Former counterterrorism official Richard Clarke, who once famously apologized to the families of the 9/11 victims by saying, "Your government failed you, those entrusted with protecting you failed you, and I failed you," is once again back in the headlines, this time for pointing out that America (and its major corporations) are woefully unprepared to fend off cyberattacks from terrorist groups and hostile nation-states like China.
Clarke was recently interviewed by Ron Rosenbaum for Smithsonian Magazine, primarily for an article that focuses on who Clarke believes was behind the Stuxnet cyberattack against Iran in late 2010. Clarke -- like many other security experts -- points the finger squarely at the U.S., hinting that America may have received some assistance from Israeli intelligence services. Here's a key Clarke quote about Stuxnet from Rosenbaum's article:
"I think it’s pretty clear that the United States government did the Stuxnet attack...I think there was some minor Israeli role in it. Israel might have provided a test bed, for example. But I think that the U.S. government did the attack and I think that the attack proved what I was saying in the book [which came out before the attack was known], which is that you can cause real devices—real hardware in the world, in real space, not cyberspace—to blow up."
Microsoft Technical Fellow Mark Russinovich writes about terrorists using cyberwarfare to destroy physical machinery in his fictional novel Zero Day, but it's clear that Stuxnet -- and possible successors like Duqu -- have turned fiction into reality. Several security experts have suggested that China was behind the cyberattack on security vendor RSA that netted information about RSA SecurID tokens, information which was then allegedly used to launch attacks against major defense contractors like Lockheed-Martin and Northrop-Grumman.
In addition to attacks against U.S. government agencies and defense contractors, Clarke believes that China has invested billions in an attempt to use cyberwarfare to steal secrets from U.S. companies, a strategy that Clarke says the U.S. government won't emulate. Clarke suggests that China's cyber-espionage efforts pose a significant long-term risk to US interests, mainly because China is leveraging cyberwarfare to steal trade secrets from US companies. Clarke told Rosenbaum that his "...greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese."
Rosenbaum's article presents a chilling outlook for US cybersecurity efforts, and should be a must-read for anyone involved in IT security.
What are your thoughts on the current state of cybersecurity? Feel free to add a comment to this blog post or contribute to the discussion on Twitter.