recent intrusion into the networks of the Office of Personnel Management, not destruction or compromise.
Rogers and Clapper warned that a mutated phase of malicious digital penetrations would undermine confidence in data stored and accessible on US networks, creating an uncertainty that could jeopardize US military situational awareness.
“I believe the next push on the envelope is going to be the manipulation or the deletion of data which would of course compromise its integrity,” Clapper told the House panel.

Rogers testified that while the NSA and its military conjoined twin, US Cyber Command, had clear rules for protecting US networks, its authorities to engage in offensive action online were murkier. In 2013, the Guardian published a secret directive on US digital offensive capabilities and a framework for their use, thanks to the whistleblower Edward Snowden.
There is “still uncertainty about what is offensive and what is authorized”, Rogers said. “That’s a policy decision.”
While noting that offensive cyber attacks were “an application of force” akin to conventional military conflict, Rogers suggested that NSA or Cyber Command require a freer hand, warning: “A purely defensive strategy is not going to change the dynamic we find ourselves in now.”

Rogers also urged new international norms that would prohibit “extracting mass personally identifiable data”, although the Snowden document hoard demonstrates that to be the NSA’s practice worldwide.
Nor should the global community accept data destruction as a national practice, Rogers said – a cyber practice the US and Israel arguably inaugurated by allegedly creating the Stuxnet worm that hijacked and damaged industrial controls for Iranian nuclear centrifuges.

The FBI director, James Comey, joined by Rogers, reprised his plea for surreptitious access into end-to-end encrypted data. Comey argued that technologists had not truly tried to find a mathematical solution that would allow the US government access without subjecting sensitive data to increased insecurity.
Though leading cryptographers have likened Comey’s effort to “magical thinking”, Comey said: “My reaction to that is, really? Have we really tried?”

Clapper testified that there was no consensus within the intelligence agencies as to the ultimate culprit in the mass exfiltration of federal employees’ data at the Office of Personnel Management.
Rogers said the NSA had provided the office with “19 specific recommendations” to forestall a future hack, but did not indicate why the US agencies tasked with protecting government networks did not spot the vulnerabilities before 4 million personnel records were stolen, reportedly by China.
“I don’t think anyone is satisfied with the environment we find ourselves in right now,” Rogers said.
Ein News: http://http://bit.ly/1MoJpQW

« Autonomous Submarine Drones: A Threatening New Weapons Platform
Over 90% of UK Police Requests to Access Calls & Emails Are Granted »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Contrast Security

Contrast Security

Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software.

Immersive

Immersive

Immersive unifies Cyber Drills, Exercises, Sims, Ranges, and Training into one single, adaptive platform. One Platform. Total Cyber Resilience.

CyRise

CyRise

CyRise is a venture accelerator focused squarely on early stage cyber security startups.

macmon secure

macmon secure

macmon secure develops network security software, focussing on Network Access Control.

ePlus

ePlus

ePlus designs and delivers effective, integrated cybersecurity programs centered on culture and technology, aimed at mitigating business risk and empowering digital transformation.

Cytellix

Cytellix

Cytellix is an industry-standards-based, managed cybersecurity service provider, specializing in proactive behavioral analytics and situational awareness of an organization’s cyber posture.

Guardian Digital

Guardian Digital

Guardian Digital makes email safe for business. Threat-ready business email protection. Fully supported.

BlueHalo

BlueHalo

BlueHalo is purpose-built to provide industry capabilities in the domains of Space Superiority and Directed Energy, Missile Defense and C4ISR, and Cyber and Intelligence.

Pivot Technology School

Pivot Technology School

Pivot Tech offers Data Analytics, Software Development and Cyber Security training in boot camp style cohorts.

Tailscale

Tailscale

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly.

Datastream Cyber Insurance

Datastream Cyber Insurance

DataStream Cyber Insurance is designed to give SMB’s across the US greater confidence in the face of increasing cyber attacks against the small and medium business community.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.

Dispel

Dispel

Dispel makes the fastest secure remote access for industrial networks. Built by operators for operators: a zero trust engine for your entire OT, IoT, and xIoT stack.