During his impressive career in public service, Richard Clarke was a State Department employee under the Reagan Administration, served as a national security advisor for the next three presidents and eventually became the so-called cybersecurity czar for President George W. Bush before stepping down in 2003. In the years since his retirement, Clarke has by no means gone quietly into the night. He was a vocal critic of his former employers in his testimony before the 9/11 Commission and would go on to release a 2004 book chronicling his perspective of the mismanagement of America's War on Terror.
Clarke grabbed headlines once again last week, asserting that Chinese hackers have successfully infiltrated every major American company and that the U.S. government was actually the original creator of the code behind the Stuxnet worm.
In an interview set to appear in the April edition of Smithsonian Magazine, Clarke elaborated on his view that the era of cyberwarfare is now upon us, and the U.S. is currently woefully underprepared to stave off attack.
"The U.S. government is involved in espionage against other governments," Clarke plainly stated. "There's a big difference, however, between the kind of cyberespionage the United States government does and China."
Citing his suspicions – or perhaps privileged knowledge – of data security breaches at Boeing Airlines and Microsoft, Clarke suggested that Chinese cybercriminals are primarily interested in gathering intellectual property and trade secrets to leverage against American corporations. This speculation has been in the air for some time now, especially in the wake of an Office of the National Counterintelligence Executive report released last October suggesting that $400 billion in U.S. research and development funding has been compromised as a result of Chinese and Russian cyberespionage.
"I'm about to say something that people think is an exaggeration, but I think the evidence is pretty strong. Every major company in the United States has already been penetrated by China," Clarke declared. "The British government actually said [something similar] about their own country."
While the implications of that statement are jarring in their own right, anxiety levels are climbing even higher at the crossroads of the public and private sectors where government contractors operate. For example, Clarke claims that the manufacturer of the U.S. military's next-generation F-35 fighter jet has already had its intellectual assets stolen. These brazen attacks could be just the tip of the iceberg, however.
The economics behind the U.S. government's massive trade deficit with China could also be compromising national security interests as well. With so many American companies relying on Chinese and other foreign suppliers for components of their IT infrastructures, Clarke fears that motivated cybercriminals could be planting "logic bombs" and Trojan horses in chips, routers and a variety of other hardware. Upon installation in American systems, foreign programmers could then remotely trigger an attack.
"My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts where we lose our competitiveness by having all of our research and development stolen by the Chinese," Clarke explained. "[If] company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China, after a while you can't compete."
While Clarke's concerns of the U.S. government's defensive posture are well-established, he had some interesting things to say about how the nation has been going on the cyberwarfare offensive.
Few stories have captivated the Internet security community in recent years quite like the Stuxnet computer worm that first made its presence felt in mid-2009. As Smithsonian Magazine noted, the virus' uniquely brilliant coding led to the disruption of physical operations at an Iranian nuclear fuel enrichment facility. As a result, Iran's nuclear ambitions could have been derailed by months or even years, government officials believe.
With such a high-profile target marking Stuxnet's first known attacks, suspicions abound as to who could have triggered the worm. Tense diplomatic relations have led some to assume that Israel may have the motive to fit the crime, and its close relationship with the United States could have allowed the small Middle Eastern nation to expand its resources. Clarke quickly cut through the confusion to submit his own theory.
"I think it's pretty clear that the United States government did the Stuxnet attack. I think there was some minor Israeli role in it," the former cybersecurity advisor explained. "Israel might have provided a test bed, for example, but I think that the U.S. government did the attack."
Clarke's calmly stated conclusion is sure to raise more than a few eyebrows in Washington, not to mention the global diplomatic community. Unfortunately for the U.S. government, there is likely no way to officially confirm or deny the veracity of Clarke's claims. As a result, the case will likely be left up to the court of public opinion. And within technological and diplomatic circles already predisposed to U.S. government skepticism or outright opposition, the words of a former high-ranking official will likely be more than enough to keep the fire burning.
What's more, Clarke's vision for the future of military conflict almost makes the Stuxnet conversation a footnote in a much larger discussion. According the the cybersecurity czar, the Iran incident has proven once and for all that cyber espionage can't be treated as some amorphous threat or ghost in the wires. When computer code can be designed to stop gas turbines from spinning in a hostile government's nuclear research facility, the face of warfare completely changes.
With cyberweapons proving capable of usurping military manufacturers' blueprints and disrupting naval communications, security personnel have an entirely new threat vector to address. And as these tools graduate from covert operations to mainstream strategies, the very definition of what constitutes an act of war may be forced to evolve.
Security News from SimplySecurity.com by Trend Micro