U.S. Cyber Terrorism Defense Needed, Says Security Expert
Cyber security expert Richard A. Clarke gave a bleak report to the crowd that gathered to listen to him at a recent ABA Standing Committee on Law and National Security event on cyber terrorism and the ability of the United States to protect itself from a widespread cyber attack.
He was unhesitating in his response to a question about whether Congress or the president should be the catalyst for a plan to create a nationwide defense against cyber terrorism: “The president would be a good start.”
Clarke – who has served three presidents as a senior White House advisor on global affairs, counterterrorism and cyber security issues – believes the time is now for this issue to be on the president’s radar.
“We spend hundreds of millions of dollars on anti-virus [programs] and firewalls…. It doesn’t work,” said Clarke, who explained that the designs for the F-35 were stolen before it even flew. Hackers infiltrated corporate information.
“If you have penetrated a network you can take the next step — destruction,” said Clarke.
He reminded the audience that at the time when Google admitted it had been hacked by Chinese entities, “We now know that 3,000 other American companies were hacked at that time.”
Hackers are not just interested in company files, they are also targeting power grids, railroads, banks and gas lines to cause mass destruction, panic and confusion.
“Everything in our society depends on computers,” said Clarke. “Any time any cyber war unit has tried to get into an air-gapped (a physically, electrically and electromagnetically isolated and secured) network, they’ve done it.”
Clarke said that both the Navy and Air Force have created “forces” and “fleets” that don’t have planes or ships. Instead, these special units fight in cyberspace. He recounted a conversation with an Air Force general who commented that while physical fitness is important to the armed forces, the next requirement is going to be the ability “to take down an electric power grid.”
When asked where he would start building a defense against cyber war, Clarke said securing the power grid would be item number one. Then he would move on to five or six key Internet service providers and require them to filter what’s moving across cyberspace. Yes, this would require regulation he said, but he estimated that if these ISPs were looking for particular packets of information and filtering for malware, they could stop 85 percent of cyber attacks.
Cyber security will be one of many topics covered during the ABA Standing Committee on Law and National Security’s fall conference: “20th Annual Review of the Field of National Security Law,” Nov. 4-5, 2010, in Washington, D.C.