Last week, during testimony to the U.S. Senate Armed Services Committee, Director of National Intelligence James Clapper said “In my 50-plus years in the intelligence business, I cannot recall a more diverse array of challenges and crises that we confront as we do today … The threat from foreign intelligence entities, both state and non-state, is persistent, complex and evolving.”
His comments on cyber-security included:
- “Devices, designed and fielded with minimal security requirements and testing, and an ever-increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and US Government systems. These developments will pose challenges to our cyber defenses and operational tradecraft but also create new opportunities for our own intelligence collectors"
- ” [Internet of Things] … are improving efficiency, energy conservation, and convenience. However, security industry analysts have demonstrated that many of these new systems can threaten data privacy, data integrity, or continuity of services.”,
- “The increased reliance on [artificial intelligence] for autonomous decisionmaking is creating new vulnerabilities to cyberattacks and influence operations … Efficiency and performance benefits can be derived from increased reliance on AI systems in both civilian industries and national security, as well as potential gains to cybersecurity from automated computer network defense. However, AI systems are susceptible to a range of disruptive and deceptive tactics that might be difficult to anticipate or quickly understand. Efforts to mislead or compromise automated systems might create or enable further opportunities to disrupt or damage critical infrastructure or national security networks.
- Future cyber operations will almost certainly include an increased emphasis on changing or manipulating data to compromise its integrity (i.e., accuracy and reliability) to affect decisionmaking, reduce trust in systems, or cause adverse physical effects. Broader adoption of IoT devices and AI—in settings such as public utilities and health care—will only exacerbate these potential effects.
- While “data breaches” no longer seem like new news, the increasing pace on innovation will likely introduce many new classes of security vulnerabilities.
- At the same time, many of the “vulnerabilities” that Clapper cites also become “surveillance” opportunities – which should continue to drive debates about personal privacy rights.