- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - In his new book, Cyber War, Richard Clarke says nations are building up their online armies and weapons largely far from public view, increasing the danger of a deliberate or accidental cyberwar, which in turn could trigger violent conflicts across the globe.
"Cyber war has already begun," Clarke writes. "In anticipation of hostilities, nations are already preparing the battlefield.' They are hacking into each other's networks and infrastructures, laying in trapdoors and logic bombs -- now, in peacetime. This ongoing nature of cyberwar, the blurring of peace and war, adds a dangerous new dimension of instability."
The United States, he says, has a weak cyber-defense posture and should make radical changes, such as regulating ISPs to be able to play a role, under government supervision, in defending the country should a serious cyberattack strike.
Clarke, turning 60 this year, served as special advisor to the president for cyber security in 2001 and now teaches at Harvard's Kennedy School for Government and works at Good Harbor Consulting. He tapped Robert Knake, international affairs fellow at the Council on Foreign Relations, with a specialty studying cyberwar, as co-author of the new book, expected out April 20. (See exclusive excerpt here.)
But Cyber War at heart is Clarke's passionate view on the dangers lurking just below the surface and what steps might be taken to prevent cyberwar. With a background decades ago in nuclear arms control and espionage in the Cold War, he compares that era with today's secretive world of military cyber commands operating over the Internet where attacks, such as disruptive denial-of-service attacks, break-ins and dangerous Trojans that could steal or alter data, are extremely difficult to trace back to their source.
"The force that prevented nuclear war -- deterrence -- does not work well in cyber war," Clarke says. "The entire phenomenon of cyber war is shrouded in such government secrecy that it makes the Cold War look like a time of openness and transparency."
With considerable detail, Clarke and Knake render vivid accounts of how significant waves of cyberattacks in the past few years have hit Estonia, Georgia, South Korea and the United States, among other places, and why some in particular bear the hallmarks of state-sponsored efforts to disrupt an adversary's Internet-based banking, media and government resources.
It's known that the United States, China, Russia, North Korea, Israel, France and others have established cyber military structures to serve as both offense and defense in any cyber conflict. But though the United States likely has the best cyberwar capabilities in the world, "that offensive prowess cannot make up for the weaknesses in our defensive position," Clarke contends.
Because the United States is the most Internet-dependent and automated in terms of supply chain, banking, transportation-control systems and other modern facilities, it's also the most vulnerable to cyberattack, Clarke argues. And the military's dependence on the Internet also means it would be vulnerable to disruptions of it.
"The U.S. military is no more capable of operating without the Internet than Amazon.com would be," Clarke says. "Logistics, command and control, fleet positioning -- everything down to targeting -- all rely on software and other Internet-related technologies."
On the other hand, he sees China with an advantage because its military aims to guard both enterprise and government resources, plus the Chinese government basically controls the Chinese Internet outright in many ways. "The Chinese government has both the power and the means to disconnect China's slice of the Internet from the rest of the world, which they may very well do in the event of a conflict with the United States," he writes
The United States has made the U.S. Cyber Command responsible for defending Department of Defense systems and the Department of Homeland Security responsible for defending civilian government agencies in any cyberattack. But Clarke sees a "cyber gap" in protecting business networks, including banking systems and the electric grid.
Electric power grids are a central source of concern for Clarke because he believes that countries are secretly placing logic bombs -- malicious software hidden away that could be activated to cause power failures -- in each other's power grids. These logic bombs (Clarke's book fails to provide us with concrete examples) might be activated as an act of cyberwar, but might just as easily go off in different scenarios, such as by mistake or by a hacker discovering them and triggering them.
Logic bombs bringing down power grids could inordinately harm civilians through massive loss of electrical supply, and this is a topic that needs to be publicly addressed, Clarke says. He also argues it's time the United States consider establishing international treaties aimed at banning cyberwar against civilian infrastructures.
Clarke writes: "The main reason for a ban on cyber war against civilian infrastructures is to defuse the current (silent but dangerous) situation in which nations are but a few keystrokes away from launching crippling attacks that could quickly escalate into a large-scale cyber war, or even a shooting war. The logic bombs in our grid, placed there in all likelihood by the Chinese military, and similar weapons the U.S. may have or may be about to place in other nations' networks, are as destabilizing as if secret agents had strapped explosives to transmission towers, transformers and generators.