On the second day the leaders of the United States (U.S.) Intelligence Community (IC) were testifying before Congress on the global threat landscape, the Biden Administration ratchets up the sanctions on the Russian Federation for the SolarWinds hack and interfering in the 2020 election.
The Biden Administration names and sanctions Russia for SolarWinds and 2020 election interference the day after the IC painted a grim global picture.
It was not all technology, and much of the focus was on military and foreign relations issues, notably the Biden Administration’s decision to withdraw from Afghanistan. And yet, many of the questions were about cybersecurity issues, especially Russia’s hack and how the U.S. may change its laws and policies to better defend against hacks.
The Biden Administration ratcheted up the sanctions on the Russian Federation for its SolarWinds hack, interfering with the 2020 election, encroachment in Ukraine, political assassinations, and other conduct. In addition to sanctioning Russian companies and individuals, the Administration will bar U.S. institutions from dealing with primary Russian debt in international markets. Moreover, the U.S. finally formally attributed the SolarWinds hack to SVR.
Director of National Intelligence (DNI) Avril Haines, Central Intelligence Agency (CIA) Director William Burns, Federal Bureau of Investigation (FBI) Director Christopher Wray, National Security Agency (NSA) Director General Paul Nakasone, and Defense Intelligence Agency (DIA) Director Lieutenant General Scott Berrier appeared at an open Senate Intelligence Committee hearing and an open House Intelligence Committee hearing. In concert with the appearance of IC before the Intelligence Committees, the Office of the Director of National Intelligence released the 2021 Annual Threat Assessment of the U.S. Intelligence Community, much of which was discussed during the hearing (see below for key excerpts).
The IC’s 2021 assessment provided a survey of the threats the U.S. faces, including from other nations and larger systemic threats like pandemics, climate change, and others. However, technology issues cut across most of these threat areas, and Senators focused extensively on the recent SolarWinds hack, the rise of the People’s Republic of China (PRC), emerging technology, and disinformation. The pending Biden Administration announcement on its plan to withdraw troops from Afghanistan was also a topic on the mind of lawmakers.
There does seem to be agreement on the need for legislation requiring the owners and operators of critical cyber infrastructure to report incidents and breaches. It is unclear if stakeholders will seek to expand the NSA’s authority to surveil domestic systems and networks even though the NSA Director stressed he is not asking for such a change.
Chair Mark Warner (D-VA) (watch his opening statement but no written remarks have been released) said every year since 1994, the Senate Intelligence Committee has held an open unclassified worldwide threats hearing. He asserted it is important the hearing be conducted publicly and openly to ensure Americans can gain a good understanding of threats facing the U.S. from trusted, objective sources. Warner said he was dismayed in 2020 when the Director of National Intelligence refused to appear before the committee in an open hearing. He stressed the IC should provide unbiased intelligence and analysis is not shaded or shaped to fit certain perspectives.
Warner stated the Threat Assessment goes into detail on a wide variety of threats the U.S. faces, but he said there are some issues in particular he would like to address: cybersecurity, election security, the rise in domestic violent extremism, and the rise of the People’s Republic of China (PRC), especially the rise of the Chinese Communist Party (CCP). He stressed that the threats the PRC and CCP pose have nothing to do with the Chinese people, the Chinese diaspora, or Asian Americans. Warner argued that “false equivalence” only breeds hate, suspicion, and division and plays right into Beijing’s hands.
Warner asserted as the PRC has grown in statute the CCP has sought to undercut the U.S. as the world’s leading technological power. Warner said this is evident both in strategic investments and traditional espionage to acquire intellectual property, their use and export of surveillance technology to authoritarian regimes, and their modernization of traditional and asymmetric military capabilities, including in the space and cyber domains. He said when the PRC’s development of 5G technology is examined, it is clear the CCP has acted aggressively to influence international standards setting bodies and to invest in a national champion: Huawei. Warner asserted this company threatens to dominate the worldwide telecommunications market. He expressed his fears the CCP will develop a similar strategy to dominate the development of other emerging technologies, including artificial intelligence (AI), quantum computing, and biotechnology.
Warner said in the cyber domain, Russia was responsible for an incredibly sophisticated hack of government and private sector systems using software updates from what appeared to be a trusted advisor in SolarWinds. He added other adversaries also have the capability to undertake destructive attacks on critical infrastructure. Warner said there have been other recent, large attacks, including the Hafnium hack of the Microsoft Exchange users, producing serious consequences for U.S. networks. He declared that in order to deter these intrusions, the U.S. will need to accurately and quickly attribute them and hold our adversaries accountable. Warner stated the SolarWinds hack offered a stark reminder that if there is no requirement to report breaches of critical infrastructure and if FireEye had not come forward the U.S. might still be in the dark about Russian compromise of SolarWinds and other networks. He noted unfirm, bipartisan agreement at the hearing on the SolarWinds hack that Congress needs to move forward on legislation. Warner added the U.S. should work to develop new international norms that place certain types of attacks, such as supply chain attacks, outside acceptable cyber operations the same chemical attacks are outside the acceptable norms of military conflict.
Warner asserted the ongoing threat of misinformation and disinformation is related to these issues, especially when it targets the U.S.’ free and democratic elections. He said as the IC noted in its recent assessment, Russia undertook a sophisticated disinformation campaign in 2020 to undercut the current president and to bolster the candidacy of the former one. Warner contended the U.S. needs to make clear those who perpetrated this interference will pay a price. He argued the technologies that have made misinformation and disinformation so effective has also been sued to great effect by the groups and people who attempted an insurrection on 6 January. Warner remarked domestic violent extremist were around long before 6 January, and they will continue to pose a significant threat long after that incident has been put to rest.
Ranking Member Marco Rubio (R-FL) (watch his opening statement and read his written remarks) said the annual hearing was the one time a year the American public and many Members of Congress get an unvarnished view from nonpartisan officials on the threats the U.S. faces. He said the hearing is also useful in helping people understand the three core missions of the IC: 1) gathering information, especially that information adversaries do not want the U.S. to possess; 2) analyzing that information to understand what it means or could mean; and 3) to inform policymakers in making decisions.
Rubio said with respect to the threats, at the risk of being overly simplistic, more than 90% of the threats can be tracked to five things: 1) the PRC; 2) Russia; 3) Iran; 4) North Korea; and 5) global terrorism. He said those five sources comprise a substantial percentage of all the challenges the U.S. faces in its foreign policy and in its domestic policy. Rubio said rapidly evolving technology has helped the U.S. tremendously, but it has also helped U.S. adversaries, none of whom are constrained by U.S. commitments such as the rule of law or a moral compass when it comes to using deep fakes, deep data analytics, disinformation, misinformation, or AI.
Rubio said cyber threat is real both in U.S. government networks and critical cyber infrastructure. He asserted the U.S. needs a more explicit cyber deterrence policy that clearly sets expectations for accepted cyber behavior and delineated the very clear responses when those lines are crossed. Rubio stated today’s technology environment allows U.S. adversaries to wreak havoc, something they often do at minimal cost. He asserted the SolarWinds hack shows how easily U.S. infrastructure can be compromised and posited it is not hard to imagine the destruction if U.S. adversaries were determined to wage attacks on the power grid or water supply instead of conducting espionage. Rubio claimed the theft of U.S. innovation threatens the country’s economic competitiveness. He contended the PRC as part of its civil-military fusion strategy has been adept at extracting this sort of information from private corporations, universities, and laboratories.
Director of National Intelligence (DNI) Avril Haines (watch her opening statement and read her written remarks) said her goal and the goal of her colleagues is to provide the view on global threats as they see them. She noted the rapidly changing global threat landscape that will likely cause the IC and U.S. to face bigger, more interconnected crises such as disease, climate change, technological disruption, and financial crises. Haines said these dynamics will test the resiliency and adaptability of nation states and people around the world and may exceed the capacity of existing systems and models. She said the looming disequilibrium between existing and future challenges and the ability of institutions to respond is likely to grow and “produce greater contestation at every level.” Haines declared this demands that the IC broaden its definition of national security, develop and integrate new and emerging expertise in our work, deepen and strengthen partnerships, and learn to focus on the long-term strategic threats while simultaneously addressing urgent crises. She added that at no time has it been more important to invest in institutions, norms, and workforce.
With respect to nation-state threats, Haines stated that the PRC is an unparalleled threat, but Russia, Iran, and North Korea are also significant threats that bear watching. She asserted the PRC is increasingly a near-peer competitor challenging the U.S. in multiple areas while pushing to revise global norms in ways that favor the authoritarian Chinese system. Haines said the PRC is deploying a comprehensive system to demonstrate its strength and compel regional neighbors to acquiesce to Beijing’s preferences. She noted the PRC’s substantial cyber capabilities that can cause, at a minimum, localized temporary disruptions to critical infrastructure inside the U.S. Haines cautioned that the PRC’s economic, demographic, and environmental vulnerabilities threaten to derail its ambitions to be the world’s dominant power.
Haines said the IC continues to believe Moscow will deploy a variety of tactics to undermine U.S. influence and erode western alliances. She contended that while Russia does not want a conflict with the U.S., Russian officials have long believed Washington is seeking to weaken Russia. Haines said Russia will use of number of means to achieve its goals, including new cyber capabilities to threaten the U.S. and its allies. She added Russia will use malign influence campaigns, including during U.S. elections, to undermine U.S. standing, sow discord, and influence U.S. decision making. Haines remarked Russia has become increasingly adept at leveraging its asymmetric capabilities in both the military and cyber spheres in order to force the U.S. to accommodate its interests.
With respect to non-nation state threats, Haines pointed to transnational criminal organizations that employ cyber tools to steal from U.S. and foreign businesses and use complex financial schemes to launder illicit proceeds, undermining confidence in financial institutions. She added:
Emerging and disruptive technologies, as well as the proliferation and permeation of technology in all aspects of our lives, pose unique challenges. Cyber capabilities, to illustrate, are demonstrably intertwined with threats from our infrastructure and to foreign malign influence threats against our democracy. And we need, as you all have stressed to us, to focus on the competition in critical technical areas such as high performance computing, microelectronics, biotechnology, artificial intelligence, quantum computing, fiber optics, and metamaterials.
- Warner’s question time covered 5G, Huawei, the PRC, and strengthening IC capabilities to suss out future areas of focus
- Rubio’s questions focused on potential origins for the COVID-19 virus in the PRC, and the PRC’s conduct in trying to shape and influence U.S. policy
- Senator Dianne Feinstein (D-CA) asked about the capability of adversaries to threaten U.S. critical cyber infrastructure and how U.S. companies need to protect their networks.
- Senator Richard Burr (R-NC) stressed the importance of 5G and asked about the percentage of IC employees who have been vaccinated, asked about the decision to leave Afghanistan, and whether the NSA and FBI need legal changes to better monitor U.S. networks.
- Senator Ron Wyden (D-OR) asked for answers to letter on declassifying CIA reports and Foreign Intelligence Surveillance Act matters, about current legislative authority for NSA and CISA to protect U.S. networks, and data brokers and privacy.
- Senator James Risch (R-ID) asked about the Abraham Accords’ effect on threats and contended asymmetric cyber threats should have received greater emphasis in the IC’s report.
- Senator Martin Heinrich (D-NM) referenced a letter he wrote to the FBI and the Department of Homeland Security regarding QAnon and asked why the FBI will not allow the response to be released to the public. There was further discussion about QAnon and domestic extremism.
- Senator Susan Collins (R-ME) asked about the risks of withdrawing troops from Afghanistan.
- Senator Angus King (I-ME) asked about the gap between foreign facing and domestic facing agencies and whether the U.S. has an adequate cyber deterrence.
- Senator Roy Blunt (R-MO) asked about the PRC’s satellite and space programs and Russian activities in Ukraine.
- Senator Michael Bennet (D-CO) asked how the U.S. is working to maintain its superiority in space, especially the private sector. He also asked about the intersection between social media platforms and domestic extremism.
- Senator John Cornyn (R-TX) asked about requiring victims of cyberattacks to notify the U.S. government and inquired about how Congress should prioritize technology issues with respect to national security.
- Senator Bob Casey (D-PA) spoke about U.S. capability to monitor U.S. investment in countries that harms national security and asked how the IC works to mitigate foreign adversaries compromising U.S. supply chains.
- Senator Ben Sasse (R-NE) asked when the 2018 export control reform law will be fully implemented and how the U.S. can rally like-minded nations against the PRC.
- Senator Kirsten Gillibrand (D-NY)asked if the FBI would provide documents she requested related to the 11 September 2001 attacks. She also asked about a statutory mandate for companies to report breaches and possible blind spots in the NSA’s ability to monitor cyber threats.
- Senator Tom Cotton (R-AR) asked whether the FBI investigate the Biden Administration’s nominee’s for Undersecretary of Defense for Policy for mishandling classified information. He asked about the IC’s assessment of mitigation on the U.S.-Mexico border.
The day after the Senate Intelligence Committee met and the day the House Intelligence Committee held its hearing on the 2021 worldwide threat report, President Joe Biden signed an executive order and his administration took a number of related actions sanctioning individuals and entities in the Russian Federation. However, one White House official claimed these were the public components of the U.S. response with others “that will remain unseen.” This same official attributed the SolarWinds hack to APT29, a unit associated with Russia’s Foreign Intelligence Service (Sluzhba vneshney razvedki Rossiyskoy Federatsii or SVR.) In concert, the Department of the Treasury sanctioned six entities with links to the SVR and a number of Russian nationals. The Biden Administration is also barring U.S. financial institutions from dealing in the primary markets for ruble denominated and non-ruble denominated Russian bonds. Additionally, the Department of State expelled 10 Russian diplomats from the U.S. allegedly including “representatives of Russian intelligence services.” Administration officials stressed they can take additional actions under the executive order if needed.
In the Executive Order (EO) “Blocking Property with Respect to Specified Harmful Foreign Activities of the Government of the Russian Federation,” Biden found the Russian Federation had transgressed in a number of ways beyond election interference and the SolarWinds hack:
that specified harmful foreign activities of the Government of the Russian Federation — in particular, efforts to undermine the conduct of free and fair democratic elections and democratic institutions in the United States and its allies and partners; to engage in and facilitate malicious cyber-enabled activities against the United States and its allies and partners; to foster and use transnational corruption to influence foreign governments; to pursue extraterritorial activities targeting dissidents or journalists; to undermine security in countries and regions important to United States national security; and to violate well-established principles of international law, including respect for the territorial integrity of states — constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.
Biden directed the Department of the Treasury (Treasury) to take a number of actions. In its press release, Treasury explained:
- To address these threats, the E.O. of April 15, 2021 authorizes sanctions on a wide range of persons, including, among others, those operating in the technology and defense and related materiel sectors of the Russian Federation economy, and in any additional sectors of the Russian Federation economy as may be determined by the Secretary of the Treasury, in consultation with the Secretary of State.
- Treasury’s first use of the E.O. of April 15, 2021 targets companies operating in the technology sector of the Russian Federation economy that support Russian Intelligence Services. The following companies are designated for operating in the technology sector of the Russian Federation economy: ERA Technopolis; Pasit, AO (Pasit); Federal State Autonomous Scientific Establishment Scientific Research Institute Specialized Security Computing Devices and Automation (SVA); Neobit, OOO (Neobit); Advanced System Technology, AO (AST); and Pozitiv Teknolodzhiz, AO (Positive Technologies).
- Pursuant to the E.O. of April 15, 2021, Treasury’s Office of Foreign Assets Control (OFAC) is issuing a directive that generally prohibits U.S. financial institutions from participating in the primary market for ruble or non-ruble denominated bonds issued after June 14, 2021 by the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, or the Ministry of Finance of the Russian Federation, and further prohibits U.S. financial institutions from lending ruble or non-ruble denominated funds to these three entities. This directive expands upon existing prohibitions on certain dealings in Russian sovereign debt that have been in place since August 2019.
At a White House background briefing, one unnamed senior White House official stated:
The SVR unit, APT29, Cozy Bear, the Dukes — known by all of those names — we are attributing as the actor that conducted this intrusion. The U.S. intelligence community has high confidence in its assessment of attribution to the SVR. This is an update to the January 5th, 2021, assessment by the previous administration that this incident was, quote, “likely of Russian origin.”
Another unnamed White House official contended:
- There are two aspects to the U.S. response to SolarWinds. First, naming and imposing costs on the perpetrator of SolarWinds. And second, strongly affirming the importance of an open, interoperable, secure, and reliable Internet.
- So on the first aspect, building on the attribution and, as [senior administration official] noted, Treasury’s designation of six Russian technology companies that provide support to the Russian Intelligence Service’s cyber program, ranging from providing expertise to developing tools and infrastructure to facilitate those malicious cyber activities. They’re being designated — the companies — for operating in the technology sector of the Russian Federation economy. And we will continue to hold those companies accountable for that behavior.
- Second, the SVR’s compromise of SolarWinds and other companies highlights the risks posed by Russia’s efforts to target companies worldwide through supply chain exploitation. Those efforts should serve as a warning about the risks of using information and communications technology and services supplied by companies that operate or store user data in Russia, or rely on software development or remote technical support by personnel in Russia.
- The U.S. government strongly encourages all U.S. companies using communications or technologies supplied by companies with ties to Russia to evaluate the security of their infrastructure and be aware of the potential for future U.S. action that may affect their operation.
- The U.S. government is evaluating whether to take action under Executive Order 13873 to better protect our communications and technology supply chain from further exploitation by Russia.
Finally, The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory “Russian SVR Targets U.S. and Allied Networks” “to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities” according to their press release. The agencies explained:
Russian Foreign Intelligence Service (SVR) actors (also known as APT29, Cozy Bear, and The Dukes) frequently use publicly known vulnerabilities to conduct widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access. This targeting and exploitation encompasses U.S. and allied networks, including national security and government-related systems.
Recent Russian SVR activities include compromising SolarWinds® Orion® software updates, targeting COVID-19 research facilities through deploying WellMess malware, and leveraging a VMware® vulnerability that was a zero-day at the time for follow-on Security Assertion Markup Language (SAML) authentication abuse. SVR cyber actors also used authentication abuse tactics following SolarWinds-based breaches.
The SVR has exploited—and continues to successfully exploit—software vulnerabilities to gain initial footholds into victim devices and networks, to include:
- CVE-2018-13379 Fortinet®
- CVE-2019-9670 Zimbra®
- CVE-2019-11510 Pulse Secure®
- CVE-2019-19781 Citrix®
- CVE-2020-4006 VMware®
The NSA, CISA, and FBI previously shared mitigations to defend against exploitation of these vulnerabilities. Knowing the tradecraft that nation-state cyber actors use along with relevant response actions will enable network defenders to focus on mitigating the vulnerabilities and techniques, enabling more comprehensive protection against adversary compromise.
Key excerpts from the 2021 Annual Threat Assessment of the U.S. Intelligence Community:
CHINA’S PUSH FOR GLOBAL POWER
Beijing is working to match or exceed US capabilities in space to gain the military, economic, and prestige benefits that Washington has accrued from space leadership.
- We expect a Chinese space station in low Earth orbit (LEO) to be operational between 2022 and 2024. China also has conducted and plans to conduct additional lunar exploration missions, and it intends to establish a robotic research station on the Moon and later an intermittently crewed lunar base.
- The PLA will continue to integrate space services—such as satellite reconnaissance and positioning, navigation, and timing (PNT)—and satellite communications into its weapons and command-and-control systems to erode the US military’s information advantage.
Counterspace operations will be integral to potential military campaigns by the PLA, and China has counterspace- weapons capabilities intended to target US and allied satellites.
- Beijing continues to train its military space elements and field new destructive and nondestructive ground- and space-based antisatellite (ASAT) weapons.
- China has already fielded ground-based ASAT missiles intended to destroy satellites in LEO and ground-based ASAT lasers probably intended to blind or damage sensitive space-based optical sensors on LEO satellites.
We assess that China presents a prolific and effective cyber-espionage threat, possesses substantial cyber-attack capabilities, and presents a growing influence threat. China’s cyber pursuits and proliferation of related technologies increase the threats of cyber attacks against the US homeland, suppression of US web content that Beijing views as threatening to its internal ideological control, and the expansion of technology-driven authoritarianism around the world.
- We continue to assess that China can launch cyber attacks that, at a minimum, can cause localized, temporary disruptions to critical infrastructure within the United States.
- China leads the world in applying surveillance systems and censorship to monitor its population and repress dissent, particularly among ethnic minorities, such as the Uyghurs. Beijing conducts cyber intrusions that affect US and non-US citizens beyond its borders—such as hacking journalists, stealing personal information, or attacking tools that allow free speech online—as part of its efforts to surveil perceived threats to CCP power and tailor influence efforts. Beijing is also using its assistance to global efforts to combat COVID-19 to export its surveillance tools and technologies.
- China’s cyber-espionage operations have included compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack, or influence operations.
Intelligence, Influence Operations, and Elections Influence and Interference
China will continue expanding its global intelligence footprint to better support its growing political, economic, and security interests around the world, increasingly challenging the United States’ alliances and partnerships. Across East Asia and the western Pacific, which Beijing views as its natural sphere of influence, China is attempting to exploit doubts about the US commitment to the region, undermine Taiwan’s democracy, and extend Beijing’s influence.
- Beijing has been intensifying efforts to shape the political environment in the United States to promote its policy preferences, mold public discourse, pressure political figures whom Beijing believes oppose its interests, and muffle criticism of China on such issues as religious freedom and the suppression of democracy in Hong Kong.
RUSSIAN PROVOCATIVE ACTIONS
Moscow will continue to employ a variety of tactics this year meant to undermine US influence, develop new international norms and partnerships, divide Western countries and weaken Western alliances, and demonstrate Russia’s ability to shape global events as a major player in a new multipolar international order. Russia will continue to develop its military, nuclear, space, cyber, and intelligence capabilities, while actively engaging abroad and leveraging its energy resources, to advance its agenda and undermine the United States.
We expect Moscow to seek opportunities for pragmatic cooperation with Washington on its own terms, and we assess that Russia does not want a direct conflict with US forces.
- Russian officials have long believed that the United States is conducting its own “influence campaigns” to undermine Russia, weaken President Vladimir Putin, and install Western-friendly regimes in the states of the former Soviet Union and elsewhere.
- Russia seeks an accommodation with the United States on mutual noninterference in both countries’ domestic affairs and US recognition of Russia’s claimed sphere of influence over much of the former Soviet Union.
We expect Moscow’s military posture and behavior—including military modernization, use of military force, and the integration of information warfare—to challenge the interests of the United States and its allies. Despite flat or even declining defense spending, Russia will emphasize new weapons that present increased threats to the United States and regional actors while continuing its foreign military engagements, conducting training exercises, and incorporating lessons from its involvement in Syria and Ukraine.
- Moscow has the wherewithal to deploy forces in strategically important regions but the farther it deploys from Russia, the less able it probably will be to sustain intensive combat operations.
- Private military and security companies managed by Russian oligarchs close to the Kremlin extend Moscow’s military reach at low cost, allowing Russia to disavow its involvement and distance itself from battlefield casualties. These proxy forces, however, often fail to achieve Moscow’s strategic goals because of their limited tactical proficiency.
We assess that Russia will remain a top cyber threat as it refines and employs its espionage, influence, and attack capabilities.
Russia continues to target critical infrastructure, including underwater cables and industrial control systems, in the United States and in allied and partner countries, as compromising such infrastructure improves—and in some cases can demonstrate—its ability to damage infrastructure during a crisis.
- A Russian software supply chain operation in 2020, described in the cyber section of this report, demonstrates Moscow’s capability and intent to target and potentially disrupt public and private organizations in the United States.
- Russia is also using cyber operations to defend against what it sees as threats to the stability of the Russian Government. In 2019, Russia attempted to hack journalists and organizations that were investigating Russian Government activity and in at least one instance leaked their information.
- Russia almost certainly considers cyber attacks an acceptable option to deter adversaries, control escalation, and prosecute conflicts.
Intelligence, Influence Operations, and Elections Influence and Interference
Russia presents one of the most serious intelligence threats to the United States, using its intelligence services and influence tools to try to divide Western alliances, preserve its influence in the post-Soviet area, and increase its sway around the world, while undermining US global standing, sowing discord inside the United States, and influencing US voters and decisionmaking. Russia will continue to advance its technical collection and surveillance capabilities and probably will share its technology and expertise with other countries, including US adversaries.
- Moscow almost certainly views US elections as an opportunity to try to undermine US global standing, sow discord inside the United States, influence US decisionmaking, and sway US voters. Moscow conducted influence operations against US elections in 2016, 2018, and 2020.
Russia will remain a key space competitor, maintaining a large network of reconnaissance, communications, and navigation satellites. It will focus on integrating space services—such as communications; positioning, navigation, and timing (PNT); geolocation; and intelligence, surveillance, and reconnaissance—into its weapons and command-and-control systems.
- Russia continues to train its military space elements and field new antisatellite (ASAT) weapons to disrupt and degrade US and allied space capabilities, and it is developing, testing, and fielding an array of nondestructive and destructive counterspace weapons—including jamming and cyberspace capabilities, directed energy weapons, on-orbit capabilities, and ground-based ASAT capabilities—to target US and allied satellites.
IRANIAN PROVOCATIVE ACTIONS
Cyber, Intelligence, Influence, and Election Interference
Iran’s expertise and willingness to conduct aggressive cyber operations make it a significant threat to the security of US and allied networks and data. Iran has the ability to conduct attacks on critical infrastructure, as well as to conduct influence and espionage activities.
- Iran was responsible for multiple cyber attacks between April and July 2020 against Israeli water facilities that caused unspecified short-term effects, according to press reporting.
Iran is increasingly active in using cyberspace to enable influence operations—including aggressive influence operations targeting the US 2020 presidential election—and we expect Tehran to focus on online covert influence, such as spreading disinformation about fake threats or compromised election infrastructure and recirculating anti-US content.
- Iran attempted to influence dynamics around the 2020 US presidential election by sending threatening messages to US voters, and Iranian cyber actors in December 2020 disseminated information about US election officials to try to undermine confidence in the US election.
NORTH KOREAN PROVOCATIVE ACTIONS
North Korea’s cyber program poses a growing espionage, theft, and attack threat.
- Pyongyang probably possesses the expertise to cause temporary, limited disruptions of some critical infrastructure networks and disrupt business networks in the United States, judging from its operations during the past decade, and it may be able to conduct operations that compromise software supply chains.
- North Korea has conducted cyber theft against financial institutions and cryptocurrency exchanges worldwide, potentially stealing hundreds of millions of dollars, probably to fund government priorities, such as its nuclear and missile programs.
Following decades of investments and efforts by multiple countries that have increased their technological capability, US leadership in emerging technologies is increasingly challenged, primarily by China. We anticipate that with a more level playing field, new technological developments will increasingly emerge from multiple countries and with less warning.
- New technologies, rapidly diffusing around the world, put increasingly sophisticated capabilities in the hands of small groups and individuals as well as enhancing the capabilities of nation states. While democratization of technology can be beneficial, it can also be economically, militarily, and socially destabilizing. For this reason, advances in technologies such as computing, biotechnology, artificial intelligence, and manufacturing warrant extra attention to anticipate the trajectories of emerging technologies and understand their implications for security.
China has a goal of achieving leadership in various emerging technology fields by 2030. China stands out as the primary strategic competitor to the U.S. because it has a well-resourced and comprehensive strategy to acquire and use technology to advance its national goals, including technology transfers and intelligence gathering through a Military-Civil Fusion Policy and a National Intelligence Law requiring all Chinese entities to share technology and information with military, intelligence and security services.
- Beijing is focused on technologies it sees as critical to its military and economic future, including broad enabling technologies such as biotechnology, advanced computing, and artificial intelligence, as well as niche technical needs such as secure communications.
Moscow also views the development of advanced S&T as a national security priority and seeks to preserve its technological sovereignty. Russia is increasingly looking to talent recruitment and international scientific collaborations to advance domestic R&D efforts but resource constraints have forced it to focus indigenous R&D efforts on a few key technologies, such as military applications of AI.
Cyber threats from nation states and their surrogates will remain acute. Foreign states use cyber operations to steal information, influence populations, and damage industry, including physical and digital critical infrastructure. Although an increasing number of countries and nonstate actors have these capabilities, we remain most concerned about Russia, China, Iran, and North Korea. Many skilled foreign cybercriminals targeting the United States maintain mutually beneficial relationships with these and other countries that offer them safe haven or benefit from their activity.
States’ increasing use of cyber operations as a tool of national power, including increasing use by militaries around the world, raises the prospect of more destructive and disruptive cyberactivity. As states attempt more aggressive cyber operations, they are more likely to affect civilian populations and to embolden other states that seek similar outcomes.
Authoritarian and illiberal regimes around the world will increasingly exploit digital tools to surveil their citizens, control free expression, and censor and manipulate information to maintain control over their populations. Such regimes are increasingly conducting cyber intrusions that affect citizens beyond their borders—such as hacking journalists and religious minorities or attacking tools that allow free speech online—as part of their broader efforts to surveil and influence foreign populations.
Democracies will continue to debate how to protect privacy and civil liberties as they confront domestic security threats and contend with the perception that free speech may be constrained by major technology companies. Authoritarian and illiberal regimes, meanwhile, probably will point to democracies’ embrace of these tools to justify their own repressive programs at home and malign influence abroad.
During the last decade, state sponsored hackers have compromised software and IT service supply chains, helping them conduct operations—espionage, sabotage, and potentially prepositioning for warfighting.
- A Russian software supply chain operation against a US-based IT firm exposed approximately18,000 customers worldwide, including enterprise networks across US Federal, state, and local governments; critical infrastructure entities; and other private sector organizations. The actors proceeded with follow-on activities to compromise the systems of some customers, including some US Government agencies.
Racially or Ethnically Motivated Violent Extremists
DVEs motivated by a range of ideologies that are not connected to or inspired by jihadi terrorist organizations like al-Qa‘ida and ISIS pose an elevated threat to the United States. This diverse set of extremists reflects an increasingly complex threat landscape, including racially or ethnically motivated threats and antigovernment or antiauthority threats.
Of these, violent extremists who espouse an often overlapping mix of white supremacist, neo-Nazi, and exclusionary cultural-nationalist beliefs have the most persistent transnational connections via often loose online communities to like-minded individuals and groups in the West. The threat from this diffuse movement has ebbed and flowed for decades but has increased since 2015.
- Violent extremists who promote the superiority of the white race have been responsible for at least 26 lethal attacks that killed more than 141 people and for dozens of disrupted plots in the West since 2015. While these extremists often see themselves as part of a broader global movement, most attacks have been carried out by individuals or small, independent cells.
- Australia, Germany, Norway, and the United Kingdom consider white racially or ethnically motivated violent extremists, including Neo-Nazi groups, to be the fastest growing terrorist threat they face.
- Both these and other DVEs, such as antigovernment or antiauthority extremists, are motivated and inspired by a mix of ideological, sociopolitical, and personal grievances against their targets, which have increasingly included large public gatherings, houses of worship, law enforcement and government facilities, and retail locations. Lone actors, who by definition are not likely to conspire with others regarding their plans, are increasingly choosing soft, familiar targets for their attacks, limiting law enforcement opportunities for detection and disruption.
© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.