Richard Clarke On The Growing 'Cyberwar' Threat

graphic representation of a computer network i i

Clarke says he would like to see a separate government Internet network that would be constantly monitored for signs of attack. iStockphoto.com hide caption

itoggle caption iStockphoto.com
graphic representation of a computer network

Clarke says he would like to see a separate government Internet network that would be constantly monitored for signs of attack.

iStockphoto.com

Richard Clarke served as a counterterrorism adviser to Presidents Bill Clinton and George W. Bush. He spent much of 2001 warning members of the Bush administration about the possibility of an impending al-Qaida attack.

Clarke has now turned his attention to another potential security catastrophe: computer-based terrorism attacks. In his new book, Cyberwar: The Next Threat to National Security and What to Do About It, he and co-author Robert Knake sketch out a scenario in which hackers could hypothetically cripple the United States from behind a computer screen.

Cyber War: The Next Threat to National Security and What to Do About It
By Richard Clarke and Robert K. Knake
Hardcover, 304 pages
Ecco
List price: $25.99
Read An Excerpt

"A cyberattack could disable trains all over the country," he tells Fresh Air host Terry Gross. "It could blow up pipelines. It could cause blackouts and damage electrical power grids so that the blackouts would go on for a long time. It could wipe out and confuse financial records, so that we would not know who owned what, and the financial system would be badly damaged. It could do things like disrupt traffic in urban areas by knocking out control computers. It could, in nefarious ways, do things like wipe out medical records."

Clarke says that cyberattacks can come from another country — or from a lone individual. Malicious code may infect a computer via a security flaw in a Web browser, or it could be distributed through secret back doors built into computer hardware. And though the government has set up security measures to protect military and intelligence networks, he worries that not enough is being done to protect the private sector — which includes the electrical grid, the banking system and our health care records.

"The Pentagon is all over this," he says. "The Pentagon has created a four-star general command called Cyber Command, which is a military organization with thousands of people in it to go to war using these [cyber]weapons. And also, Cyber Command's job is to defend the Pentagon. Now, who's defending us? Who's defending those pipelines and the railroads and the banks? The Obama administration's answer is pretty much, 'You're on your own,' that Cyber Command will defend our military, Homeland Security will someday have the capability to defend the rest of the civilian government — it doesn't today — but everybody else will have to do their own defense. That is a formula that will not work in the face of sophisticated threats."

Richard A.. Clarke

Richard Clarke resigned from the Bush administration in 2003. He served as the national coordinator for counterterrorism in the Clinton and George W. Bush administrations — and was the special adviser to President Bush on cybersecurity. Mark Wilson/Getty Images hide caption

itoggle caption Mark Wilson/Getty Images

Clarke says that one common attack is for hackers to take over a series of home computers through backdoor security exploits. For example, malicious software can be downloaded onto a hard drive after you accidentally visit a compromised website. Your computer can then be used in conjunction with other compromised computers to engage in a large-scale attack. The average computer user may not realize when their computer has been drafted into a cyberattack.

"Maybe your computer will be running a little slowly that day," he says. "Maybe your bandwidth won't look like it's normal. But while you're doing your e-mails, your computer could be sending out denial of service attacks as part of a million other computers all trying to knock off a bank."

There are ways to make your computer less vulnerable to one of these attacks. Clarke recommends never using your work computer at home, where it may be unintentionally compromised by another member of your family. And, he says, make sure your online banks have more than just a password for security protection.

"Good hackers can get through any password," he says. "If you're going to buy things online, have a credit card for that purpose with a low credit limit. Don't do banking or stockbrokering online and have a lot of money at risk — unless your stockbroker gives you more than just a password — a two-step process for getting in. It won't just be a name and password."

Clarke now heads a security consulting firm in Virginia and is a contributor to ABC News. He also teaches at Harvard's Kennedy School of Government. His 2004 memoir is entitled Against All Enemies: Inside America’s War on Terror. He is also the author of Your Government Failed You: Breaking the Cycle of National Security Disasters and The Scorpion's Gate.

Excerpt: 'Cyber War: The Next Threat To National Security And What To Do About It'

Cover Detail: Cyber War: THe Next Threat to National Security And What To Do About It
Cyber War: The Next Threat to National Security and What to Do About It
By Richard Clarke and Robert K. Knake
Hardcover, 304 pages
Ecco
List price: $25.99

Introduction

It was in the depths of a gray and chill Washington winter. On a side street not far from Dupont Circle, in a brownstone filled with electric guitars and an eclectic collection of art, we gathered to remember the man who had taught us how to analyze issues of war and defense. Two dozen of his former students, now mostly in their fifties, drank toasts that February night in 2009 to Professor William W. Kaufmann, who had died weeks earlier at age ninety. Bill, as everyone referred to him that night, had taught defense analysis and strategic nuclear weapons policy at MIT for decades, and later at Harvard and the Brookings Institution. Generations of civilian and military "experts" had earned that title by passing through his courses. Bill was also an advisor to six Secretaries of Defense, sitting in the "front office" on the E Ring of the Pentagon. He shuttled between Boston and Washington every week for decades.

Behind his back, some of us had referred to Professor Kaufmann as "Yoda," in part because of a vague physical and stylistic resem­blance, but chiefly because we thought of him as our Jedi master, the man who understood the workings of the Force and tried to teach them to us. As an analyst and advisor, Bill had been one of a hand­ful of civilians who had created the framework of strategic nuclear war doctrine in the late 1950s and early 1960s. They had walked the United States back from a nuclear strategy that had called for the United States to go first in a nuclear war, to use all of its nuclear weapons in one massive attack, and to destroy hundreds of cities in Europe and Asia. Bill and his colleagues had probably prevented a global nuclear war and had made strategic arms control possible. Our conversation that night, lubricated by the same martinis Bill used to drink with us, turned to the future. What could we do to honor the memory of William W. Kaufmann and the other strate­gists of the second half of the twentieth century? We could, someone suggested, continue their work, use what Bill had taught us, ask the tough analytical questions about today's strategy. Another at the table suggested that today is very different from the 1950s, when nuclear weapons were being deployed without a thoughtful strategy; strategies are well developed today.

But is it such a different time? In the first decade of the twenty­ first century, the U.S. developed and systematically deployed a new type of weapon, based on our new technologies, and we did so with­out a thoughtful strategy. We created a new military command to conduct a new kind of high ­tech war, without public debate, media discussion, serious congressional oversight, academic analysis, or international dialogue. Perhaps, then, we are at a time with some striking similarities to the 1950s. Perhaps, then, we need to stimulate learned discussion and rigorous analysis about that new kind of weapon, that new kind of war.

It is cyberspace and war in it about which I speak. On October 1, 2009, a general took charge of the new U.S. Cyber Command, a military organization with the mission to use information technology and the Internet as a weapon. Similar commands exist in Russia, China, and a score of other nations. These military and intelligence organizations are preparing the cyber battlefield with things called "logic bombs" and "trapdoors," placing virtual explosives in other countries in peacetime. Given the unique nature of cyber war, there may be incentives to go first. The most likely targets are civilian in nature. The speed at which thousands of targets can be hit, almost anywhere in the world, brings with it the prospect of highly volatile crises. The force that prevented nuclear war, deterrence, does not work well in cyber war. The entire phenomenon of cyber war is shrouded in such government secrecy that it makes the Cold War look like a time of openness and transparency. The biggest secret in the world about cyber war may be that at the very same time the U.S. prepares for offensive cyber war, it is continuing policies that make it impossible to defend the nation effectively from cyber attack.

A nation that has invented the new technology, and the tactics to use it, may not be the victor, if its own military is mired in the ways of the past, overcome by inertia, overconfident in the weapons they have grown to love and consider supreme. The originator of the new offensive weaponry may be the loser unless it has also figured out how to defend against the weapon it has shown to the rest of the world. Thus, even though the American colonel Billy Mitchell was the first to understand the ability of small aircraft to sink mighty battleships, it was the Japanese Imperial Navy that acted on that understanding, and came close to defeating the Americans in the Pacific in World War II. It was Britain that first developed the tank, and a French colonel, Charles de Gaulle, who devised the tactics of rapid attack with massed tanks, supported by air and artillery. Yet it was a recently defeated Germany that perfected the tank in the 1930s and first employed de Gaulle's tactics, which later became known as blitzkrieg. (As recently as 1990, and again in 2003, the U.S. military went to war with an updated version of the seventy­-year­-old blitzkrieg tactic: fast movement of heavy tank units, supported by aircraft.)

Warmed by the camaraderie of my fellow ex­-students, and by the martinis, I left the brownstone and wandered out into that cold night, pondering this irony of history, and making a commitment to myself, and to Bill, that I would try to stimulate open, public analysis and discussion of cyber-war strategy before we stumbled into such a conflict. This book is the down payment on that commitment. I knew that I needed a younger partner to join me in trying to understand the military and technological implications of cyber war well enough to produce this book. Different generations think of cyberspace differently. For me, looking at my sixtieth birthday in 2010, cyberspace is something that I saw gradually creep up around me. It happened after I had already had a career dealing with nuclear weapons, in a bipolar world. I became the first Special Advisor to the President for Cyber Security in 2001, but my views of cyber war are colored by my background in nuclear strategy and espionage.

Rob Knake was thirty when he and I wrote this book. For his generation, the Internet and cyberspace are as natural as air and water. Rob's career has focused on homeland security and the transnational threats of the twenty-­first century. We have worked together at Harvard's Kennedy School of Government, at Good Harbor Con­sulting, and on the Obama for America campaign. In 2009, Rob won the prestigious International Affairs Fellowship at the Council on Foreign Relations with an appointment to study cyber war. We decided to use the first­ person singular in the text because many times I will be discussing my personal experiences with government, with the information ­technology industry, and with Washington's clans, but the research, writing, and concept development were a joint enterprise. We have wandered around Washington and other parts of this country together in search of answers to the many questions surrounding cyber war. Many people have helped us in that search, some of them wishing to remain unnamed in this book because of their past or present associations. We had spent long hours discussing, debating, and arguing until we found a synthesis of our views. Rob and I both agree that cyber war is not some victimless, clean, new kind of war that we should embrace. Nor is it some kind of secret weapon that we need to keep hidden from the daylight and from the public. For it is the public, the civilian population of the United States and the publicly owned corporations that run our key national systems, that are likely to suffer in a cyber war.

While it may appear to give America some sort of advantage, in fact cyber war places this country at greater jeopardy than it does any other nation. Nor is this new kind of war a game or a figment of our imaginations. Far from being an alternative to conventional war, cyber war may actually increase the likelihood of the more tra­ditional combat with explosives, bullets, and missiles. If we could put this genie back in the bottle, we should, but we can't. Therefore, we need to embark on a complex series of tasks: to understand what cyber war is, to learn how and why it works, to analyze its risks, to prepare for it, and to think about how to control it.

This book is an attempt to begin to do some of that. It is not a technical book, not meant to be an electrical engineer's guide to the details of cyber weapons. Nor is it designed to be a Washington wonk's acronym­filled, jargon­encrusted political or legal exegesis. Finally, it is also definitely not a military document and not writ­ten to be immediately translatable into Pentagonese. Therefore, some experts in each of those fields may think the book simplistic in places where it discusses things they understand and opaque in parts that stretch beyond their expertise. Overall, we have tried to strike a balance and to write in an informal style that will be both clear and occasionally entertaining. Lest you take too much comfort in those assurances, however, it is necessary in a book on this subject to discuss the technology, the ways of Washington, as well as some military and intelligence themes. Likewise, it is impossible to avoid entirely the use of acronyms and jargon, and therefore we include a glossary (starting on page 281).

I have been taught by senior national security officials for decades never to bring them a problem without also suggesting a solution. This book certainly reveals some problems, but it also discusses po­tential solutions. Putting those or other defenses in place will take time, and until they are a reality, this nation and others are running some new and serious risks to peace, to international stability, to internal order, and to our national and individual economic well­-being.

From Cyber War: The Next Threat To National Security And What To Do About It Copyright 2010 by Richard Clarke and Robert K. Knake, published by Harper Collins.

Books Featured In This Story

Cyber War

The Next Threat to National Security and What To Do About It

by Richard A. Clarke and Robert K. Knake

Hardcover, 290 pages | purchase

Purchase Featured Book

Title
Cyber War
Subtitle
The Next Threat to National Security and What To Do About It
Author
Richard A. Clarke and Robert K. Knake

Your purchase helps support NPR Programming. How?

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and Terms of Use. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.