US Ignores China, N. Korea Cyber Threats, Top Spy Says

Director of National Intelligence James R. Clapper in an official photograph.

NEW YORK — American businesses need to take significant steps to prevent theft of trade secrets by Chinese spies, North Korea is "deadly serious" about harming the United States through online attacks, and federal budget cuts and the Snowden leaks have left the country less safe, Director of National Intelligence Gen. James R. Clapper said yesterday (Jan. 7).

"China has been robbing our industrial base blind, largely with vulnerabilities that are easy to guard against or to simply fix," Clapper said at the International Conference on Cyber Security, a public-private symposium for law-enforcement officials and corporate executives held at the Manhattan campus of Fordham University every year.

MORE: 5 Worst Security Fails of 2014

Simple steps

There are three things that all American enterprises need to do to protect themselves "from the vast majority of attacks — from the Chinese and elsewhere," Clapper said.

"One, patch IT software obsessively," he said. "Two, segment the data — a single breach shouldn't give attackers access to an entire network infrastructure and a mother lode of proprietary data."

Third, he recommended that companies pay attention to the threat bulletins regularly issued by the FBI and the Department of Homeland Security.

"Bad cyber actors are using precisely these avenues to steal our lunch every day," Clapper said. "The Chinese, in particular, are cleaning us out, because we know we're supposed to do these simple things, and yet we don't do them."

Additionally, Clapper urged companies to "teach folks what spear phishing looks like."

Spear-phishing attacks were central to the devastating theft of cryptographic seeds from security-token maker RSA in 2011, which quickly led to network penetration of major American defense contractors.

"In national defense, few things turn heads like seeing your aviation system flying over the skies of a foreign nation, with a different flag on the tail," Clapper said, "or finding out that an adversary is already working to counter your expensive cutting-edge capabilities that haven't been released yet.

"In the private sector," he added, "there are few things more dispiriting to corporate health and morale, and corporate wealth, than seeing proprietary products show up in a foreign market a month before a product launch for a tenth of the price."

Growing North Korean threat

However, Chinese spies stealing industrial secrets are not the most significant threat to American computer networks, Clapper said — they're just "much noisier" than state-sponsored hackers from other countries.

Graver threats come from Russia, which has a very sophisticated offensive-hacking strategy that would be very destructive in a time of war, he said, and from Iran and North Korea, which are using cyberattacks as inexpensive force multipliers.

North Korea wants to be seen as a world power, Clapper explained, which is why it spends so much money on nuclear weapons, diverting resources from its conventional military. In that light, he said, offensive cyberattacks are a way to achieve maximal effect at relatively low cost.

In early November, Clapper traveled to North Korea to gain the release of two Americans held in Pyongyang, where he had a contentious dinner with a North Korean general who was the head of the country's signals-intelligence agency. Clapper said he presumes the general gave the order to attack Sony Pictures Entertainment, which Clapper called "the most serious cyberattack ever made against U.S. interests.

"They really do believe they're under siege from all directions," he said. "They are deadly, deadly serious about affronts to the supreme leader, whom they consider to be a deity. I watched 'The Interview' over the weekend, and it's clear to me the North Koreans don't have a sense of humor."

More: If you're traveling to China, make sure to get the best China VPN

Less safe now than before

Americans themselves need to be serious about threats from other countries and terrorists, Clapper said, because budget cuts and the leaks by former National Security Agency contractor Edward Snowden have undermined intelligence-gathering capabilities. As a result, the amount of viable information the intelligence community can give to government decision-makers has been cut back in recent years.

"We as a nation are accepting more risk," Clapper said. "We are not as safe and secure as we used to be."

As an example, Clapper said the Snowden documents compromised an intelligence-gathering system, which he did not name, that had been operating in Afghanistan. The loss of this system "poses a direct threat to our personnel there."

The sheer amount of malicious activity on the Internet almost brings about nostalgia for a seemingly simpler time, Clapper admitted.

"Sometimes, it makes me long for the halcyon days of the Cold War," he said, when the world essentially had two communication networks — one for the West, one for the Soviet bloc. "But now we're all interconnected and we're all global.

"Our task is to define the bad actors," Clapper added. "We're looking for thousands of needles, scattered among acres and acres of haystacks."

Paul Wagenseil is a senior editor at Tom's Guide focused on security and gaming. Follow him at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.

TOPICS

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

More about tech

A split screen image showing an instant camera on the left and a Dyson vacuum on the right

What Tom’s Guide tested this week: Expert reviews of Dyson, Insta360 and more

A composite of Soundcore Space One Pro headphones and Sony ZV-1F vlogging camera

What Tom’s Guide tested this week: 5 products that won our expert reviewers’ hearts

Robert De Niro as George in "Zero Day" coming to Netflix in February 2025

Netflix's 'Zero Day' is a gripping political thriller and Robert De Niro is a must-watch

See more latest

9 Comments Comment from the forums

Emanuel Elmo

"Clapper said, because budget cuts and the leaks by former National Security Agency contractor Edward Snowden have undermined intelligence-gathering capabilities. As a result, the amount of viable information the intelligence community can give to government decision-makers has been cut back in recent years."

Another way for fear mongering for the citizens of the United States. The government really does think the average American Citizen is stupid.

P.S. Clapper we were never as safe and as secure as we used to be. Just the form of attacks is different. I wonder how the government use to gather intel and send out messages? HMM!!!!

The article has some good points but I can not shack the fact that it is a article made to scary the reader.
Reply
coolitic

More propaganda anyone?
Reply
alidan

"Clapper said, because budget cuts and the leaks by former National Security Agency contractor Edward Snowden have undermined intelligence-gathering capabilities. As a result, the amount of viable information the intelligence community can give to government decision-makers has been cut back in recent years."

Another way for fear mongering for the citizens of the United States. The government really does think the average American Citizen is stupid.

P.S. Clapper we were never as safe and as secure as we used to be. Just the form of attacks is different. I wonder how the government use to gather intel and send out messages? HMM!!!!

The article has some good points but I can not shack the fact that it is a article made to scary the reader.

they dont think, they know... at least the ones that vote are that stupid.
Reply
Hydrotricithline

I'm sorry.. wah wah wah.. we lost all our backdoors and it's all Snowden's fault? Here I'm hearing "segment the data — a single breach shouldn't give attackers access to an entire network infrastructure and a mother lode of proprietary data." Meanwhile the US Government has a disclosure from a single contractor. And they're crying 9/11. Yes, you lost your ez win. It's time to get serious about security. 15-20 years ago you could download a copy of Sub-7 Backdoor trojan and install it on a system and it was a done deal.. Then Anti virus became mainstream; aswell as windows patches etc. 'Trojans' are no longer a huge threat because how the social climate changed and adapted. Atleast North Korea and China are honest about spying on their population, where as North American (american specifically here) are giving the illusion of human rights and freedoms. Freedom and rights to privacy with exception, aren't. Freedom comes at a cost as any veteran or enlisted person (or family) will tell you. Privacy comes at a cost too. Complaining that the american intelligence and security has lost the competitive edge they used to, is like complaining the american's as a whole have lost their edge manufacturing (with the exception of micro processor production). I can see this going some what of the same way. Foreign governments don't operate by a congruent rule base, and you can't sue someone in N. Korea for intellectual property theft. The basis on which we conduct private transactions within the nation need to change and reflect that as a whole. Or this nations intellectual security will go the way of the vinyl record store.

Adapt and conform; evolve or we will get left in the dust. Ideals left behind; holding onto the morale high ground in such things will only further the ignorance and entitlement.

The only real question I can see is what to do about such offences.
Nothing is an answer on it's own.
And not a good one.

My thoughts;
Not yours.

Reply
surphninja

"Wah wah wah! We don't wanna get warrants! Boo hoo! We don't want any oversight!"

Puh-lease. This guy isn't worried about our gather intelligence. He's more interested in perpetuating the lack of accountability and level of immunity that's been afforded to the US intelligence organizations.
Reply
eodeo

Clapper is a part of the problem. This "everyone is our enemy, until proven friendly" is crazy. Stop spying your own citizens. Full stop! No buts ands or ifs. Just stop it!

If you have to spy, because it's your thing, do it in your own time, and not on our dime. Lastly, and most assuredly not the least- stop torture and "enhanced interrogation".

Treat others you'd want them to treat you, also known as the golden rule. Most people believe it, you probably do to. Why not try it?
Reply
falchard

Main reason for security risk is NSA backdoor.
Reply
wric01

It's customary to do a smear campaign before US gets into another war / undeclared war.
Reply
xray686166233

New report: DHS is a mess of cybersecurity incompetence
more http://www.zdnet.com/article/new-report-the-dhs-is-a-mess-of-cybersecurity-incompetence/?tag=nl.e566&s_cid=e566&ttag=e566&ftag=TRE49e8aa0
Reply

Show more comments

Sign up to get the BEST of Tom's Guide direct to your inbox.

Most Popular