U.S. slow to pinpoint source of cyber attacks

Published 11 March 2009

U.S. director of national intelligence tells lawmakers that “It often takes weeks and sometimes months of subsequent investigation [to identify the source of a cyber attack]… And even at the end of very long investigations you’re not quite sure who carried out the offensive”

FBI experts say that cyber attacks pose the greatest threat to the United States after nuclear war and weapons of mass destruction — and these attacks are increasingly hard to prevent. The situation is serious enough for the FBI to coin the term “cybergeddon.” Shawn Henry, assistant director of the FBI’s cyber division, told a conference in New York that computer attacks pose the biggest risk “from a national security perspective, other than a weapon of mass destruction or a bomb in one of our major cities.” He added: “Other than a nuclear device or some other type of destructive weapon, the threat to our infrastructure, the threat to our intelligence, the threat to our computer network is the most critical threat we face” (see 7 January 2009 HS Daily Wire).

It is thus not good news that the United States often cannot quickly or reliably trace a cyber attack back to its source, even as rival nations and extremists may be looking to wage virtual war. “It often takes weeks and sometimes months of subsequent investigation,” said U.S. director of national intelligence (DNI) Dennis Blair in a testimony before a congressional panel. “And even at the end of very long investigations you’re not quite sure” who carried out the offensive.

China, Russia, and other countries already could be potent online foes and terrorists may find it easier in the future to hire hackers to target key systems, Blair told the Senate Armed Services Committee. “Terrorists are interested in using cyberweapons, just the way they’re interested in using most any weapon they can use against us,” notably to target systems critical to the high-tech driven US economy, he said. “We currently assess that their capability does not match their ambitions in that area, although that’s something we have to work on all the time because things become more widespread, terrorists can find hackers to work for them,” he said.

It is a concern, but right now I’d say their capability is low and, in addition, I think the more spectacular attacks that kill a lot of people on very publicly is what they are looking for,” said Blair.

Blair told the panel, which was looking at global threats to U.S. interests, that Washington is “absolutely” trying to speed up what is now the “very slow and painstaking” process of determining who carried out a cyberattack.