Will The US Be Hit With A Cyber Attack In The Next Six Months?

Yesterday, Dennis Blair, the US Director of National Intelligence, testifying before the US Senate Select Committee on Intelligence agreed that Al Qaeda and its affiliates had made it a high priority to attempt a large-scale attack on American soil within the next three to six months says a story the New York Times. His assessment was confirmed by the FBI and the CIA.

What this attack will be was not stated, but there were strong hints that the expectation was that it wasn't going to be a 9/11 type-situation, the Times reported.

CIA Director Leon Panetta said that, "The biggest threat is not so much that we face an attack like 9/11, It is that Al Qaeda is adapting its methods in ways that oftentimes make it difficult to detect."

Director Blair emphasized in his written testimony that the threat of a crippling cyber attack on the US telecommunications and other computer networks and electrical grid was increasing:

"Malicious cyberactivity is occurring on an unprecedented scale with extraordinary sophistication... Sensitive information is stolen daily from both government and private-sector networks, undermining confidence in our information systems, and in the very information these systems were intended to convey."

Director Blair also admitted that some of the attacks have been successful, and that their origins are unknown.

"We often find persistent, unauthorized, and at times, unattributable presences on exploited networks, the hallmark of an unknown adversary intending to do far more than merely demonstrate skill or mock a vulnerability."

Now, given that Director's written testimony amounted to 47 pages of potential threats to the US, a cyber-attack must be placed into some context. But cyber threats and risks were the first topic of his testimony, so my guess is that a cyber-attack is a pretty significant worry.

Making it more so is a story in today's ComputerWorld that while companies and governments are getting better at addressing new cyber threats, old ones are being ignored, unnecessarily leading to compromised systems. ComputerWorld cites a study by security company Trustwave as a source for its information.

ComputerWorld also has a story saying the US House of Representatives will be voting today on the Cybersecurity Enhancement Act of 2009 (HR 4061) which aims at increasing funding for cybersecurity research and to train more cybersecurity experts.

It's probably only a decade or so late.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City