The U.S. Director National Intelligence says the public and private sectors in the U.S. are at continual risk and the country should expect cyber attacks from nation state and non-state actors. Credit: Thinkstock The United States’ cybersecurity in both the public and private sectors is at continual risk, according to Director of National Intelligence (DNI) Daniel R. Coats. And the country should expect attacks from both nation state and non-state actors.Furthermore, the “potential for surprise” will continue to increase as billions more devices are connected to the internet with little or no security, Coats said. He also called out the attacks that occurred on the infrastructure of the Ukraine and Saudi Arabia in 2017 and said such an attack is possible against the U.S. and its allies.Coats shared his thoughts on the state of affairs with respect to threat to the U.S. with the Senate Select Committee on Intelligence (SSCI) on Feb. 13, 2018. The open session saw the leadership of the U.S. intelligence community answering questions from members, which could be answered in an open and unclassified forum. The SSCI’s classified session occurred in the afternoon behind closed doors in the classified information sector of the Capitol building.Nation state cyber threats to the U.S.When it comes to nation states that pose a significant risk to the U.S., the threats have not changed. Russia, China, Iran, and North Korea lead the list. Additionally, three of those states — Russia, Iran, and North Korea — “are testing more aggressive cyber-attacks.” Coats discussed these specific nation-state threats:Russia – The intelligence apparatus of Russia will continue to “disseminate false information” using Russia controlled media and “covert online personas.” The purpose of the Russian activities will be to generate “anti-U.S. political views.” With Ukraine being the primary recipient of enhanced Russian cyber capabilities, the Russians can be expected to enhance and increase their activities with respect to infrastructure and companies which support infrastructure.China – The global reach of China continues, as does its need to enable domestic industry through acquisition of intellectual property and capability to assist their active foreign and domestic policies. During 2017, most detected cyber operations were focused on cleared defense contractors and companies that supported public and private networks worldwide.Iran – Coats called out the interest of Iran to penetrate U.S. and allied networks for espionage and to position technology within networks for use in future conflicts. Of particular note is the methodology of penetrating and destroying data, via exfiltrating data, as evidence in the Iranian attacks on Saudi Arabia and Israel.North Korea – The use of cyber technologies to harvest crypto currencies will continue as a means to collect sorely needed foreign exchange credits. In addition, the North Koreans can be expected to launch a range of offensive weapons to include DDoS, data deletion, and ransomware.Non-state cybersecurity threatsNon-state actors, such as criminals and terrorists, will continue to demonstrate their capacity via cyber operations, which will put at risk the personal identifying information, denial of services and for-profit crimes. Alarmingly, Coats’ prognosis of 2017 continues to apply in 2018, and he says the line between nation state actors and non-nation state actors will blur in 2018. Related content news analysis China’s MSS using LinkedIn against the U.S. The head of the U.S. National Counterintelligence and Security Center says China's MSS is using social networks, specifically LinkedIn, to target, access, and recruit U.S. sources. By Christopher Burgess Aug 31, 2018 4 mins Social Engineering Cybercrime Security news analysis Tesla insider with expired NDA spills the tech beans A former Tesla engineer with an expired non-disclosure agreement (NDA) shared inside technical information on an obscure forum, which was quickly shared across multiple social media platforms. By Christopher Burgess Aug 30, 2018 3 mins Risk Management Security news analysis Horizon Air tragedy highlights airline insider threat vulnerability The ease at which a Horizon Air employee was able to steal and crash a Bombardier Q400 turboprop will likely prompt airlines to develop an insider threat mitigation strategy to close this vulnerability. By Christopher Burgess Aug 13, 2018 4 mins Security news analysis How did the TimeHop data breach happen? Compromise of an employee's credentials, lack of multi-factor authentication, and weak insider threat analysis all played a factor in the recent TimeHop data breach in which 21 million user accounts were compromised. By Christopher Burgess Aug 10, 2018 4 mins DLP Software Analytics Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe