Cyber Tops DNI Threat Assessment for 3rd Consecutive Year

April 2, 2015


The Worldwide Threat Assessment is a document prepared by the Director of National Intelligence (DNI) and is intended to be a briefing for the legislative branch given at a macro level to inform and assist. It uses trend analysis and current reporting at an unclassified level to support predictive analysis. Since before 9/11, terrorism has topped the list of threats facing the United States. However, in both the 2013 and 2014 Worldwide Threat Assessments, the DNI listed cyber as the top threat, moving it above both terrorism and Weapons of Mass Destruction (WMD) proliferation. The 2015 DNI Worldwide Threat Assessment once again places cyber as the number one threat for the third consecutive year.

"Cyber threats to US national and economic security are increasing in frequency, scale, sophistication, and severity of impact... However, the likelihood of a catastrophic attack from any particular actor is remote at this time. Rather than a 'Cyber Armageddon' scenario that debilitates the entire US infrastructure... We foresee an ongoing series of low-to-moderate level cyber-attacks from a variety of sources over time " - DNI Wordwide Threat Assessment 1

While there may be less risk of a "Cyber Armageddon" targeting federal agencies or Wall Street, this may have implications for the lower levels of government. Currently, cyber security policy has a top down approach being driven by the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the Department of Homeland Security (DHS). Unfortunately, state and local government agencies are often behind the latest policies, technology, and infrastructure protections found at the federal level and in private industry – making them susceptible targets. Cyber-attacks are not going away; they will shift targets as policy and infrastructure respond to the latest threats.

DHS and the private sector currently conduct exercises to test the capability to respond to cyber-attacks. DHS oversees a series of national-level exercises called Cyber Storm (2006, 2008, 2010, 2012) each with published reports documenting areas that are susceptible and need improvement. These exercises are used to examine interagency and inter-governmental coordination in response to cyber threats and attacks, and discover any obstacles or policies which may hinder communication between agencies and organizations. The exercises are intended to improve communication, collaboration, and knowledge of roles and responsibilities in order to reduce vulnerability to cyber-attacks.

Many vulnerabilities within an organization's security systems' could be a result of minimal tests and assessment exercises. DHS assesses these vulnerabilities by enforcing testing regulations that examine preparedness capabilities, communication and inter-agency coordination, and uncovering remaining vulnerabilities. These cyber security exercises assist in the reinforcement of standard operating procedures and allow for a better understanding of roles in response to a cyber-threat.

According to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) February 2015 Monitor Report, ICS-CERT received and responded to 245 cyber incidents in Fiscal Year 2014. This represents a 24% increase in reported attacks since 2012 and only a slight decrease from the 256 incidents reports in 2013. 2 The report also stated that 38% of the incidents in 2014 were unable to be traced to the source of the attack. "In these instances, the organization was confirmed to be compromised; however, forensic evidence did not point to a method used for intrusion because of a lack of detection and monitoring capabilities within the compromised network." 3

Currently there are few examples of joint state and local government cyber security exercises, however, in recent years DHS has increased efforts to fill this gap. For example, in 2013 DHS' Federal Emergency Management Agency (FEMA) established the National Cybersecurity Preparedness Consortium (NCPC): "The purpose of the consortium is to provide training and technical assistance to states and communities to develop viable and sustainable cyber-security programs. This includes the development and delivery of cyber-security training, and the development and delivery of cyber-security exercises..." 4

The map below from the National Cybersecurity Preparedness Consortium (NCPC) displays where these exercises are being conducted and what type of infrastructure the exercises are addressing. Testing of this kind has become more important and this increase is offset by subsidies from state and federal government.

1. Worldwide Threat Assessment of the US Intelligence Community. Director of National Intelligence, Clapper, James R. 26 Feb 2015.

2. ICS-CERT Monitor Newsletter Dec 2013. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Web.

3. ICS-CERT Monitor Newsletter Feb 2015. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Web.

4. National Cybersecurity Preparedness Consortium (NCPC). Web.