Why CISOs everywhere should pay attention to the US global threat assessment

On March 10, the Senate Select Committee on Intelligence (SSCI) hosted the annual Global Threat Assessment briefing during which representatives of the US intelligence community availed themselves for questions. The intelligence community contingent was led by Director of National Intelligence Avril Haines, who was supported by CIA Director William Burns, DIA Director Lieutenant General Scott Berrier, NSA Director General Paul Nakasone, and FBI Director Christopher Wray.

Contemporaneously, the Office of the Director of National Intelligence (ODNI) released the unclassified version of the Annual Threat Assessment of the US Intelligence Community – February 2022. The assessment was prepared using data available through January 21, 2022, and thus was not adjusted due to Russia’s invasion into Ukraine which occurred on February 24.

Haines in her opening statement noted how the key state actors present the greatest risk to the United States. The four countries, China, Russia, North Korea and Iran, have “demonstrated the capability and intent to advance their interests at the expense of the United States and its allies.”

CISOs will be well served to take on board those segments that specifically speak to the cyber threat posed by these nations.

China’s cyber efforts take a “whole of government” approach

Haines noted that China is exceptionally adroit at pulling together a whole of government approach to achieving their objectives. As such, China will, according to the report, remain the “top threat to US technological competitiveness.” The intelligence community expects China to use a “variety of tools, from public investment to espionage to advance its technological capabilities.” China is focused on providing a competitive advantage to their entities so as to facilitate China’s drive to “assume leadership of the world’s technological advancement and standards.”

The assessment places great emphasis on how “we assess that China presents the broadest, most active, and persistent cyber-espionage threat to US government and private sector networks.”

China is fully capable of disrupting the critical infrastructure of the United States and in the conduct of cyberespionage operations. These cyber operations have “included compromising telecommunications firms, providers of managed services and broadly used software, and other targets rich in follow-on opportunities.”

Russian cyberattacks a “great concern”

Haines highlighted how the Russian intelligence community and proxies are active in cyberspace. The SSCI expressed great concern about the possibility that Russian cyberattacks against Ukraine, may spread to other nations. Nakasone responded that the NSA, intelligence community, and private sector partners had been actively working to harden Ukraine’s defenses.

The assessment pointed out how Russia was focused on its ability to target critical infrastructure, including industrial control systems (SCADA) and underwater cables. As if on cue, CISA issued an advisory to business to up their cybersecurity postures, especially those involved in critical infrastructure, with its Shields Up initiative.

Subsequently, Director of CISA Jen Easterly, Deputy Executive Assistant Director for Cybersecurity Matt Hartman, and Deputy Assistant Director for the FBI’s cyber division Tonya Oguretz held a webinar for “Critical Infrastructure Partners on Potential Russian Cyberattacks Against the US” on March 22. The Department of Justice unsealed a pair of indictments on, 24 March, of four Russian government employees who have been identified to have been behind hacking campaigns targeting critical infrastructure in the US and abroad.

North Korea a triple threat for espionage, cybercrime and cyberattacks

Cyberespionage, cybercrime, and cyberattacks are the trifecta that comprises the North Korea cyber program according to the assessment. North Korea is uniquely described as being “well-positioned to conduct surprise cyberattacks given it stealth and history of bold action.” With respect to espionage, the track record of the DPRK cyber teams has provided a peek into their expertise in targeting “media, academia, defense companies, and governments in multiple countries.”

Iran’s cyber activities target critical infrastructure

The assessment details Iran’s cyber-attacks against Israeli water systems as an example of Iran’s willingness to directly engage a nation’s infrastructure. Thus, the ODNI highlights Iran’s growing expertise and willingness to conduct aggressive cyberattacks.

CISO advice: Get on board with government guidance

The whole-of-government approach to addressing the cyber threat is especially noteworthy and beneficial to CISOs both in the public sector as well as the private. The resources being availed and the transparency coming out of CISA is especially heartening and a leverageable resource that should be used by companies both big and small. The aforementioned CISA webinar ran over the allotted time and ran for three hours as CISA answered question after question from cybersecurity teams.

While some may argue that the advice being given by CISA is elementary – use multifactor authentication, strong passwords, don’t click, heighten awareness, backup data, etc. — the reality is that most businesses still place cybersecurity in the category of “we’ll get around to it.”

Well, the world has enough “round tuits.” It is now time to get it done.