China, Russia, Iran, and North Korea increasingly use cyber operations to threaten minds and machines to steal information, to influence citizens, or to disrupt critical infrastructure, a new report said.
Threats to U.S. national security will expand and diversify in the coming year, driven in part by China and Russia as they respectively compete more intensely with the United States and its traditional allies and partners, said Daniel R. Coats, Director of National Intelligence in the annual “Worldwide Threat Assessment of the U.S. Intelligence Community.”
This competition cuts across all domains, involves a race for technological and military superiority, and is increasingly about values, Coats said in the report. Russia and China seek to shape the international system and regional security dynamics and exert influence over the politics and economies of states in all regions of the world and especially in their respective backyards. In essence:
• China and Russia are more aligned than at any point since the mid-1950s, and the relationship is likely to strengthen in the coming year as some of their interests and threat perceptions converge, particularly regarding perceived U.S. unilateralism and interventionism and Western promotion of democratic values and human rights.
• As China and Russia seek to expand their global influence, they are eroding once well-established security norms and increasing the risk of regional conflicts, particularly in the Middle East and East Asia.
• At the same time, some U.S. allies and partners are seeking greater independence from Washington in response to their perceptions of changing U.S. policies on security and trade and are becoming more open to new bilateral and multilateral partnerships.
The post-World War II international system is coming under increasing strain amid continuing cyber and WMD proliferation threats, competition in space, and regional conflicts, the report said. Among the disturbing trends are hostile states and actors’ intensifying online efforts to influence and interfere with elections here and abroad and their use of chemical weapons. Terrorism too will continue to be a top threat to U.S. and partner interests worldwide, particularly in Sub-Saharan Africa, the Middle East, South Asia, and Southeast Asia. The development and application of new technologies will introduce risks and opportunities, and the U.S. economy will be challenged by slower global economic growth and growing threats to U.S. economic competitiveness.
China and Russia pose the greatest espionage and cyber attack threats, but Coats said he anticipates all adversaries and strategic competitors will increasingly build and integrate cyber espionage, attack, and influence capabilities into their efforts to influence U.S. policies and advance their own national security interests. In the last decade, adversaries and strategic competitors have developed and experimented with a growing capability to shape and alter the information and systems on which we rely, the report said. For years, they have conducted cyber espionage to collect intelligence and targeted our critical infrastructure to hold it at risk. They are now becoming more adept at using social media to alter how we think, behave, and decide. As we connect and integrate billions of new digital devices into our lives and business processes, adversaries and strategic competitors almost certainly will gain greater insight into and access to our protected information.
China presents a persistent cyber espionage threat and a growing attack threat to core military and critical infrastructure systems. China remains the most active strategic competitor responsible for cyber espionage against the U.S. Government, corporations, and allies. It is improving its cyber attack capabilities and altering information online, shaping Chinese views and potentially the views of U.S. citizens.
In addition, the report said, China has the ability to launch cyber attacks that cause localized, temporary disruptive effects on critical infrastructure, such as disruption of a natural gas pipeline for days to weeks, in the United States.
Russia as Adversary
Russia also poses a cyber espionage, influence, and attack threat to the United States and allies. Moscow continues to be a highly capable and effective adversary, integrating cyber espionage, attack, and influence operations to achieve its political and military objectives. Moscow is now staging cyber attack assets to allow it to disrupt or damage U.S. civilian and military infrastructure during a crisis and poses a significant cyber influence threat.
Like China, Russia has the ability to execute cyber attacks in the United States that generate localized, temporary disruptive effects on critical infrastructure — such as disrupting an electrical distribution network for at least a few hours — similar to those demonstrated in Ukraine in 2015 and 2016. Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage.
Iran continues to present a cyber espionage and attack threat. Iran uses increasingly sophisticated cyber techniques to conduct espionage; it is also attempting to deploy cyber attack capabilities that would enable attacks against critical infrastructure in the United States and allied countries, the report said.
North Korea poses a significant cyber threat to financial institutions, remains a cyber espionage threat, and retains the ability to conduct disruptive cyber attacks. North Korea continues to use cyber capabilities to steal from financial institutions to generate revenue. Pyongyang’s cybercrime operations include attempts to steal more than $1.1 billion from financial institutions across the world — including a successful cyber heist of an estimated $81 million from the New York Federal Reserve account of Bangladesh’s central bank.