«James R. Clapper Director of National Intelligence February 9, 2016 STATEMENT FOR THE RECORD WORLDWIDE THREAT ASSESSMENT of the US INTELLIGENCE ...»
Statement for the Record
Worldwide Threat Assessment
US Intelligence Community
Senate Select Committee on Intelligence
James R. Clapper
Director of National Intelligence
February 9, 2016
STATEMENT FOR THE RECORD
WORLDWIDE THREAT ASSESSMENT
US INTELLIGENCE COMMUNITY
February 9, 2016
INTRODUCTIONChairman Burr, Vice Chairman Feinstein, Members of the Committee, thank you for the invitation to offer the United States Intelligence Community’s 2016 assessment of threats to US national security. My statement reflects the collective insights of the Intelligence Community’s extraordinary men and women, whom I am privileged and honored to lead. We in the Intelligence Community are committed every day to provide the nuanced, multidisciplinary intelligence that policymakers, warfighters, and domestic law enforcement personnel need to protect American lives and America’s interests anywhere in the world.
The order of the topics presented in this statement does not necessarily indicate the relative importance or magnitude of the threat in the view of the Intelligence Community.
Information available as of February 3, 2016 was used in the preparation of this assessment.
TABLE OF CONTENTSPage
GLOBAL THREATSCyber and Technology 1 Terrorism 4 Weapons of Mass Destruction and Proliferation 6 Space and Counterspace 9 Counterintelligence 10 Transnational Organized Crime 11 Economics and Natural Resources 12 Human Security 13
REGIONAL THREATSEast Asia 16 China 16 Southeast Asia 17 North Korea 17 Russia and Eurasia 17 Russia 17 Ukraine, Belarus, and Moldova 19 The Caucasus and Central Asia 19 Europe 20 Key Partners 20 The Balkans 20 Turkey 21 Middle East and North Africa 21 Iraq 21 Syria 22 Libya
Strategic Outlook The consequences of innovation and increased reliance on information technology in the next few years on both our society’s way of life in general and how we in the Intelligence Community specifically perform our mission will probably be far greater in scope and impact than ever. Devices, designed and fielded with minimal security requirements and testing, and an ever-increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and US Government systems. These developments will pose challenges to our cyber defenses and operational tradecraft but also create new opportunities for our own intelligence collectors.
Internet of Things (IoT). “Smart” devices incorporated into the electric grid, vehicles—including autonomous vehicles—and household appliances are improving efficiency, energy conservation, and convenience. However, security industry analysts have demonstrated that many of these new systems can threaten data privacy, data integrity, or continuity of services. In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.
Artificial Intelligence (AI). AI ranges from “Narrow AI” systems, which seek to execute specialized tasks, such as speech recognition, to “General AI” systems—perhaps still decades away—which aim to replicate many aspects of human cognition. Implications of broader AI deployment include increased vulnerability to cyberattack, difficulty in ascertaining attribution, facilitation of advances in foreign weapon and intelligence systems, the risk of accidents and related liability issues, and unemployment. Although the United States leads AI research globally, foreign state research in AI is growing.
The increased reliance on AI for autonomous decisionmaking is creating new vulnerabilities to cyberattacks and influence operations. As we have already seen, false data and unanticipated algorithm behaviors have caused significant fluctuations in the stock market because of the reliance on automated trading of financial instruments. Efficiency and performance benefits can be derived from increased reliance on AI systems in both civilian industries and national security, as well as potential gains to cybersecurity from automated computer network defense. However, AI systems are susceptible to a range of disruptive and deceptive tactics that might be difficult to anticipate or quickly understand. Efforts to mislead or compromise automated systems might create or enable further opportunities to disrupt or damage critical infrastructure or national security networks.
Foreign Data Science. This field is becoming increasingly mature. Foreign countries are openly purchasing access to published US research through aggregated publication indices, and they are collecting social media and patent data to develop their own indices.
1 Augmented Reality (AR) and Virtual Reality (VR). AR and VR systems with three-dimensional imagery and audio, user-friendly software, and low price points are already on the market; their adoption will probably accelerate in 2016. AR provides users with additional communications scenarios (e.g. by using virtual avatars) as well as acquisition of new data (e.g. from facial recognition) overlaid onto reality. VR gives users experiences in man-made environments wholly separate from reality.
Protecting Information Resources
Integrity. Future cyber operations will almost certainly include an increased emphasis on changing or manipulating data to compromise its integrity (i.e., accuracy and reliability) to affect decisionmaking, reduce trust in systems, or cause adverse physical effects. Broader adoption of IoT devices and AI—in settings such as public utilities and health care—will only exacerbate these potential effects. Russian cyber actors, who post disinformation on commercial websites, might seek to alter online media as a means to influence public discourse and create confusion. Chinese military doctrine outlines the use of cyber deception operations to conceal intentions, modify stored data, transmit false data, manipulate the flow of information, or influence public sentiments—all to induce errors and miscalculation in decisionmaking.
Infrastructure. Countries are becoming increasingly aware of both their own weaknesses and the asymmetric offensive opportunities presented by systemic and persistent vulnerabilities in key infrastructure sectors including health care, energy, finance, telecommunications, transportation, and water. For example, the US health care sector is rapidly evolving in ways never before imagined, and the cross-networking of personal data devices, electronic health records, medical devices, and hospital networks might play unanticipated roles in patient outcomes. Such risks are only heightened by largescale theft of health care data and the internationalization of critical US supply chains and service infrastructure.
A major US network equipment manufacturer acknowledged last December that someone repeatedly gained access to its network to change source code in order to make its products’ default encryption breakable. The intruders also introduced a default password to enable undetected access to some target networks worldwide.
Interoperability. Most governments are exploring ways to exert sovereign control over information accessible to and used by their citizens and are placing additional legal requirements on companies as they seek to balance security, privacy, and economic concerns. We assess that many countries will implement new laws and technologies to censor information, decrease online anonymity, and localize data within their national borders. Although these regulations will restrict freedoms online and increase the operating costs for US companies abroad, they will probably not introduce obstacles that threaten the functionality of the Internet.
Identity. Advances in the capabilities of many countries to exploit large data sets almost certainly increase the intelligence value of collecting bulk data and have probably contributed to increased targeting of personally identifiable information. Commercial vendors, who aggregate the bulk of digitized information about persons, will increasingly collect, analyze, and sell it to both foreign and domestic customers. We assess that countries are exploiting personal data to inform a variety of counterintelligence operations.
2 Accountability. Information security professionals will continue to make progress in attributing cyber operations and tying events to previously identified infrastructure or tools that might enable rapid attribution in some cases. However, improving offensive tradecraft, the use of proxies, and the creation of cover organizations will hinder timely, high-confidence attribution of responsibility for state-sponsored cyber operations.
Restraint. Many actors remain undeterred from conducting reconnaissance, espionage, and even attacks in cyberspace because of the relatively low costs of entry, the perceived payoff, and the lack of significant consequences. Moscow and Beijing, among others, view offensive cyber capabilities as an important geostrategic tool and will almost certainly continue developing them while simultaneously discussing normative frameworks to restrict such use. Diplomatic efforts in the past three years have created the foundation for establishing limits on cyber operations, and the norms articulated in a 2015 report of the UN Group of Governmental Experts suggest that countries are more likely to commit to limitations on what cyber operations can target than to support bans on the development of offensive capabilities or on specific means of cyber intervention. For example, in 2015, following a US-Chinese bilateral agreement, G-20 leaders agreed that that no country should conduct or sponsor cyber espionage for the purpose of commercial gain.
Leading Threat Actors
Russia. Russia is assuming a more assertive cyber posture based on its willingness to target critical infrastructure systems and conduct espionage operations even when detected and under increased public scrutiny. Russian cyber operations are likely to target US interests to support several strategic objectives: intelligence gathering to support Russian decisionmaking in the Ukraine and Syrian crises, influence operations to support military and political objectives, and continuing preparation of the cyber environment for future contingencies.
China. China continues to have success in cyber espionage against the US Government, our allies, and US companies. Beijing also selectively uses cyberattacks against targets it believes threaten Chinese domestic stability or regime legitimacy. We will monitor compliance with China’s September 2015 commitment to refrain from conducting or knowingly supporting cyber-enabled theft of intellectual property with the intent of providing competitive advantage to companies or commercial sectors. Private-sector security experts have identified limited ongoing cyber activity from China but have not verified state sponsorship or the use of exfiltrated data for commercial gain.
Iran. Iran used cyber espionage, propaganda, and attacks in 2015 to support its security priorities, influence events, and counter threats—including against US allies in the region.
North Korea. North Korea probably remains capable and willing to launch disruptive or destructive cyberattacks to support its political objectives. South Korean officials have concluded that North Korea was probably responsible for the compromise and disclosure of data from a South Korean nuclear plant.
Nonstate Actors. Terrorists continue to use the Internet to organize, recruit, spread propaganda, collect intelligence, raise funds, and coordinate operations. In a new tactic, ISIL actors targeted and released sensitive information about US military personnel in 2015 in an effort to spur “lone-wolf” attacks.
Criminals develop and use sophisticated cyber tools for a variety of purposes such as theft, extortion, and 3 facilitation of other criminal activities such as drug trafficking. “Ransomware” designed to block user access to their own data, sometimes by encrypting it, is becoming a particularly effective and popular tool for extortion for which few options for recovery are available. Criminal tools and malware are increasingly being discovered on state and local government networks.
The United States and its allies are facing a challenging threat environment in 2016. Sunni violent extremism has been on an upward trajectory since the late 1970s and has more groups, members, and safe havens than at any other point in history. At the same time, Shia violent extremists will probably deepen sectarian tensions in response to real and perceived threats from Sunni violent extremists and to advance Iranian influence.
The Islamic State of Iraq and the Levant (ISIL) has become the preeminent terrorist threat because of its self-described caliphate in Syria and Iraq, its branches and emerging branches in other countries, and its increasing ability to direct and inspire attacks against a wide range of targets around the world. ISIL’s narrative supports jihadist recruiting, attracts others to travel to Iraq and Syria, draws individuals and groups to declare allegiance to ISIL, and justifies attacks across the globe. The ISIL-directed November 2015 attacks in Paris and ISIL-Sinai’s claim of responsibility for the late October downing of a Russian airliner in the Sinai underscore these dynamics.
Al-Qa'ida's affiliates have proven resilient and are positioned to make gains in 2016, despite counterterrorism pressure that has largely degraded the network's leadership in Afghanistan and Pakistan. They will continue to pose a threat to local, regional, and even possibly global interests as demonstrated by the January 2015 attack on French satirical newspaper Charlie Hebdo by individuals linked to al-Qa’ida in the Arabian Peninsula (AQAP). Other Sunni terrorist groups retain the ability to attract recruits and resources.
The United States will almost certainly remain at least a rhetorically important enemy for most violent extremists in part due to past and ongoing US military, political, and economic engagement overseas.