The April issue of Smithsonian Magazine focuses on Richard Clarke, a man who has served as the "counterterrorism czar" under three presidential administrations. In the feature, Clarke makes some strong claims, the most notable of which are that every U.S. company has been penetrated by China through cyberspace and remains vulnerable to attack, and that the United States made and launched the infamous Stuxnet worm.
Clarke, who is famously known for warning the White House to expect a "spectacular attack on American soil" from Al Qaeda and after 9/11 said "Your government failed you," is now issuing another warning. Ron Rosenbaum for Smithsonian writes:
Clarke now wants to warn us, urgently, that we are being failed again, being left defenseless against a cyberattack that could bring down our nation’s entire electronic infrastructure, including the power grid, banking and telecommunications, and even our military command system.
“Are we as a nation living in denial about the danger we’re in?” I asked Clarke as we sat across a conference table in his office suite.
“I think we’re living in the world of non-response. Where you know that there’s a problem, but you don’t do anything about it. If that’s denial, then that’s denial.”
Who is it we should be most afraid of when it comes to cyber attacks? According to Clarke: China. He said that the countless amount of electronic material imported by the U.S. from China could be implanted with "'logic bombs,' trapdoors and 'Trojan horses'”:
“I’m about to say something that people think is an exaggeration, but I think the evidence is pretty strong,” he tells me. “Every major company in the United States has already been penetrated by China.”
Clarke's greatest fear is not a virtual takedown but that the U.S. will lose its competitiveness through these bugs:
"[...] rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China....After a while you can’t compete.”
Smithsonian also reports Clarke as attributing the creation and deployment of the Stuxnet worm, which foiled some of Iran's nuclear program, to U.S. officials with some minor role played by Israel. When Rosenbaum asked the White House for a comment on this accusation, it said "[...] we don’t comment on classified intelligence matters.” Rosenbaum takes this as not a denial. But what is some of Clarke's reasoning for pointing a finger at the U.S. for the worm? Smithsonian has more:
One reason to believe the Stuxnet attack was made in the USA, Clarke says, “was that it very much had the feel to it of having been written by or governed by a team of Washington lawyers.”
“What makes you say that?” I asked.
“Well, first of all, I’ve sat through a lot of meetings with Washington [government/Pentagon/CIA/NSA-type] lawyers going over covert action proposals. And I know what lawyers do.
“The lawyers want to make sure that they very much limit the effects of the action. So that there’s no collateral damage.” He is referring to legal concerns about the Law of Armed Conflict, an international code designed to minimize civilian casualties that U.S. government lawyers seek to follow in most cases.
Gizmodo states that Clarke could very well be exaggerating some of his claims. Clarke did recently publish a book called "Cyber War", which covers much of what is included in the Smithsonian interview in more detail. Business Insider also points out that Clarke, who served in government intelligence for more than 30 years before starting his own security firm in Virginia, could be trying to boost his business with some of these accusations, but it states "why wouldn't China do this to give itself the advantage in a face-off with the U.S. military?" Good question. It also shouldn't be forgotten that Clarke correctly predicted the attacks that occurred on 9/11.
Rosenbaum's interview with Clarke was lengthy and there are even more details in the magazine. Read more here.
[H/T IEEE Spectrum]