The 2016 National Threat Assessment

It's National Threat Assessment Day. Published annually by the Director of National Intelligence, the "Worldwide Threat Assessment of the US Intelligence Community" is the US intelligence community's one time to publicly talk about the threats in general. The document is the results of weeks of work and input from lots of people. For Clapper, it's his chance to shape the dialog, set up priorities, and prepare Congress for budget requests. The document is an unclassified summary of a much longer classified document. And the day also includes Clapper testifying before the Senate Armed Service Committee. (You'll remember his now-famous lie to the committee in 2013.)

The document covers a wide variety of threats, from terrorism to organized crime, from energy politics to climate change. Although the document clearly says "The order of the topics presented in this statement does not necessarily indicate the relative importance or magnitude of the threat in the view of the Intelligence Community," it does. And like 2015 and 2014, cyber threats are #1 -- although this year it's called "Cyber and Technology."

The consequences of innovation and increased reliance on information technology in the next few years on both our society's way of life in general and how we in the Intelligence Community specifically perform our mission will probably be far greater in scope and impact than ever. Devices, designed and fielded with minimal security requirements and testing, and an ever -- increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and US Government systems. These developments will pose challenges to our cyber defenses and operational tradecraft but also create new opportunities for our own intelligence collectors.

Especially note that last clause. The FBI might hate encryption, but the intelligence community is not going dark.

The document then calls out a few specifics like the Internet of Things and Artificial Intelligence -- no surprise, considering other recent statements from government officials. This is the "...and Technology" part of the category.

More specifically:

Future cyber operations will almost certainly include an increased emphasis on changing or manipulating data to compromise its integrity (i.e., accuracy and reliability) to affect decisionmaking, reduce trust in systems, or cause adverse physical effects. Broader adoption of IoT devices and AI ­-- in settings such as public utilities and health care -- will only exacerbate these potential effects. Russian cyber actors, who post disinformation on commercial websites, might seek to alter online media as a means to influence public discourse and create confusion. Chinese military doctrine outlines the use of cyber deception operations to conceal intentions, modify stored data, transmit false data, manipulate the flow of information, or influence public sentiments -­ all to induce errors and miscalculation in decisionmaking.

Russia is the number one threat, followed by China, Iran, North Korea, and non-state actors:

Russia is assuming a more assertive cyber posture based on its willingness to target critical infrastructure systems and conduct espionage operations even when detected and under increased public scrutiny. Russian cyber operations are likely to target US interests to support several strategic objectives: intelligence gathering to support Russian decisionmaking in the Ukraine and Syrian crises, influence operations to support military and political objectives, and continuing preparation of the cyber environment for future contingencies.

Comments on China refer to the cybersecurity agreement from last September:

China continues to have success in cyber espionage against the US Government, our allies, and US companies. Beijing also selectively uses cyberattacks against targets it believes threaten Chinese domestic stability or regime legitimacy. We will monitor compliance with China's September 2015 commitment to refrain from conducting or knowingly supporting cyber -- enabled theft of intellectual property with the intent of providing competitive advantage to companies or commercial sectors. Private -- sector security experts have identified limited ongoing cyber activity from China but have not verified state sponsorship or the use of exfiltrated data for commercial gain.

Also interesting are the comments on non-state actors, which discuss both propaganda campaigns from ISIL, criminal ransomware, and hacker tools.

Posted on February 9, 2016 at 3:25 PM • 25 Comments

Comments

jonesFebruary 9, 2016 3:50 PM

> The consequences of innovation and increased reliance on information technology in the next few years

It's funny, the rate of technological growth is a policy matter...


>Devices, designed and fielded with minimal security requirements and testing, and an ever

Time for software product liability laws!

You'd think the Aurora zero day hack -- a hole in Internet Explorer -- would have been impetus enough:

The attack has been aimed at dozens of other organizations, of which Adobe Systems,[4] Juniper Networks[5] and Rackspace[6] have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanley[7] and Dow Chemical[8] were also among the targets.

https://en.wikipedia.org/wiki/Operation_Aurora#Attack_analysis

If a car has a sticky gas pedal, we see product recalls... but if the software for the F16 is compromised... NOTHING!

Liability would slow the rate of growth, but then again, there are negative

> consequences of innovation and increased reliance on information technology


SageFebruary 9, 2016 7:15 PM

These so called "threat assessments" are nothing more than pointing out publicly that other countries should not be allowed to do what the US is already doing. Evil Russians and Chinese, how dare they question the god blessed USA's divine mission!

At least they're classifying their own creation as threat (ISIS). Baby steps.. baby steps..

Jon JonesFebruary 9, 2016 9:21 PM

I always see this stuff and it's pretty interesting, but maybe someone can help me: I have yet to see any articles on what the US Gov. targets internationally? What kind of targets/methods do they employ?

P/KFebruary 9, 2016 11:37 PM

@ Jon Jones:
You can take a look at for example the Strategic Mission List for the NSA, which was part of the Snowden documents. It's from 2007, but gives a more detailed picture of the various goals for NSA's collection efforts.

WillFebruary 10, 2016 12:54 AM

Apparently the FBI are still trying to crack a San Bernardino attacker's phone:

http://www.bbc.com/news/world-us-canada-35537954

"A mobile phone belonging to Farook was recovered but FBI Director James Comey said encryption technology meant they had not been able to access it.

Such technology was "overwhelmingly" affecting law enforcement, he warned.

Mr Comey made the comments at a Senate Intelligence Committee hearing."

CallMeLateForSupperFebruary 10, 2016 7:58 AM

@jones, @Who, @all

Remember the very fine outfit Vtech? Seems that either they hired some lawyers or the lawyers that were in the trough all along have begin to do their job.

"Last December, Vtech, a crapgadget/toy company, suffered a breach that implicated the data of 6.3 million children, caused by its negligence toward the most basic of security measures.

"Nevertheless, the company was back in January, advertising its new line of (I'm not making this up) home security products.

"Now, the company has re-opened its portal for its children's products, with new terms of service, all in CAPS:

“YOU ACKNOWLEDGE AND AGREE THAT ANY INFORMATION YOU SEND OR RECEIVE DURING YOUR USE OF THE SITE MAY NOT BE SECURE AND MAY BE INTERCEPTED OR LATER ACQUIRED BY UNAUTHORIZED PARTIES.”

https://boingboing.net/2016/02/09/vtech-having-leaked-6-3m-kids-2.html

Sancho_PFebruary 10, 2016 8:38 AM


@Will

Today they are shocked when they can’t access my phone.
Tomorrow they will be shocked when they can’t access my brain.

Solution: Don’t close Guantánamo - legalize torture.

Sancho_PFebruary 10, 2016 8:41 AM


The pamphlet only documents how primitive our decision-makers in 2016 are.
We versus you.
This isn’t about Superbowl tactics, it’s about the future of mankind.
It just makes me sad to realize in which small box they still live in, sorry.

Assess ThisFebruary 10, 2016 8:49 AM

It's National Propaganda Panhandling for More Surveillance Welfare Day.

This charity drive is published annually with regular calls of "Look over there! Some bogeyman did something we have be doing for 15 years!"

The "Worldwide Threat Posed by the US Intelligence Community" has never been greater. Let's cover the threats in general:

-> For Crapper, it's his chance to nuance the rhetoric, hyperventiliate over non-existent threats, practice Parseltongue, shred the remainder of the Constitution & Bill of Rights, and prepare the taxpayer to be further gouged

-> The document exaggerates a wide variety of imagined threats, from statistically improbable terrorism to trawling for pissant crimes without warrants, from illegal hacks of innocent civil libertarians to hosting the world's largest collection of dick pics

-> As usual - and for the forseeable future - cybercrimes will remain the greatest justification to enlarging the MIC budget, irrespective of their actual impact on national security

The consequences of increased hoarding of zero-days and neglecting civilian and military defences in favor of playing "Cereal Killer" from Hackers means the IC is as useless as ever! Just ask "U Can't Touch This" Crapper:

You could sit at home, and do like absolutely nothing, and your name goes through like 17 computers a day. 1984? Yeah right, man. That's a typo. Orwell is here now. He's livin' large. We have no names, man. No names. We are nameless!

Developments in the complexities of networks and the spook focus on quelling the restless domestic population means the IC's threat to our cyber defenses, operational tradecraft and personal liberties are as great as ever!

The FBI might hate your encryption, but fear not, the IC will specifically:

-> Increase their focus on warrantless searches, the invasion of networks, and manipulating the data of people they don't like to compromise their lives
-> Play shadow government by affecting decision-making in the background using illegally obtained dirt files
-> Radically reduce trust in government
-> Manipulate the flow of truthful information and post disinformation everywhere
-> Modify/transmit stored/false data
-> Alter online media to propogandise the masses and disguise their unsavory motives
-> And further twist public sentiment to characterize themselves as the defenders of liberty

The US is assuming a more assertive posture, following the many revelations that they are full of shit!

They continue to have great success in cyber espionage against US companies, their closest allies, and even Senate Committees. Cyberattacks are also readily used against targets they believe threaten the military-welfare budget gravy train.

Best of all, they have worked hard to achieve an A+ for stealing intellectual property to provide competitive advantage. To date, not a single entity worth stealing from hasn't been electronically fingered for exfiltration of data or general personal leverage!

This year, for the 10th year in a row, the US is the number one threat, followed by the 5 and 9-eyes mini-mes! USA! USA! Touchdown!

When you're MIC, you get a ticket to the freak show. When you're part of Homeland Security, you get a front-row seat.

albertFebruary 10, 2016 9:19 AM

I was actually surprised to see this in the paper:

"...The United States will almost certainly remain at least a rhetorically important enemy for most violent extremists in part due to past and ongoing US military, political, and economic engagement overseas. Sunni violent extremists will probably continually plot against US interests overseas..."

Acknowledging root causes are seldom seen in gov't publications.

Kudos to someone in Clappers staff....

. .. . .. --- ....

albertFebruary 10, 2016 10:10 AM

Corrections:

Emphasis in the quote is mine.

'...Acknowledging root causes are seldom seen...', should read '...Acknowledging root causes is seldom seen...'

Actually, 'The acknowledgement of root causes....' would be better, now that I think about it.


. .. . .. --- ....

Nobody You KnowFebruary 10, 2016 7:21 PM

Private -- sector security experts have identified limited ongoing cyber activity from China but have not verified state sponsorship or the use of exfiltrated data for commercial gain.

Notice the language there. Who has not verified state sponsorship or the use of exfiltrated data for commercial gain? Private sector security experts.

How are private sector security experts supposed to verify state sponsorship from attacks which come from China? That is not an impossible question. While attribution can be difficult, and is an inexact science (without human sources backing that attribution up), it is possible for near or beyond 'a reasonable doubt'.

But, proving exfiltrated data is used for commercial gain is a different matter entirely.

Notice the trust put there on private sector security experts.

Notice the work load put there.


I actually do not think anyone would question this. Not in IC, not in LEO's, not amongst elected leaders and their advisors. Not amongst the general public.

Maybe more noteworthy to consider on issues like elements in the government who want to backdoor all American software, despite the Obama's administration opinion (whose panel was led and largely comprised of leading, private sector security experts).


But, there may be other places where this is good to put in one's pipe and smoke it.


Dirk PraetFebruary 10, 2016 7:28 PM

@ Sancho_P

Solution: Don’t close Guantánamo - legalize torture.

Trump is your man!

Nobody You KnowFebruary 10, 2016 7:30 PM

@Jon Jones

I always see this stuff and it's pretty interesting, but maybe someone can help me: I have yet to see any articles on what the US Gov. targets internationally? What kind of targets/methods do they employ?

Noting P/K's response which discussed targets, for "methods", there are a wide variety of leaked details here and there. But, overall, I think that usually methods are kept much, much closer to the chest then what you would see released by any leaker. [Or then what you would find made known publicly.]

Snowden released some methods, but they were already known. Some methods have been compromised internationally, reports written on by foreign security firms, and articles printed about internationally and domestically. But, any of those attacks would be attacks where the high chance of compromise of methods was an acceptable risk.

That would be a thimble full of the overall attack structure.

And on the psyops missions listed in that Snowden document, there is nothing. (Snowden did leak on GCHQ psyops, but their methods sourced by practically one psychologist who was aborred by what they were using her work for and had zero training or experience in such fields. She culled information from disparate sources, like NLP-'self-help' sources. For instance.)


One issue on "methods" is, if a nation does find anything really worthwhile, they are not going to do a press release on it.

And they are not going to go and meet with other nations and share that information.

bobFebruary 11, 2016 3:30 AM

@jones

That is naive.

Cars have a manufacturer who puts all the bits together, taking responsibility for them.

Software sits on layers of software that are often interchangeable. A software stack can have 100s of layers each the responsibility of a different organisation spanning the globe, using a wide selection of licensing agreements and spanning ~30 years.

If my software is perfect but you install it on an early Pentium processor, who are you blaming for the problem? How many layers of lawyers are needed before a sensible resolution is reached? And that's an easy example. If there's a subtle bug caused by a conflict between two libraries who recalls what?

Your suggestion isn't impossible but to even start to implement it would cost more money than anyone's willing to pay.

Unlike with cars, faults rarely kill people.

Anon10February 12, 2016 3:39 PM

@Albert,

I would avoid taking an overly simplistic view of so called root causes. The Muslim Brotherhood hated the US at least as far back as the 1950s, half a century before the Iraq War. The hatred of some Sunni sects towards the US predates many of the alleged root causes(Iraq war) by many decades.

ianfFebruary 12, 2016 5:36 PM


Listen, @ Anon10 (cc: Albert),

perhaps we should avoid covering one simplistic thing with another? Not an expert on ME, nor Muslim Brotherhood, neither do I remember reading of that back-to-spiritual-pure-Islam introvert social revival movement being anti-American when it all begun, or later for that matter. The USA had no active part in the colonization of the Middle East, and, until at least the 1970s, wasn't much present in the region in either military, or industrial sense (in fact, in 1956 Eisenhower stopped the British/ French push to retake the Suez Canal). That great MB thinker Sayyid Qutb went in 1948 all the way to Greeley, Colorado, to study agriculture, hardly a sign of hate. And as for whether there are more "some Shias" than "some Sunnis" that hate the USA, we should gather them all in Tahrir Square, and let them first fight it out who's the greater hater.

Anon10February 12, 2016 6:21 PM

@ianf


You're obviously not very familiar with either the Muslim Brotherhood or Sayyid Qutb. While Sayyid Qutb did study agriculture in the US, when he got back, he wrote an entire book, The America I have Seen, about everything he thought was wrong with the US.

ianfFebruary 12, 2016 11:20 PM


I said I wasn't an expert on Muslim Brotherhood, and neither for that matter are you, Anon10. Yet you're trying to make it sound like your level of expertise would far surpass mine. In reality I only read a few books that dealt with Levant history, ME fundamentalisms, and countless magazine articles of varying depth and utility mainly on terrorism, so that's my stepping stone. Oh, and browsed through Edward Saïd's über-boring “Orientalism,” that Grand Arab J'Accuse! of Europeans even daring to interest themselves in things not Euro.

The fact that you mention Sayyid Qutb's Yankee-horrors travelogue (which I haven't read, only Lawrence Wright's summation of it), a book in which Mr. 5000yo Civilized Sophistication decries his hosts' utter ignorance of the persecution of Ḥasan al-Bannāʾ, and recounts his disgust with displays of lewd femininity!! during social dancing!!! IN CHURCH BASEMENTS!!!! in that world capital of sin he had to stay in, present that as some implied generalized evidence of MB hate for the USA, only amplifies my impression that you're just a thought-by-shooter from the hip, and not of any serious calibre either. Any more… erudite bullets in that intellect of yours, or are you just being a coquette?

Zero Day PersonFebruary 12, 2016 11:31 PM

@ianf

We have plenty of Muslims here in the US who in no way are associated with terrorism. 911 aside, you are talking it is far more of a chance for a random whack job with a random brain tumor to go 'ballistic' then Muslims.

Sayyid did talk shit in his works, but, yes, he did come here to study. Not a good example.

(I did have the misfortune of reading his crap.)

Right now, the US policy is obvious. Attempt to maintain some manner of balance in the region.

There is completely justified reason to be there. To be and have been in Afghanistan. And to have been in North Africa. Would be nice if these assholes did not scapegoat the US, but they do, and that is just how it is.

Most do not go so far as to participate in terrorism, but the sentiment against the US as a scapegoat for their own sad failures is high.

Our positive concern over Israel is obvious. Israel is a guaranteed ally and has strong access to the ocean, essential for trade.

Their human and tech intel is not terrible, either. Especially their human intel for the region.


WaelFebruary 13, 2016 2:20 AM

@ianf,

his hosts' utter ignorance of the persecution of Ḥasan al-Bannāʾ,

Some great opsec here! So you're Italian then! Aloha :)

Anon10February 13, 2016 11:07 AM

@ianf

You're the one who referred to Sayyid Qutb "as that great MB thinker". Even you seem to have implied that he was one of the intellectual leaders of the MB in the 1950s. If that's so, you have to assume that he meant what he said and that he represented the views of the MB, as much any one person could have. If you selectively pick and choose what books are significant based on your preconceived notions, that's the logical fallacy known as confirmation bias.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.