Director of National Intelligence James Clapper cyberattacks in his yearly congressional report on security threats facing the nation -- the Worldwide Threat Assessment of the U.S. Intelligence Community.
"We judge that there is a remote chance of a major cyberattack against U.S. critical infrastructure systems during the next two years that would result in long-term, wide-scale disruption of services, such as a regional power outage," Clapper told the United States Senate Select Committee on Intelligence and reported by CNet.
Clapper added that foreign intelligence and security services have penetrated computer networks operated by the government and the private sector.
"Most detected activity has targeted unclassified networks connected to the Internet, but foreign cyberactors are also targeting classified networks. Importantly, much of the nation's critical proprietary data are on sensitive but unclassified networks; the same is true for most of our closest allies," he said.
Clapper said attacks were more likely to emanate from less technically advanced "isolated state or nonstate actors" than from Russia or China, who were less likely to launch cyberstrikes during peacetime, said CNet.
Clapper also included hacktivists and cybercriminals in his list of potential threats.
"Most hacktivists use short-term denial-of-service operations or expose personally identifiable information held by target companies, as forms of political protest," he said. "However, a more radical group might form to inflict more systemic impacts -- such as disrupting financial networks -- or accidentally trigger unintended consequences that could be misinterpreted as a state-sponsored attack."
He said that cybercriminals were selling tools through a growing black market that could "enable access to critical infrastructure systems or get into the hands of state and nonstate actors." Interestingly, he added that "a handful of commercial companies sell computer intrusion kits on the open market," which governments and cybercriminals can deploy "to steal, manipulate, or delete information on targeted systems. Even more companies develop and sell professional-quality technologies to support cyberoperations--often branding these tools as lawful-intercept or defensive security research products. Foreign governments already use some of these tools to target U.S. systems." (CNet.com)