James Clapper presented a report before a Senate Committee

Mar 13, 2013 20:01 GMT  ·  By

In the “Worldwide Threat Assessment of the US Intelligence Community” report presented on Tuesday before a Senate Select Committee on Intelligence, Director of National Intelligence James Clapper warned of increasing risk to the US’ critical infrastructure.

However, while many officials say a cyber 9/11 is imminent, Clapper says there’s only a remote chance of a major cyberattack in the next couple of years that would result in long-term and wide-scale services disruptions.

“The level of technical expertise and operational sophistication required for such an attack—including the ability to create physical damage or overcome mitigation factors like manual overrides—will be out of reach for most actors during this time frame,” Clapper noted.

In addition, the director highlights that state actors such as China and Russia are unlikely to launch devastating attacks against the US, unless there is a crisis or a military conflict.

As far as non-state or isolated state actors are concerned, the spy chief believes they could penetrate some poorly protected networks, considering that some of them are highly motivated. However, the disruptions they might cause are limited.

“At the same time, there is a risk that unsophisticated attacks would have significant outcomes due to unexpected system configurations and mistakes, or that vulnerability at one node might spill over and contaminate other parts of a networked system,” Clapper added.

The report mentions a couple of cybercriminal campaigns. One of them is Operation Ababil, initiated by Izz ad-Din al-Qassam Cyber Fighters against several US financial institutions. However, the director highlights the fact that customer accounts and other financial functions have not been affected.

A second case mentioned in the report is the attack against Saudi Aramco which took place in August 2012. Despite the fact that over 30,000 devices were affected, the report emphasizes that production capabilities have not been impacted.