Cybersecurity and cyberwarfare are major threats that neither companies nor the public sector are prepared for, said Richard A. Clarke in his morning keynote address to the World Conference on Disaster Management in Toronto. All too often, governmental IT officials have not properly discussed their systems with emergency managers and the fallout of any major shutdown could be catastrophic.
Clarke fears the results of any extended electrical or network outage. Many municipalities and organizations have generators that may provide a temporary solution, but what happens on day four? Day 7? Day 10? Operations may not return until the systems come back online and chaos could ensue.
Some have accused Clarke, and others who often express great concern over cyberwarface, of exaggerating the threat. Clarke acknowledged his critics, but believes he is by no means over-hyping the concerns that an unprepared nation should have.
“I like being wrong when I predict disasters,” he said, “but I think I’m right on this one.”
He added that in addition to discussing the realities of cyberattacks and cyberwar the world must begin promoting “cyberpeace” by developing some international accords and norms to follow as this increasingly becomes a more critical issue to the world.
As we have seen during the Russia/Georgia conflict and the Stuxnet attack that someone (*cough* Israel and the United States *cough*) carried out on Iran’s nuclear industry, this is a reality that all nations and companies will have to contend with in the future. So it would seem that it is past time for international bodies to set some clearer standards.
For those who haven’t been following the news in recent years, Richard Clarke has become a polarizing figure in Washington due to his harsh criticism of the Bush administration’s stance on counter-terrorism and decision to go to war with Iraq. He spent 30 years working under both Republican and Democratic commander in chiefs, but his no-holds-barred words — and those he received from the Bush White House — forever altered the way he is seen by many outsiders no matter their political leanings.
Regardless there is no questioning the man’s expertise and credentials on both terrorism and cybersecurity. He is a foremost expert about both and has increasingly been focused on the latter of late. And he more than proved that today while talking to an audience that, even with its expertise in emergency management, remains novice in its understanding of security.
Because he was so compelling — and some of the scenarios he described so frightening — I found myself listening more than taking notes and reporting. But below are some of the comments I posted to Twitter during the discussion, listed in reverse-chronological order.
UPDATE: I just came across this excellent breakdown of Clarke’s speech by Ken Simpson. Here he succinctly encapsulates Clarke’s four areas of cybersecurity threats.
Clark described 4 general areas of Cyber attack, suggesting that we could visualise these in terms of overlapping circles;
- Cyber Crime
- Suggested that this was ignored, and perhaps encouraged by certain Eastern European states
- I assume this is something they learned from the situation with the Mafia in Batista’s Cuba.
- Apparently these organised cyber crime cartels are generating revenues similar to drug cartels
- Cyber Espionage
- This is undertaken for profit at times, cyber industrial espionage.
- Also by sovereign states to steal national security secrets.
- Hacktivists
- In this case the hackers are aiming to prove that the target has weak security
- Also to promote their own political cause
- Cyber War
- This is the new phenomenon, and seems to be proliferating – the equivalent of a cyber arms race.
Clark described the US Cyber Command, headed up by a 4-star General, and including the US Navy’s 10th Fleet. This fleet does not have any ships, just a flotilla of attack software.
The disturbing part is that the aim of this cyber warfare is not just to damage the other guys computers – but by doing that to cause significant impacts in the real world.
You can follow me @RiskMgmt for more live updates from the WCDM over the next two days.
Fantastic website. Lots of helpful info here. I am sending it to several pals ans also sharing in delicious. And certainly, thank you for your effort!