Cyber Highlights from 2021 Threat Assessment by US National Intelligence Community

U.S. Director of National Intelligence Avril Haines released the intelligence community’s 27-page 2021 Annual Threat Assessment this week. Here are some cyber-related and other highlights:

• Increasing use of cyber operations as a tool of national power, including increasing use by militaries around the world, raises the prospect of more destructive and disruptive cyber activity.
• As states attempt more aggressive cyber operations, they are more likely to affect civilian populations and to embolden other states that seek similar outcomes. 

Russia

• Russia will remain a top cyber threat as it refines and employs its espionage, influence, and attack capabilities. 
• Russia continues to target critical infrastructure, including underwater cables and industrial control systems, in the United States and in allied and partner countries, as compromising such infrastructure improves—and in some cases can demonstrate—its ability to damage infrastructure during a crisis.
• During the last decade, state sponsored hackers have compromised software and IT service supply chains, helping them conduct operations—espionage, sabotage, and potentially prepositioning for war-fighting.
• A Russian software supply chain operation against a US-based IT firm exposed approximately 18,000 customers worldwide, including enterprise networks across US Federal, state, and local governments; critical infrastructure entities; and other private sector organizations. The actors proceeded with follow-on activities to compromise the systems of some customers, including some US Government agencies. 
• Moscow almost certainly views US elections as an opportunity to try to undermine US global standing, sow discord inside the United States, influence US decision making, and sway US voters. Moscow conducted influence operations against US elections in 2016, 2018, and 2020. 
• Russia will continue to advance its technical collection and surveillance capabilities and probably will share its technology and expertise with other countries, including US adversaries. 

China

• China can launch cyber attacks that, at a minimum, can cause localized, temporary disruptions to critical infrastructure within the United States.
• China has a goal of achieving leadership in various emerging technology fields by 2030. Beijing uses a variety of tools, from public investment to espionage and IP theft, to advance its technological capabilities. 
• China’s cyber-espionage operations have included compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack, or influence operations.

Iran

• Iran’s expertise and willingness to conduct aggressive cyber operations make it a significant threat to the security of US and allied networks and data.
• Iran has the ability to conduct attacks on critical infrastructure, as well as to conduct influence and espionage activities. 
• Iran was responsible for multiple cyber attacks between April and July 2020 against Israeli water facilities that caused unspecified short-term effects. 
• Iran is increasingly active in using cyberspace to enable influence operations—including aggressive influence operations targeting the US 2020 presidential election—and we expect Tehran to focus on online covert influence, 

North Korea

• North Korea probably possesses the expertise to cause temporary, limited disruptions of some critical infrastructure networks and disrupt business networks in the United States, judging from its operations during the past decade, and it may be able to conduct operations that compromise software supply chains.
• North Korea has conducted cyber theft against financial institutions and cryptocurrency exchanges worldwide, potentially stealing hundreds of millions of dollars, probably to fund government priorities, such as its nuclear and missile programs.

Cybercriminals

• Many skilled foreign cybercriminals targeting the U.S. maintain mutually beneficial relationships with Russia, China, Iran, North Korea, and other countries that offer them safe haven or benefit from their activity. 
• Transnational criminal organizations will continue to employ cyber tools to steal from US and foreign businesses and use complex financial schemes to launder illicit proceeds, undermining confidence in financial institutions.

Domestic terrorists

• Terrorists remain interested in using chemical and biological agents in attacks against US interests and possibly the US homeland.
• US-based lone actors and small cells with a broad range of ideological motivations pose a greater immediate domestic threat than foreign terrorists.
• This is manifested both within homegrown violent extremists (HVEs), who are inspired by al-Qa‘ida and ISIS, and within domestic violent extremists (DVEs), who commit terrorist acts for ideological goals such as racial bias and antigovernment sentiment. 
• Australia, Germany, Norway, and the United Kingdom consider white racially or ethnically motivated violent extremists, including Neo-Nazi groups, to be the fastest growing terrorist threat they face.
• These and other DVEs, such as antigovernment extremists, are motivated and inspired by a mix of ideological, sociopolitical, and personal grievances against their targets, which have increasingly included large public gatherings, houses of worship, law enforcement and government facilities, and retail locations. 
• Lone actors are increasingly choosing soft, familiar targets for their attacks, limiting law enforcement opportunities for detection and disruption.