Office of the Director of National Intelligence highlights cyber threats in 2023 Intelligence Threat Assessment

When the Office of the Director of National Intelligence (ODNI) highlights a threat in its unclassified assessment and intimates that there is substantive supporting evidence available, one should not sit back and let the data points pass idly by — and we aren’t. The ODNI minced no words as they addressed China, Russia, North Korea, and Iran as the key nation-states responsible for cyber threats and then continued to highlight other non-state actors that are equally worthy of our attention in the 2023 Threat Assessment.

The ODNI is the focal point of numerous intelligence organizations within the US and has the all-source optic into their work vis-à-vis intelligence gathering on the topic of cybersecurity. While this assessment is US-centric, the findings will be of interest to the United States’ allies and partners. From a CISO perspective, borders are meaningless when it comes to the threats identified by the US intelligence community, the source of the warning carries with it an all-important credibility factor.

CISOs should be discussing international cyber threats

CISOs would be well served to use these findings as a starting block in discussions with available interlocutors from the Department of Homeland Security (DHS), the FBI, and other US government agencies about the dangers they or their sector may be facing and about which the CISO lacks visibility and has a need to know.

The commonality across the four nation-states identified is that each is not only able, but they are also willing to engage adversarial targets of interest in the cyber domain. China is identified as “the broadest, most active, and persistent cyber espionage threat to US Government and private-sector networks.” Since the OPM hack of 2015, followed by the various credit reporting agencies, then health organizations, social matchmaking sites, and finally TikTok, China is continuously collecting bits and pieces of data building mosaics on both companies and individuals. Even the recent spy balloon incident may have been a Chinese gambit to collect more data.

China plays the long game. Its strategy isn’t measured by quarterly reports but focused on generational change. The inhibitor to their long-term planning is the United States, which is viewed as standing in the way of China’s global expansion and threatening the Chinese Communist Party’s (CCP) hold on power. That said, the current US administration makes clear both publicly and privately to China they are interested in competition, not confrontation.

China is preparing for both competition and confrontation

It is the domestic audience to whom China’s CCP mouthpieces are playing, and the continued exclusion of US web content is demonstrative of the CCP’s fear that such would cause its hold on power to be placed in jeopardy. Thus, China is preparing for both competition and confrontation.

China brings to the table a panoply of cyber espionage capabilities as evidenced by successful operations that have “included compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack, or influence operations.” In other words, China’s cyber espionage intent when it targets an entity is for sustained and continuous access.

The assessment notes that “if Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations against US homeland critical infrastructure and military assets worldwide. Such a strike would be designed to deter US military action by impeding US decision-making, inducing societal panic, and interfering with the deployment of US forces.”  The ODNI assesses China as capable of currently being able to “disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.”

China’s cyber intrusions will likely target the political narrative

In their effort to control the narrative, the intelligence services in support of the CCP target US and non-US citizens alike via “cyber intrusions” targeting those who they view as a threat to include “journalists, dissidents, and individuals … critical of CCP narratives, policies, and actions.”

Both China and Russia were assessed by the ODNI as being both capable and successful in running operations designed to influence audiences, both foreign and domestic.  With respect to China, its efforts are designed “to sow doubts about US leadership, undermine democracy, and extend Beijing’s influence, particularly in East Asia and the western Pacific.” When engaging the US as an audience, its efforts have largely been focused on improving the perception of China by the US populace. To accomplish this, they “use a sophisticated array of covert, overt, licit, and illicit means to try to soften US criticism, shape US power centers’ views of China, and influence policymakers at all levels of government.”

Russia’s priority is Ukraine, but the US remains a target

Russia, for its part, is also engaged in influence operations and is viewed by the ODNI as the “most serious foreign intelligence threat to the US, because it uses its intelligence services, proxies, and wide-ranging influence tools to try and divide Western alliances … undermine US global standing, sow discord inside the US and influence US voters and decision making.” US elections are viewed as fair game by Moscow and whose various intelligence arms have been conducting “influence operations against US elections for decades, including as recently as the US midterm elections in 2022.”

On the cyber front, Russia has prioritized Ukraine since 2022 and its efforts in that realm were assessed as falling short of expectations. That said, Russia should be viewed as the “top cyber threat” as it goes through refinement of its attack processes and procedures. With respect to the US, the critical infrastructure of the United States is at the top of Russia’s targeting folio, “particularly focused on improving its ability to target critical infrastructure, including underwater cables and industrial control systems, in the United States as well as in allied and partner countries, because compromising such infrastructure improves and demonstrates its ability to damage infrastructure during a crisis.”

ODNI identifies lesser players who are powerful nonetheless

The minor-league players identified in the ODNI assessment are minor only in their geographic size and ability to project their power. They remain and continue to demonstrate that they are formidable adversaries in the cyber world.

Iran has adopted an “opportunistic approach to cyber-attacks” which makes US critical infrastructure a prime target, as Iran may choose to “demonstrate it can push back against the US” by taking advantage of lax security by critical infrastructure owners. Skeptics need only look at the recent successes which Iran has enjoyed against Israel, including the compromise, recruitment, and exploitation of insiders and their access to targets of interest.

North Korea is cash poor and thus uses its cyber capabilities to fund the regime. To watch North Korea in action, one would think they were observing a masterclass on how to conduct cybercrime, with a side serving of espionage and attack threats. A blockchain entity in Singapore was light $225 million after North Korea danced through their infrastructure heisting their cryptocurrency. ODNI notes how “Pyongyang’s cyber forces have matured and are fully capable of achieving a range of strategic objectives against diverse targets, including a wider target set in the United States.”

Nation States target who they target. I’ve long said, you don’t get to choose whether you are the target, the adversary chooses who they target. You can, however, be better prepared by engaging in public-private partnerships when available to stay on top of what is happening on a broad scale.