Counterterrorism Expert Calls for New National Cyber Defense Policy
Story Number: NNS100901-14
By Barbara Honegger, Naval Postgraduate School Public Affairs
MONTEREY, Calif. (NNS) -- A lecture about the national cyber defense policy to reduce the likelihood of a catastrophic cyber event was held at the Naval Postgraduate School (NPS) in Monterey, Calif., Aug. 17.
Richard Clarke, the former national coordinator and special assistant for counterterrorism, security, global affairs and cyber warfare, gave two lectures on the subject of his latest book, "Cyber War: The Next Threat to National Security and What to Do About It."
"When historians look back at this period, what are they going to say were the really important changes that were going on?" said Clarke. "I think they're going to say that this was a time when a new form of warfare – cyber warfare – came into its own."
"Though the U.S. leads in cyber warfare - we invented it in terms of offense," said Clarke. "We're also the nation with the highest dependence on cyberspace in the world and only ten percent of our chips are from trusted fabricators. Because our critical infrastructure so heavily depends on computer networks and because of the open nature of our society, we're highly vulnerable to cyber attack while also being relatively weak in cyber defense."
Clarke asked the attendees if they would go into a football game with just an offense and no defense.
"Of course not, but today in this country, that's the situation we find ourselves in," said Clarke. "The mission of the new U.S. Cyber Command is to defend the .mil environment, and [the] Homeland Security [Department] defends the .gov domain but there is currently no organization to oversee the civilian-corporate private sector .com's that run the nation's critical infrastructure."
Clarke described how much there is to defend against in stark terms and took pains to distinguish cyber warfare from cyber crime and cyber espionage.
"Cyber espionage is essentially new – it didn't happen 15 years ago," said Clarke. "Today, cyber spies and cyber thieves don't just read or steal a few pages or documents a week like Aldrich Ames or Robert Hansen. They take out terabytes – measured in entire 'Libraries of Congress' of information – all remotely at a distance, like cyber predators. Every major government department including the military and every major private enterprise in this country and the world has been hacked, and can hack each other, and they're sophisticated attacks."
Clarke warned his audience about "the arm that can come out of the computer" and wreak damage, disruption and destruction by breaching the firewalls designed to separate the cyber and real worlds. This describes scenarios where computer programs are used to automate the command and control functions of our critical infrastructure systems like gas pipelines, railroads, the stock market and mass communications. When an adversary moves from cyber espionage to cyber warfare, it can be done on line with a few key strokes.
"Once you're there [inside an enemy system], you can issue electronic commands to open or close valves causing pipeline explosions and refinery fires; change the RPMs on huge generators causing them to fly apart; cause more power to go down high tension lines than they can safely carry; order trains to derail; and trigger chaos in the stock market, 70 to 80 percent of whose trades are now done by computerized buy-sell programs," said Clarke.
The Navy recently reconstituted 10th Fleet, the former World War II anti-submarine warfare fleet in the Atlantic, which is now the Navy's cyber command. Likewise, the Air Force reconstituted the 24th Air Wing as its cyber command. Both components report to the U.S. Cyber Command, which stood up Oct. 1, 2009, at Fort Meade, Md.
Clarke said the decision makers and the public need to admit that there are vulnerabilities and discuss publicly what the nation's cyber defense policy should be. Clarke believes the nation's cyberspace defense should be run by the private sector in partnership with Homeland Security and with expertise and advice from the National Security Agency (NSA) and U.S. Cyber Command.
Clarke stated that there was little or no evidence of cyber terrorism and that the concept is unlikely as terrorist organizations are dependent on information technology to carry out operations.
According to Clarke, between 20 and 30 countries now have cyber warfare commands. He noted that the most recent example of cyber war was a Russian-initiated cyber attack on the Georgian critical infrastructure, remotely coordinated from a server in Brooklyn, N.Y., prior to the physical attack.
"Most countries would agree to sign a treaty not to attack each other's international financial and banking system networks," said Clarke. "They don't want to cross that Rubicon, or the entire international banking system could go down. We have an international regime for cyber crime, and we need one for cyber war – to rule out some things globally."
"This is such an important topic, and students here are such a key group – the future of the career military – to engage in this critical national policy debate on cyber defense," said Marine Corps Capt. Anna Noyne, national security affairs student and foreign area officer, following Clarke's presentation.
"So it's fantastic that Mr. Clarke is doing this here at NPS," said Noyne. "He can pick and choose where he goes, and it shows how important it is that the military be aware of this. He was right before [in warning of the danger of a terrorist attack before 9/11] when he said it could happen here, and we didn't pay attention. We have to pay attention now. This time, we have to take his warning seriously, and we have to act on it."
Clarke's talks were sponsored by the NPS Foundation, whose executive director, retired Rear Adm. Merrill Ruck, served with Clarke in 1990-91. Clarke currently teaches at Harvard University's Kennedy School of Government, is an on-air consultant for ABC News and is a partner in Good Harbor Consulting, LLC located in the Washington, D.C., area. Good Harbor advises clients on a wide range of issues including counterterrorism, corporate security risk management, information security technology and dealing with the federal agencies on security and information technology issues.
|Join the GlobalSecurity.org mailing list|