The big attacks that have been disclosed so far in 2015 involved the theft of data, and a lot of it. Some 21 million personnel records were taken from the Office of Personnel Management, likely by China, while 4,000 records, some with “sensitive” information, were stolen from the Joint Chiefs civilian email system, a theft blamed on Russia.
But America’s top spies say the attacks that worry them don’t involve the theft of data, but the direct manipulation of it, changing perceptions of what is real and what is not.
Director of National Intelligence James Clapper spelled out his concerns in written testimony presented to the House Subcommittee on Intelligence today.
“Most of the public discussion regarding cyber threats has focused on the confidentiality and availability of information; cyber espionage undermines confidentiality, whereas denial of service operations and data deletion attacks undermine availability,” he wrote. “In the future, however, we might also see more cyber operations that will change or manipulate electronic information in order to compromise its integrity (i.e., accuracy and reliability) instead of deleting it or disrupting access to it.”
The bottom line, Clapper says: “Decision making by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving.”
Clapper also said Russia’s Ministry of Defense is establishing its own cyber command, “which according to senior Russian military officials will be responsible for conducting offensive cyber activities.”
Full article: The Next Wave of Cyberattacks Won’t Steal Data — They’ll Change It (Defense One)