The Security Ledger

Internet of Things Looms Large in National Intelligence Assessment

US Director of National Intelligence James Clapper said the Internet of Things and cyber security bear heavily on the US intelligence community, creating both risks and opportunities.

In-brief: the consequences of innovation and increased reliance on information technology, including the Internet of Things, pose serious challenges to the nation’s cyber defenses and the intelligence community’s “operational tradecraft,” said DNI James Clapper in a report to Congress. 

Cyber security and the Internet of Things are among the most prominent features of the latest national security assessment for the U.S. government.

The report, issued Tuesday by James Clapper, the U.S. Director of National Intelligence (DNI) said that the “consequences of innovation and increased reliance on information technology” will be greater than ever in the years to come, and pose serious challenges to the nation’s cyber defenses and the intelligence community’s “operational tradecraft.”

Echoing comments made elsewhere, Clapper said that new, connected devices present both challenges and opportunities for the intelligence community.

“Devices, designed and fielded with minimal security requirements and testing, and an ever-increasing complexity of networks could lead
to widespread vulnerabilities in civilian infrastructures and US Government systems. These developments will pose challenges to our cyber defenses and operational tradecraft but also create new opportunities for our own intelligence collectors,” Clapper wrote.

The statement came in the annual Worldwide Threat Assessment of the US Intelligence Community, which Clapper presented to the Senate Select Committee on Intelligence on Tuesday.

So-called “smart” devices that are part of the Internet of Things (IoT) promise to create huge efficiencies in the U.S. economy and U.S. society. But Clapper notes evidence that these new systems “can threaten data privacy, data integrity, or continuity of services,” as well. “In the future, he said, “intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”

The increasing reliance on technology and automation to manage critical infrastructure could expose the U.S. economy to “asymmetric” attacks on what the report refers to as “systemic and persistent vulnerabilities in key infrastructure sectors including health care, energy, finance, telecommunications, transportation, and water,” Clapper notes. The report notes the rapid transformation in the healthcare space, driven by a government-backed push to adopt electronic health records and advances in medical device technology. But those trends also heighten the risks of large scale data breaches (as have been seen) and other attacks that could affect patient outcomes. Clapper’s report also makes veiled reference to the compromise of firmware used by Juniper Networks hardware as an example common infrastructure that has been subject to attack.

The report names Russia, China, Iran and North Korea as the “Leading Threat Actors” at work in the U.S. Nonstate  actors like terrorist groups also use the Internet to “organize, recruit, spread propaganda and coordinate operations, the report concludes.

The report comes on the same day that President Obama submitted his budget to Congress, asking for a 35% increase in funding for information security including a $19 billion Cybersecurity National Action Plan (CNAP) that will overhaul the way the federal government manages the security of its information systems.

Notably missing from the assessment: complaints about strong encryption in consumer products like cell phones. While FBI head James Comey has been warning loudly about the law enforcement and intelligence communities “going dark” in the face of unbreakable data encryption on iPhones and other devices, Clapper’s report mentions encryption only twice, noting that terrorists will “easily take advantage of widely available, free encryption technology, mobile-messaging applications, the dark web, and virtual environments to pursue their objectives.”

Spread the word!