Director of National Intelligence James Clapper, left, and CIA Director… (Shawn Thew / European Pressphoto…)
WASHINGTON — Cyber-attacks and cyber-espionage pose a greater potential danger to U.S. national security than Al Qaeda and other militants that have dominated America's global focus since Sept. 11, 2001, the nation's top intelligence officials said Tuesday.
For the first time, the growing risk of computer-launched foreign assaults on U.S. infrastructure, including the power grid, transportation hubs and financial networks, was ranked higher in the U.S. intelligence community's annual review of worldwide threats than worries about terrorism, transnational organized crime and proliferation of weapons of mass destruction.
The startling reappraisal came a day after President Obama's national security advisor, Thomas Donilon, complained of "cyber-intrusions emanating from China on an unprecedented scale" and said China-based digital attacks on U.S. businesses and institutions had become "a key point of concern" for the White House.
"The international community cannot afford to tolerate such activity from any country," he said in a speech at the Asia Society in New York. He urged Beijing to "take serious steps to investigate and put a stop to these activities."
Appearing Tuesday before the Senate Intelligence Committee, James R. Clapper, director of national intelligence, said Russia and China are unlikely to launch a devastating cyber-attack against the United States outside a military conflict or crisis that they believe threatens their vital interests.
But according to Clapper's written statement, computer hackers or organized groups "could access some poorly protected U.S. networks that control core functions, such as power generation" although their ability to cause "high-impact, systemic disruptions will probably be limited."
"It's hard to overemphasize [cyber's] significance," Clapper told the committee.
Clapper testified alongside CIA Director John Brennan; FBI Director Robert S. Mueller III; Army Lt. Gen. Michael T. Flynn, who heads the Pentagon's Defense Intelligence Agency; Matthew Olsen, who heads the National Counterterrorism Center; and Philip Goldberg, who heads the State Department's Bureau of Intelligence and Research.
The downgrading of the terrorist threat came with notable qualifiers. As was clear in the September lethal attack on U.S. diplomatic and intelligence compounds in Benghazi, Libya, Al Qaeda's affiliates and sympathizers in the Middle East and North Africa still seek to harm U.S. interests.
Officials warned that despite setbacks, Al Qaeda in the Arabian Peninsula, the affiliate based in Yemen, aims to carry out attacks on U.S. soil and it "continues to adjust its tactics, techniques and procedures for targeting the West."
But aggressive counter-terrorist operations, including using drone-launched missiles to kill individuals and small groups in northwestern Pakistan, "have degraded core Al Qaeda to a point that the group is probably unable to carry out complex, large-scale attacks in the West," Clapper said.
Al Qaeda and its affiliates played little or no role in the popular uprisings across the Middle East and North Africa in 2011. But the fragile new governments in Egypt, Yemen and Libya, and continuing unrest in Syria and Mali, "have offered opportunities" for what Clapper called "unpredictable" attacks by established or aspiring terrorist groups on U.S. facilities and allies.
In response, Sen. Dianne Feinstein (D-Calif.), the committee chair, said "the terrorist threat has receded" because of a broad array of U.S. efforts. She said they include criminal prosecutions, noting that 438 people were convicted of terrorism-related charges in American courts from 2001 to 2010.
In a separate hearing before the Senate Armed Services Committee, Gen. Keith Alexander, who heads the Pentagon's new U.S. Cyber Command, which conducts military operations, as well as the National Security Agency, which carries out digital espionage overseas, said the number of attacks is growing.
"It's getting worse," he said, citing more than 140 attacks on Wall Street over the last six months. And in August, he said, a computer intrusion at Saudi Aramco, the Saudi Arabian national oil and gas company, destroyed data on more than 30,000 computers.
Outside experts blamed Iran for both sets of assaults, and Alexander was asked whether the Obama administration had considered retaliation.
"I think this gets to the heart of … when does the Defense Department step in to defend the country?" Alexander replied, saying he could not address specifics. Defense experts have struggled to define precisely when and how U.S. military or covert action should be taken to prevent a potential cyber-attack, especially when many appear all but impossible to trace.