On Tuesday, top American spy officials said cyberattacks are getting worse — and it’s time to set basic international rules to prevent a future catastrophe.
“Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication and severity of impact,” U.S. national intelligence director James Clapper warned the Senate Armed Services Committee.
Cold War-era spying continues. Every nation does it — including the United States — and professional government hacker spies play a lead role.
But nations haven’t yet figured out what kind of hacking goes too far. Secretly gaining control of a nuclear power plant’s computers? Stealing highly private personnel records?
And, most importantly, when does hacking become an act of war? “We’re still working our way through that issue,” said U.S. Navy Admiral Mike Rogers, who also testified.
Rogers leads the NSA and America’s military hacking operations. When a senator asked him about defining a red line, Rogers said: “It has to be something that’s communicated that generates… a sense of consequence” and deters attackers from hacking in the first place.
Without that, cyberattacks will continue at an alarming pace, officials warned.
“We’re sort of in the Wild West here with cyber, where there are no limits,” Clapper said.
These questions are particularly pressing, given that some U.S. officials think it was China that recently stole copies of 21.5 million U.S. government personnel records.
In the past, Clapper has said China is the number one suspect in that hack. But on Tuesday, he said U.S. investigators aren’t sure, because of “differing degrees of confidence” in the evidence.
Then there’s a different type of hack: Corporate espionage.
China has also been accused of using its military hackers to steal American company secrets to give Chinese corporations a competitive edge. When Chinese President Xi Jinping’s visited the White House last week, he and President Obama publicly agreed that neither country would engage in cyber economic espionage.
On Tuesday, Clapper said “hope springs eternal,” but quickly added that he is “somewhat of a skeptic.”
During the hearing, Clapper also described the worst kind of hack America faces: “A massive armageddon-like-scale attack against our infrastructure,” like shutting down the entire American electricity grid.
But that’s unlikely right now, Clapper said. Instead, he worries about hackers quietly tinkering with real data we all rely on.
When cyber experts talk about data manipulation, they worry about what happens if American’s bank balances suddenly display fake numbers. No one would trust banks.
Think of it as a “Fight Club” style attack that creates utter chaos by eroding the nation’s confidence in the systems we use in our everyday lives. Fake data could alter stock market trades or even government weather instrument readings.
“What we could expect next is data manipulation, which then calls into question the integrity of the data, which in many ways is more insidious than the attacks we’ve suffered thus far,” Clapper warned.