The biggest threat of cyber attacks faced by the United States is not stolen data but rather data that has been manipulated according to the Director of National Intelligence James Clapper.
In written testimony to the House Subcommittee on Intelligence today Clapper said “Most of the public discussion regarding cyber threats has focused on the confidentiality and availability of information; cyber espionage undermines confidentiality, whereas denial of service operations and data deletion attacks undermine availability,” he wrote.
“In the future, however, we might also see more cyber operations that will change or manipulate electronic information in order to compromise its integrity (i.e., accuracy and reliability) instead of deleting it or disrupting access,"
“Decision making by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving.”
Clapper told the committee Russia’s Ministry of Defense is establishing a cyber command, “which according to senior Russian military officials will be responsible for conducting offensive cyber activities.”
Clapper’s concerns were backed up by NSA Director Admiral Michael Rogers, who also testified, when he said “the use of cyber for manipulative, destructive purposes” is an increasing and unacceptable threat.
Cyber security experts say the largest cyber attacks so far this year have involved data theft, with 21 million personnel records hacked from the Office of Personnel Management. China was found to be behind the attack.
Another attack saw 4,000 records containing “sensitive” information being stolen from U.S. Joint Chiefs civilian email system, which was traced back to Russia.
Records obtained under the Freedom of Information Act also show that, between 2010 and 2015, hackers managed to enter Department Of Energy networks 159 times.
Experts say that information about critical infrastructure, such as that contained in the hacked Energy Department data, would be most attractive to hackers wanting to manipulate data.
They say the long awaited and much debated Cybersecurity Information Sharing Act of 2015, currently before the Senate Intelligence Committee, is meant to help prevent cyber attacks by encouraging companies to supply information on data theft, network attacks, data manipulation and loss to The Department of Homeland Security (DHS) which will coordinate the information before passing it on to the NSA, FBI and other security agencies.
But at today's hearing, Committee Chairman David Nunes, questioned if the DHS was capable of doing it's part effectively, noting the department’s Protected Critical Infrastructure Information Program hadn't been audited since 2006.
“This raises serious questions about an Agency that many government representatives believe should be at the heart of our cyber security strategy” said Nunes.
In 2014 over 800 pages of sensitive information related to critical infrastructure was released accidentally by DHS under a bungled Freedom of Information request.