Yesterday, Dennis Blair, the US Director of National Intelligence, testifying before the US Senate Select Committee on Intelligence agreed that Al Qaeda and its affiliates had made it a high priority to attempt a large-scale attack on American soil within the next three to six months says a story the New York Times. His assessment was confirmed by the FBI and the CIA.
What this attack will be was not stated, but there were strong hints that the expectation was that it wasn't going to be a 9/11 type-situation, the Times reported.
CIA Director Leon Panetta said that, "The biggest threat is not so much that we face an attack like 9/11, It is that Al Qaeda is adapting its methods in ways that oftentimes make it difficult to detect."
Director Blair emphasized in his written testimony that the threat of a crippling cyber attack on the US telecommunications and other computer networks and electrical grid was increasing:
"Malicious cyberactivity is occurring on an unprecedented scale with extraordinary sophistication... Sensitive information is stolen daily from both government and private-sector networks, undermining confidence in our information systems, and in the very information these systems were intended to convey."
Director Blair also admitted that some of the attacks have been successful, and that their origins are unknown.
"We often find persistent, unauthorized, and at times, unattributable presences on exploited networks, the hallmark of an unknown adversary intending to do far more than merely demonstrate skill or mock a vulnerability."
Now, given that Director's written testimony amounted to 47 pages of potential threats to the US, a cyber-attack must be placed into some context. But cyber threats and risks were the first topic of his testimony, so my guess is that a cyber-attack is a pretty significant worry.
Making it more so is a story in today's ComputerWorld that while companies and governments are getting better at addressing new cyber threats, old ones are being ignored, unnecessarily leading to compromised systems. ComputerWorld cites a study by security company Trustwave as a source for its information.
ComputerWorld also has a story saying the US House of Representatives will be voting today on the Cybersecurity Enhancement Act of 2009 (HR 4061) which aims at increasing funding for cybersecurity research and to train more cybersecurity experts.
It's probably only a decade or so late.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.