Cyberwar Threat At Code Red, Clarke Warns - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // CIO Insights & Innovation
Commentary
4/21/2010
11:00 AM
Alexander Wolfe
Alexander Wolfe
Commentary
Connect Directly
Facebook
Twitter
RSS
E-Mail
50%
50%

Cyberwar Threat At Code Red, Clarke Warns

Former counter-terrorism advisor Richard Clarke has a new book out, and it's scary stuff for all of us concerned about the national security of the United States. Scarier still, the alarms sounded by the book -- "Cyber War: The Next Threat to National Security and What to Do About It" -- aren't news to anyone who has even a minimal clue about the state of cybersecurity.

Former counter-terrorism advisor Richard Clarke has a new book out, and it's scary stuff for all of us concerned about the national security of the United States. Scarier still, the alarms sounded by the book -- "Cyber War: The Next Threat to National Security and What to Do About It" -- aren't news to anyone who has even a minimal clue about the state of cybersecurity.Long-story short, Clarke essentially raises the kinds of warnings which have been in the air for years, including recently in the Cyber Security Institute's report. That document raised alarms about whether government systems are adequately protected from emerging threats such as cybercriminal mobs in Eastern Europe or from the Chinese military.

Clarke's assessment is much blunter. The United States is at risk of have its power grid and communications networks taken out by a foreign power. Doubly scary is that fact that a bad-actor government wouldn't have to employ the ne plus ultra of hackers to do us damage. That's because we're pretty much completely unprotected, he warns.

Clarke also notes that things could get ugly if we are so attacked, because we would have to respond, possibly with a massive conventional military strike. (Ol' fashioned infantry would be necessitated because a damaged command and control infrastructure wouldn't support more sophisticated responses such as unmanned drones.)

On the plus side, the United States is not completely a sleeping giant on this stuff. I use the Pearl Harbor analogy deliberately, in making the point that missives like that from Clarke , who's an ex-government security official, after all, constitute differential confirmation that we're not taking this stuff lying down.

Proactive U.S. efforts were hinted at publicly last fall by former National Security Agency director Mike McConnell. Appearing on 60 Minutes, he leaked the previously undisclosed news that a series of power-grid outages in Brazil in 2005 and 2007 were caused by hackers. He also characterized a 2007 breach of U.S. Defense Dept. computers as our "electronic Pearl Harbor."

The good news, as I wrote at the time is that "whatever the Chinese and Russians are doing to us, we're doing to them, too. However, Jim Lewis, director of the Center for Strategic and International Studies, did make the point that the United States is the big target, and we've got a lot more to lose from cyberattacks than do our adversaries."

Going forward, my concerns are two-fold. First off, I understand that in a free society, it's difficult to get commercial companies, which are primarily focused on shareholder value, to expend the excessive efforts and funds required for serious security. I'm thinking here of the power companies, which are undoubtedly not only averse to the high cost of real security, but probably suffer from an institutional cluelessness as far as the technology of security. Add to that the fact that creaking physical power-distribution infrastructure is the utilities' first-order problem, and you've got a prescription for security exposure.

I should add that I expect that telecom providers are far less exposed on the security front, both because they're in the mainstream of networking technology and because security is an obvious necessity to them, completely apart from putative foreign cyberattacks.

Add to that the NSA tie in (that room in San Francisco) and you gotta figure that the telecom folks may be more locked down than we think. OTOH, they pose such a juicy target that attacks might be working that angle just that much harder. (This'd be an analogy to Windows-versus-Mac virus writers. As in, the bigger the bulls eye, the more attention you attract.)

So my second point is that that's the commercial side. What about the vulnerability of government networks? There's no excuse there, though there is a reason. It relates to institutional inertia and the laws of large systems -- both causes to despair.

All of which probably means that Clarke is pitching his warnings into the wind. But that doesn't mean we shouldn't listen.

An excerpt from Clarke's book is posted on the ABC News Good Morning America website, here. The publisher's Web page for the book is here.


Follow me on Twitter: (@awolfe58)


What's your take? Let me know, by leaving a comment below or e-mailing me directly at [email protected].


Like this blog? Subscribe to its RSS feed: (here)


 My videos on ( YouTube)


 Facebook 


  LinkedIn


Alex Wolfe is editor-in-chief of InformationWeek.com.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
The Best Way to Get Started with Data Analytics
John Edwards, Technology Journalist & Author,  7/8/2020
Slideshows
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
News
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll