Blackouts hit New York, Los Angeles, Washington and more than 100 other American cities. Subways crash. Trains derail. Airplanes fall from the sky. Gas pipelines explode. Chemical plants release clouds of toxic chlorine. Banks lose all their data. Weather and communication satellites spin out of their orbits. And the Pentagons classified networks grind to a halt, blinding the greatest military power in the world.
This might sound like a takeoff on the 2007 Bruce Willis Die Hard movie, in which a group of cyberterrorists attempts to stage what it calls a fire sale: a systematic shutdown of the nations vital communication and utilities infrastructure. According to the former counterterrorism czar Richard A. Clarke, however, its a scenario that could happen in real life and it could all go down in 15 minutes. While the United States has a first-rate cyberoffense capacity, he says, its lack of a credible defense system, combined with the countrys heavy reliance on technology, makes it highly susceptible to a devastating cyberattack.
The United States is currently far more vulnerable to cyberwar than Russia or China, he writes. The U.S. is more at risk from cyberwar than are minor states like North Korea. We may even be at risk some day from nations or nonstate actors lacking cyberwar capabilities, but who can hire teams of highly capable hackers.
Lest this sound like the augury of an alarmist, the reader might recall that Mr. Clarke, counterterrorism chief in both the Bill Clinton and George W. Bush administrations, repeatedly warned his superiors about the need for an aggressive plan to combat al Qaeda with only a pallid response before 9/11. He recounted this campaign in his controversial 2004 book, Against All Enemies.
Once again, there is a lack of coordination between the various arms of the military and various committees in Congress over how to handle a potential attack. Once again, government agencies and private companies in charge of civilian infrastructure are ill prepared to handle a possible disaster.
In these pages Mr. Clarke uses his insiders knowledge of national security policy to create a harrowing and persuasive picture of the cyberthreat the United States faces today. Mr. Clarke is hardly a lone wolf on the subject: Mike McConnell, the former director of national intelligence, told a Senate committee in February that if we were in a cyberwar today, the United States would lose.
There is no federal agency that has the mission to defend the banking system, the transportation networks or the power grid from cyberattack. In fact, The Wall Street Journal reported in April 2009 that the United States electrical grid had been penetrated by cyberspies (reportedly from China, Russia and other countries), who left behind software that could be used to sabotage the system in the future.
For more than a decade now, Mr. Clarke has been warning about an electronic Pearl Harbor, and he is familiar with the frustrations of a political bureaucracy. He notes that pressure from both the right and left over the hot-button issues of regulation and privacy have made it difficult for the government to get individual corporations (which control vital services like electricity, Internet access and transportation) to improve their ability to defend themselves against cyberattack.
Meanwhile, Mr. Clarke says, China has developed the ability to disconnect all Chinese networks from the rest of the global Internet, something that would be handy to have if you thought the U.S. was about to launch a cyberwar attack on you. After the first gulf war, he explains, the Chinese began to downsize their military which reportedly has about one-eighth of the Pentagons budget (before adding in the costs of the wars in Afghanistan and Iraq) and invest in new technologies, which they believed could give them an asymmetric advantage over the United States, despite Americas overwhelming conventional arsenal.
The United States lack of an effective cyberdefense system, Mr. Clarke ominously warns, will tempt opponents to attack in a period of tensions, and it could also tempt America to take pre-emptive action or escalate a cyberconflict very rapidly if attacked. Were such a war to start, it could easily jump international boundaries, causing cascades of collateral damage to unspool around the world.
How best to address this alarming situation? Mr. Clarke reports that a 2009 meeting of some 30 cyberspace old hands former government officials, current bureaucrats, chief security officers of major corporations, academics and senior information technology company officials came to the conclusion that critical infrastructure should be separated from the open-to-anyone Internet. They also came out in favor of more government involvement in cyber research and development and a heightened emphasis on building resilience into systems so as to enable recovery, post-attack.
