Communists, Blofeld et al plan cyber Pearl Harbor for US

Head White House spook swatter makes lurid budget pitch

  • alert
  • submit to reddit

Build a business case: developing custom apps

Analysis Don't look now, but the cyber 'missile gap' might be turning into an issue. Speaking at Microsoft's Safenet 2000 conference on Friday, top White House security official Richard Clarke painted a grim picture of foreign powers setting up cyber warfare squads intent on unleashing an electronic Pearl Harbor on the USA.

And they're at it already - Clarke, who is National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the White House National Security Council, told the select invited audience that these "information warfare squadrons" are now mapping US networks, looking for vulnerabilities. They could even be doing more than that, he hinted darkly.

Here come the Zeroes...
Shortly, the US really will have a new President, and people like Clarke are going to have to bring him up to speed: "The new President," he says, "will get an intelligence briefing that will tell him that crackers, criminals, and foreign powers are building sophisticated cyber attack capability and doing reconnaissance on our networks today. So whatever he does about cyber security, the new President better move fast."

Yes, that's right folks, Clarke has an expensive plan and wants a budget for it. Back in the 60s large quantities of dollars were secured on the basis of a missile gap that didn't exist, and now whoever turns out to be Prez is going to have the willies scared out of him about communist terrorist SMERSH spook squads led by Blofeld the instant he turns up for the intelligence briefing. We wouldn't be in the slightest bit surprised if another 30 years down the line these turn out to be largely imaginary too.

Clarke's pitch is slightly impaired by how difficult it is today to grasp who the states with the crack cyber squads could be, and we suspect this may be why he doesn't seem to have made it in his actual speech.

The Evil Empire is no more, and if you're trying to define things that could conceivably fall into the category of enemies, you're struggling to get much beyond Cuba and North Korea, neither of which is entirely credible as a state-of-the-art tooled-up cyber-warrior.

But who knows, maybe their lack of IT equipment is in itself a threat to the Free World, given that it confers a certain immunity to Echelon; carbon paper could be the V-weapon de nos jours.

Uninvent the Internet

Colourful, budget-getting presentation aside, the underlying axes Clarke has to grind are fairly clear. As far as the Internet is concerned: "Security was not a design criterion. Those who wish to do us ill in cyberspace can do so easily. They can steal information, invade our privacy, rob our money, extort concessions, and may even be able to disrupt and shut down major infrastructure such as electric power grids, telecommunications networks, and Defense command control systems."

To some extent, this is true, but as The Reg's saintly cyberspace guru Thomas C Greene repeatedly points out, it's generally people leaving doors open that makes hacking so damnably easy.

Clarke however sees security vulnerabilities that need an expensive Big Fix, and his proposed one seems strangely familiar. "We have a chance now to make security features inherent rather than appendages... our focus must be the new network." He proposes more secure switches, operating systems (a tip of the hat to the host here), and traffic management protocols. This should be done "as part of a private-public partnership."

It's legacy stuff anyway

Significantly he differentiates between the "legacy" network and the "new" network before getting on to his proposal - for an ever-expanding new network where security is inherent and absolute. Perforce, the current Internet must be what he terms the "legacy" one.

He splits them on the basis of "the current area of anonymity on one side and a secure zone for critical infrastructure on the other." In the latter privacy and security can be achieved, "but only if we end anonymity" (and can't you just hear those axes grinding away?).

The axes get louder. "What I envision is a secure critical infrastructure zone within cyberspace where messages could travel on fiber and switches exclusively serving authenticated messages. To secure that zone from attacking Trojan horses, there may have to be portals and customs inspectors. Participants may have to mutually design a form of scanning for known viruses, just as we consent to have our carry-on scanned before we are allowed to enter airspace. Such scanning can, I believe, be designed consistent with the highest standards of protection of privacy rights."

Remember this guy will have the President's ear, and - particularly if it's the one with the short attention span - will have terrorised him with visions of global secret conspiracies led by sinister men stroking fluffy white cats.

"I propose that Government and Industry in partnership, and with privacy rights advocates fully involved, examine whether such a secure area can be built in cyberspace." Industry will no doubt confirm that it can be, before you can say "lucrative defense contract."

The Brainiac Darpanet

He sees the network as first covering the US Department of Defense, which by a miraculous coincidence appears to have been falling seriously in love with his Redmond hosts over the past couple of years. And of course there's an exquisite irony to it all, because this will be what you might call the Brainiac Darpanet. From that humble (but lucrative for the IT industry) beginning, "the walls might be moved out to include banking and finance or electric power generation and distribution. Our goal would be to make this critical infrastructure zone of cyberspace immune to disruption from outside."

Entry to the secure zone would be voluntary for businesses, but presumably outfits wanting to engage in electronic commerce with other outfits (like the DoD) inside it would have to join them on the other side of the wire and the watch towers. Whatever, this "voluntary" zone "should be designed, built, and operated largely by the private sector."

Those of you with memories stretching back a tad over five years may remember quite a few outfits first rejecting the Internet in favour of something more secure they'd run up themselves, and then falling back on 'build a better Internet' plans which didn't work. Microsoft and AT&T were in this camp (AT&T for a lot longer than Microsoft), it didn't work, but here we go again, if we get Clarke's meaning properly.

But here, as Clarke signs off, comes what sounds like another axe. "The Federal Government, in my personal opinion, needs someone truly in charge of cyber security and with some power and budgetary clout, a Chief Information Infrastructure Officer. Such an official should be confirmed by the Congress and have authority to create and enforce standards of computer security for essential government systems. This official should also play an important role in the private-public partnership."

Now, who on earth might be able to do that job? Hasn't this guy got a long enough job title already? ®

A new approach to endpoint data protection

More from The Register

next story
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
prev story


7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?