Gulliver, of the Inkspots blog, tweet earlier today an article published in the Boston Globe. In said article, Richard Clarke, also known as the Man Who Knew Too Much in the pre-September 11 days, predictor of the bin Laden attacks and ignored by the Administration, has a few recommendations about the readiness of our nation’s digital defenses. I was excited, until I saw the headline: Cyber weaknesses should deter US from waging war
Clarke said if he was advising the president he would warn against attacking other countries because so many of them — including China, North Korea, Iran and Russia — could retaliate by launching devastating cyberattacks that could destroy power grids, banking networks or transportation systems.
The U.S. military, he said, is entirely dependent on computer systems and could end up in a future conflict in which troops trot out onto a battlefield “and nothing works.”
Clarke said a good national security adviser would tell the president that the U.S. might be able to blow up a nuclear plant somewhere, or a terrorist training center somewhere, but a number of countries could strike back with a cyberattack and “the entire us economic system could be crashed in retaliation … because we can’t defend it today.”
“I really don’t know to what extent the weapon systems that have been developed over the last 10 years have been penetrated, to what extent the chips are compromised, to what extent the code is compromised,” Clarke said. “I can’t assure you that as you go to war with a cybersecurity-conscious, cybersecurity-capable enemy that any of our stuff is going to work.”
Oh my stars and garters. First of all, usual disclaimers that these are my personal opinions, not those of anyone I may be employed by. Now. Do I really need to explain to Mr. Clarke why his statement makes no sense? The use of computers has made our armed forces more mobile, agile, and accurate. It has not made them deadlier in my opinion. In fact, taking away the ability of our systems to, say, precisely pinpoint a target would probably be the dumbest thing an enemy could do. It’s not like we’ve lost the ability to just carpetbomb areas into submission, it’s just something that we honestly prefer not to do these days.
Also, it sounds like Mr. Clarke is vastly inflating the capabilities of the states he lists. Yes, China and Russia were called out recently for hacking into our systems to gain access to sensitive data for economic gain. But if you honestly think that there aren’t white hats on our side doing the same thing, then your dream world sounds like a lovely place to visit. Espionage is something that exists and always will exist so long as there are secrets that need to be protected. Why do you think we even have a Central Intelligence Agency?
But seriously. If the United States or one of our allies were to strike against an Iranian nuclear plant, which I am by the by not in favor of, I am extremely skeptical that Iran’s first thought will be “shut down the Interwebs in the U.S.” As Dan Trombly points out, Iran’s proxy capabilities are much more impressive than anything it has in the digital domain, and further, the entirety of the cybercapability we’ve seen from them has been in regards to domestic communication, not widespread hacking into infrastructure. China using it’s legion of “Netizen hackers” to counterbalance the offensive edge that we so clearly have on them would make sense and is the most credible of the states Clarke lists, but the PRC is light-years away from having that ability, no matter how lacking our defenses are.
Cyber-capabilities are impressive. Nobody is denying that fact. The hype around them though is stunning. I love science-fiction as much as the next person, and the future is in fact awesome as I find myself thinking every day. But the wild-mass guessing that goes into attempting to predict the full abilities that can and will be brought to bear in a conflict is more than a little ridiculous. The way that many writers and analysts put it, there’s a switch somewhere in various states that can be flipped in the event of war, where the various Trojan horses and malware on American systems can suddenly shut. down. everything. I can assure you that any use of cyberconflict in the coming years will look nothing like that. Disrupting communications, sending out false information and corrupting data, various levels of enhanced espionage, that’s what’s facing us, not preventing bombs from deploying or somehow crashing the US economy.
Further, this is a huge pet-peeve of mine, the acting like any instance of a cyber or digital attack would be completely beyond the conventional norms of warfare and that the US has absolutely no past models to draw on. Bull. Saying that we shouldn’t attack a country because they might retaliate against our digital infrastructure is akin to saying that we shouldn’t attack them because any of our assets may in turn be targeted. Which would make no sense, because that is how war is conducted: you strike, you attempt to block the oncoming counterstrike. If your defenses are lagging in one point? Then you build them up, but that doesn’t mean that your weakpoint completely negates your offensive capabilities. There are plenty of reasons to not launch a military strike, but concern over our computer networks is not one of them. Mr. Clarke needs to take it down a notch; advocating for more robust defense is fine, but hyperbole just weakens your arguments.