Cyber War: The Next Threat to Our National Security and What to Do About It
© 2010 Richard Clarke, Robert Knake
Soon, the ultimate tool will become…the ultimate enemy! So said the 1982 trailer for Tron, a heavily dated computer film that comes to mind with every mention of “Cyber Warrior” here. The word sounds like a teenager flailing around in a 1990s mall wearing a bulky VR helmet. Whatever the awkwardness in adapting military terminology to the brave new digital world, however, the threat posed by war in cyberspace is real — both because of multitude of potential attack vectors, and because the United States has been such a boundlessly optimistic first-adopter that no nation on Earth is as exposed to digital attack. In Cyber War: The Next Threat to Our National Security, long-time security official Richard Clarke reviews how hacking can be used to utterly cripple the United States’ elaborately interconnected electrical and telecommunications infrastructure and briefs readers on how the military and government are attempting to get a handle on what to do next — and, given his status as an adviser to four presidents, he has suggestions of his own. Cyber War is filled with horror stories and dire predictions, but at root is a useful introduction to how increasingly fragile our digital world is becoming.
Although the United States has led the way in the adoption of the internet for military purposes — the internet was created for military purposes –the enthusiastic embrace of net integration by civilian infrastructure has made the United States one of the most vulnerable targets for cyber attack. Especially problematic is the fusion of the power grid and the internet; while it allows for convenient remote management , the connectedness of the grid itself means it is possible to disable one subsystem and force cascade failures on either the west or east coast. The absence of power doesn’t mean a few hours of going without the television, either, because a carefully-planned attack could cause physical damage to the generators themselves….and they are monstrous machines that would have to be laboriously rebuilt. Another vulnerable target is the financial system; not only could a disruptive attack aimed at that quarter destabilize the economy, if the public lost trust in digital dollars, outright paralysis might ensue.
Cyber attacks aren’t theoretical, either. Although China receives the most attention as a digital threat, Clarke contends that the Russians are (circa 2010) ahead of the pack, and points to havoc wreaked in Estonia and other Warsaw escapees when they courted Moscow’s wrath. Because the United States offers so many soft targets, both military and civilian, cyber warfare has an asymmetrical nature: America has a lot more to lose from cyberattacks and reprisals than either North Korea or China –- the former, because it has little in the way of functional systems to begin with, and the latter because they have a firebreak that can separate China’s internal internet from the global web. In a democratic system like the United States, that’s not an option.
Clarke proposes a cyber triad: secure the ‘trunks’, the main ISP lines through which everyone connects, using a filter to automatically scan for and deep-six malicious code; harden the power grid by distancing it from the main internet; and shore up the vulnerabilities of the military and government networks. The ISP security would be a private-public venture, with administration of the filter left to the ISPs themselves to head off the aspect of censorious abuse. Cyber War is only six years old, but the future is arriving more quickly these days. There is very little said about the danger of data collection, for instance, and cybersecurity firms are far more skeptical about the conventional viral-definitions approach Clarke endorses here. Cyber security is definitely a red-queen arms race..
The datedness aside, for those who have never considered the subject his review of how the internet basically works, highlighting its weak spots, will be most useful. There is the added attraction of watching successive governments become aware of and attempt to respond to the problem of IT security; Clarke had an inside view, serving in several administrations crossing party lines.He also proposes diplomatic action, a cyber version of SALT. The core of Clarke’s argument – that our systems, particularly our electrical grid, are vulnerable – remains intact, if not the particular defense he proposes — holds good, and the authors’ largely-jargon free if doom-laced style makes it an easy if alarming read. One thing that isn’t dated is the danger: a recent study indicated that the US government is still far behind in the realm of cybersecurity when ranked against IT firms, and to make matters worse it is in the same tier as the energy and telecommunicatons companies.