Worldwide Threat Assessment of the US Intelligence Community – 11 MAY 2017 (UNCLASSIFIED)
Worldwide Threat Assessment of the US Intelligence Community – 11 MAY 2017 (UNCLASSIFIED)
Statement for the Record
Worldwide Threat Assessment of the US Intelligence Community
Senate Select Committee on Intelligence
Daniel R. Coats
Director of National Intelligence
May 11, 2017
Our adversaries are becoming more adept at using cyberspace to threaten our interests and advance their own, and despite improving cyber defenses, nearly all information, communication networks, and systems will be at risk for years.
Cyber threats are already challenging public trust and confidence in global institutions, governance, and norms, while imposing costs on the US and global economies. Cyber threats also pose an increasing risk to public health, safety, and prosperity as cyber technologies are integrated with critical infrastructure in key sectors. These threats are amplified by our ongoing delegation of decision-making, sensing, and authentication roles to potentially vulnerable automated systems. This delegation increases the likely physical, economic, and psychological consequences of cyber attack and exploitation events when they do occur. Many countries view cyber capabilities as a viable tool for projecting their influence and will continue developing cyber capabilities. Some adversaries also remain undeterred from conducting reconnaissance, espionage, influence, and even attacks in cyberspace.
Cyber Threat Actors
Russia. Russia is a full-scope cyber actor that will remain a major threat to US Government, military, diplomatic, commercial, and critical infrastructure. Moscow has a highly advanced offensive cyber program, and in recent years, the Kremlin has assumed a more aggressive cyber posture. This aggressiveness was evident in Russia’s efforts to influence the 2016 US election, and we assess that only Russia’s senior-most officials could have authorized the 2016 US election-focused data thefts and disclosures, based on the scope and sensitivity of the targets. Outside the United States, Russian actors have conducted damaging and disruptive cyber attacks, including on critical infrastructure networks. In some cases, Russian intelligence actors have masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack. Russia has also leveraged cyberspace to seek to influence public opinion across Europe and Eurasia. We assess that Russian cyber operations will continue to target the United States and its allies to gather intelligence, support Russian decision-making, conduct influence operations to support Russian military and political objectives, and prepare the cyber environment for future contingencies.
China. We assess that Beijing will continue actively targeting the US Government, its allies, and US companies for cyber espionage. Private-sector security experts continue to identify ongoing cyber activity from China, although at volumes significantly lower than before the bilateral Chinese-US cyber commitments of September 2015. Beijing has also selectively used offensive cyber operations against foreign targets that it probably believes threaten Chinese domestic stability or regime legitimacy.
Iran. Tehran continues to leverage cyber espionage, propaganda, and attacks to support its security priorities, influence events and foreign perceptions, and counter threats—including against US allies in the region. Iran has also used its cyber capabilities directly against the United States. For example, in 2013, an Iranian hacker conducted an intrusion into the industrial control system of a US dam, and in 2014, Iranian actors conducted a data deletion attack against the network of a US-based casino.
North Korea. Pyongyang has previously conducted cyber-attacks against US commercial entities—specifically, Sony Pictures Entertainment in 2014—and remains capable of launching disruptive or destructive cyber attacks to support its political objectives. Pyongyang also poses a cyber threat to US allies. South Korean officials have suggested that North Korea was probably responsible for the compromise and disclosure of data in 2014 from a South Korean nuclear plant.
Terrorists. Terrorists—to include the Islamic State of Iraq and ash-Sham (ISIS)—will also continue to use the Internet to organize, recruit, spread propaganda, raise funds, collect intelligence, inspire action by followers, and coordinate operations. Hizballah and HAMAS will continue to build on their cyber accomplishments inside and outside the Middle East. ISIS will continue to seek opportunities to target and release sensitive information about US citizens, similar to their operations in 2015 disclosing information about US military personnel, in an effort to inspire attacks.
Criminals. Criminals are also developing and using sophisticated cyber tools for a variety of purposes including theft, extortion, and facilitation of other criminal activities. “Ransomware,” malware that employs deception and encryption to block users from accessing their own data, has become a particularly popular tool of extortion. In 2016, criminals employing ransomware turned their focus to the medical sector, disrupting patient care and undermining public confidence in some medical institutions.
The United States will face a complex global foreign intelligence threat environment in 2017. We assess that the leading state intelligence threats to US interests will continue to be Russia and China, based on their services’ capabilities, intent, and broad operational scope. Other states in South Asia, the Near East, East Asia, and Latin America will pose local and regional intelligence threats to US interests. For example, Iranian and Cuban intelligence and security services continue to view the United States as a primary threat.
Penetrating the US national decision-making apparatus and the Intelligence Community will remain primary objectives for numerous foreign intelligence entities. Additionally, the targeting of national security information and proprietary information from US companies and research institutions involved with defense, energy, finance, dual-use technology, and other areas will remain a persistent threat to US interests.
Non-state entities, including international terrorists and transnational organized crime groups, are likely to continue to employ and improve their intelligence capabilities including by human, technical, and cyber means. As with state intelligence services, these non-state entities recruit sources and perform physical and technical surveillance to facilitate their illicit activities and avoid detection and capture.
Trusted insiders who disclose sensitive or classified US Government information without authorization will remain a significant threat in 2017 and beyond. The sophistication and availability of information technology that increases the scope and impact of unauthorized disclosures exacerbate this threat.
The worldwide threat from terrorism will remain geographically diverse and multifaceted—a continuing challenge for the United States, our allies, and partners who seek to counter it. Sunni violent extremists will remain the primary terrorist threat. These extremists will continue to embroil conflict zones in the Middle East, Africa, and South Asia. Some will also seek to attempt attacks outside their operating areas.
Iran continues to be the foremost state sponsor of terrorism and, with its primary terrorism partner, Lebanese Hizballah, will pose a continuing threat to US interests and partners worldwide. The Syrian, Iraqi, and Yemeni conflicts will continue to aggravate the rising Sunni-Shia sectarian conflict, threatening regional stability.
Terrorist Threat to the United States
US-based homegrown violent extremists (HVEs) will remain the most frequent and unpredictable Sunni violent extremist threat to the US homeland. They will be spurred on by terrorist groups’ public calls to carry out attacks in the West. The threat of HVE attacks will persist, and some attacks will probably occur with little or no warning. In 2016, 16 HVEs were arrested, and three died in attacks against civilian soft targets. Those detained were arrested for a variety of reasons, including attempting travel overseas for jihad and plotting attacks in the United States. In addition to the HVE threat, a small number of foreign-based Sunni violent extremist groups will also pose a threat to the US homeland and continue publishing multilingual propaganda that calls for attacks against US and Western interests in the US homeland and abroad.
Dynamic Overseas Threat Environment
The Islamic State of Iraq and ash-Sham (ISIS) continues to pose an active terrorist threat to the United States and its allies because of its ideological appeal, media presence, control of territory in Iraq and Syria, its branches and networks in other countries, and its proven ability to direct and inspire attacks against a wide range of targets around the world. However, territorial losses in Iraq and Syria and persistent counterterrorism operations against parts of its global network are degrading its strength and ability to exploit instability and societal discontent. ISIS is unlikely to announce that it is ending its self-declared caliphate even if it loses overt control of its de facto capitals in Mosul, Iraq and Ar Raqqah, Syria and the majority of the populated areas it once controlled in Iraq and Syria.
Outside Iraq and Syria, ISIS is seeking to foster interconnectedness among its global branches and networks, align their efforts to ISIS’s strategy, and withstand counter-ISIS efforts. We assess that ISIS maintains the intent and capability to direct, enable, assist, and inspire transnational attacks. The number of foreign fighters traveling to join ISIS in Iraq and Syria will probably continue to decline as potential recruits face increasing difficulties attempting to travel there. The number of ISIS foreign fighters leaving Iraq and Syria might increase. Increasing departures would very likely prompt additional would-be fighters to look for new battlefields or return to their home countries to conduct or support external operations.