"In the age of cyberspace, an Iranian cyber-force could attack within the United States from Tehran" without reliance on Hizballah, said former national security official Richard Clarke in a speech Friday.
Having co-authored "Cyber War: The Next Threat to National Security and What to do About It," with Robert K. Knake, Clarke presented a grim picture of the national security threats facing the United States from the open Internet. Speaking before a packed room at the Army-Navy Club in Washington, Clark discussed three evolving threats: cyber-crime, cyber-espionage, and cyber-war; and how they are all intertwined.
The expansion of the Internet has created "cyber-crime sanctuary countries," based largely in Eastern Europe, from which criminals have raked in billions of dollars. Clarke suggests that more can and should be done to combat this threat, arguing that global enforcement and sanctions may be necessary to curb the expansion of this threat.
Similar to the way that the Internet has expanded criminal enterprises, it has revolutionized espionage. Unlike during the Cold War, Clarke explained, there is a very favorable risk-to-reward ratio for cyber-espionage. Only by recognizing this threat, and understanding that massive amounts of information are being made publicly available to our enemies, can the United States begin to craft an effective counter-espionage policy for the 21st century.
Finally, Clarke discussed cyber-war, which he described as being only a "few keystrokes away" from cyber-espionage. As seen in Estonia in 2007 and Georgia in 2008, nation-states already have the capability to launch large scale attacks against foreign military and civilian infrastructures.
The most recent STUXNET virus plaguing the Iranian nuclear program is another demonstration of the drastic impact that cyber-war can have on infrastructure.
Recognizing this threat, Clarke argued that the United States needs to ramp up its defensive capabilities to be on par with its already world-class offensive cyber-war capabilities. First and foremost in this effort, the United States needs to focus resources and policy on protecting private companies running critical infrastructure: power plants, trains, pipelines, etc.
This past week the Department of Defense announced that it is expanding cooperation with the Department of Homeland Security to protect companies located within the "defense industrial base."
But this is not enough, says Clarke. Government policy must look beyond agency-specific territorial concerns—instead focusing on our nationwide domestic security interests.