The US information infrastructure, including telecommunications and computer networks
and systems, and the data that reside on them, is critical to virtually every aspect of modern life.
Threats to our information technology infrastructure are an important focus of the Intelligence
Community. As government, private sector, and personal activities continue to move to
networked operations, as our digital systems add ever more capabilities, as wireless systems
become even more ubiquitous, and as the design, manufacture, and service of information
technology have moved overseas, the threat will continue to grow.
ability to spread ideas and influence large numbers of people. Nation-states and non-state groups
are taking an increasing interest in the role of mass media in shaping international opinions.
Terrorists will continue to be motivated to conduct spectacular attacks in part by the desire to
achieve maximum media exposure for their cause. Increasing global connectivity is enabling
radical groups to recruit and train new members, proliferate extremist ideologies, manage their
finances, manipulate public opinion, and coordinate attacks. In the recent conflict in Gaza, for
example, the media played an important role for both sides in shaping public perceptions of the
conflict. We can expect future adversaries to similarly employ mass media in an attempt to
constrain US courses of actions in a future crisis or conflict.
Further, the growing connectivity between information systems, the Internet, and other
infrastructures creates opportunities for attackers to disrupt telecommunications, electrical
power, energy pipelines, refineries, financial networks, and other critical infrastructures. Over
the past several years we have seen cyber attacks against critical infrastructures abroad, and
many of our own infrastructures are as vulnerable as their foreign counterparts.
• A successful cyber attack against a major financial service provider could severely impact
the national economy, while cyber attacks against physical infrastructure computer systems
such as those that control power grids or oil refineries have the potential to disrupt services
for hours to weeks.
Network defense technologies are widely available to mitigate threats but have not been
uniformly adopted due to associated costs, perceived need, operational requirements, and
regulatory constraints. This slow rate of adoption has allowed cyber attackers to keep up with
many defensive advances. Meanwhile, advances in digital communications technology, such as
the growth in wireless connectivity and the acceleration of network convergence with a variety
data increasingly digitized and transmitted over the Internet, are creating new vulnerabilities in
our networks and new avenues for cyber attacks.
Malicious activity on the Internet also is rapidly increasing: spam—unsolicited email that
can contain malicious software—now accounts for 81 percent of all email according to Message
Labs (Symantec); the Georgia Tech Information Security Center projects a ten-fold increase in
malicious software targeting data in the coming year; and botnets—networks of hijacked
computers used to deliver spam or launch distributed denial of service attacks—are expected to
compose 15 percent of all online computers in 2009. Ferris Research estimates that the total cost
of spam and all of the types of fraud that take advantage of spam’s impact is $42 billion in the
United States and $140 billion worldwide in last year, while McAfee estimates that global
companies may have lost over $1 trillion worth of intellectual property to data theft in 2008.
State and Non-State Threats. A growing array of state and non-state adversaries are
increasingly targeting—for exploitation and potentially disruption or destruction—our
information infrastructure, including the Internet, telecommunications networks, computer
systems, and embedded processors and controllers in critical industries. Over the past year, cyber
exploitation activity has grown more sophisticated, more targeted, and more serious. The
Intelligence Community expects these trends to continue in the coming year.
We assess that a number of nations, including Russia and China, have the technical
capabilities to target and disrupt elements of the US information infrastructure and for
intelligence collection. Nation states and criminals target our government and private sector
information networks to gain competitive advantage in the commercial sector. Terrorist groups,
including al-Qa’ida, HAMAS, and Hizballah, have expressed the desire to use cyber means to
target the United States. Criminal elements continue to show growing sophistication in technical
capability and targeting and today operate a pervasive, mature on-line service economy in illicit
cyber capabilities and services available to anyone willing to pay. Each of these actors has
different levels of skill and different intentions; therefore, we must develop flexible capabilities
to counter each. We must take proactive measures to detect and prevent intrusions from
whatever source, as they happen, and before they can do significant damage.
We expect disruptive cyber activities to be the norm in future political or military
conflicts. The Distributed Denial of Service (DDoS) attacks and Web defacements that targeted
Georgia in 2008 and Estonia in 2007 disrupted government, media, and banking Web sites.
DDoS attacks and Web defacements targeted Georgian government Web sites, including that of
Georgian President Saakishvili, intermittently disrupting online access to the official Georgian
perspective of the conflict and some Georgian Government functions but did not affect military
action. Such attacks have been a common outlet for hackers during political disputes over the
past decade, including Israel’s military conflicts with Hizballah and HAMAS in 2006 and 2008,
the aftermath of the terrorist attacks in Mumbai last year, the publication of cartoons caricaturing
the Prophet Mohammed in 2005, and the Chinese downing of a US Navy aircraft in 2001.
The Comprehensive National Cybersecurity Initiative. In January 2008, the
Comprehensive National Cybersecurity Initiative (CNCI) was adopted as national policy as part
of National Security Presidential Directive 54/Homeland Security Presidential Directive 23
(NSPD-54/HSPD-23). With bipartisan support, Congress appropriated the vast majority of the
CNCI funding request in the Consolidated Security, Disaster Assistance, and Continuing
Appropriations Act of 2009.
The CNCI addresses current cybersecurity threats, anticipates future threats and
technologies, and develops a framework for creating in partnership with the private sector an
environment that no longer favors cyber intruders over defenders. The CNCI includes defensive,
offensive, education, research and development, and counterintelligence elements, while
remaining sensitive throughout to the requirements of protecting the privacy rights and civil
liberties of US citizens. The CNCI is now making considerable progress in building a better
understanding of the cyber threat, developing concrete solutions, and approving detailed courses
of action. The Adminstration is now reviewing CNCI, to ensure it is consistent with its own
To be sure, significant work remains in order to protect, defend, and respond to the cyber
threat in a manner that markedly improves our nation’s overall security. Yet there is reason to be
hopeful. We are witnessing an unprecedented unity of effort across a broad coalition of
government agencies, members of Congress, and leaders of industry. To succeed, however, the
CNCI must remain a long-term national priority. With sustained momentum and continued
national resolve we can and will build an enduring security framework capable of protecting our
vital national security, economic, and public health interests.
We cannot afford to discover successful cyber intrusions after-the-fact, accept disastrous
losses, and then seek merely to contain them. It requires a broad alliance of departments,
agencies, and industry leaders to focus on countering the threat, mitigating vulnerabilities, and
enhancing resiliency in order to preserve our national security, national economy, and public
Growing Transnational Organized Crime Threat
Most organized criminal activities increasingly involve either networks of interconnected
criminal groups sharing expertise, skills, and resources in joint criminal ventures that transcend
national boundaries or powerful, well-organized crime groups seeking to legitimize their image
by investing in the global marketplace. Organized criminals and groups will increasingly pose a
threat to US national security interests by enhancing the capabilities of terrorists and hostile
Some organized crime networks, groups, and individuals also have invested in energy
and mineral markets in an effort to diversify and legitimize their business activities. Criminals’
coercive tactics, underhanded business practices, opaque motives, and self-serving loyalties can
undermine the normal workings and integrity of these global markets. The most powerful, highprofile
Eurasian criminal groups often form strategic alliances with senior political leaders and
business tycoons and can operate from a relative safehaven status with little to fear of
international arrest and prosecution. The leaders of many of these groups go to great lengths to
portray themselves as legitimate businessmen and use front companies that give them more
market access and leverage. They also employ some of the world’s best accountants, lawyers,
bankers, and lobbyists to deflect and frustrate the efforts of authorities.
The change in the structure and types of activities conducted by transnational criminal
groups is making it increasingly difficult to identify and attack them. In particular, the
increasing prevalence of loosely knit networks, the use of cyberspace and global financial
systems, and political corruption have made it easier for them to hide their involvement, to
thwart law enforcement efforts, and to create images of legitimacy.
The international security environment is complex. No dominant adversary faces the
United States that threatens our existence with military force, but the global financial crises has
exacerbated what was already a growing set of political and economic uncertainties. We are
nevertheless in a strong position to shape a world reflecting universal aspirations and values that
have motivated Americans since 1776: human rights; the rule of law; liberal market economics
and social justice. Whether we can succeed will depend on actions we take here at home—
restoring strong economic growth and maintaining our scientific and technological edge and
defending ourselves at reasonable cost in dollars without violating our civil liberties. It will also
depend on our actions abroad, not only in how we deal with regions, regimes and crises, but also
in developing new multilateral systems, formal or informal, for effective international
cooperation in trade and finance, in neutralizing extremist groups using terrorism, in controlling
the proliferation of WMD, developing codes of conduct for cyberspace and space, and in
mitigating and slowing global climate change.
( sorry Google blog text formating scewing up in Google's chrome browser.)