Wednesday, June 22, 2016 by usafeaturesmedia
(Cyberwar.news) The modern world operates on electric power – the loss of which would instantly toss civilization back to the 18th century. And yet, that remains one of the top concerns of cyber experts everywhere, especially in the United States, the world’s No. 1 economy.
To mitigate that danger, a one-time National Security Council cyber chief says the great powers should get together, and soon, to craft a cyber treaty that [allegedly] would take power grids and vital infrastructure off target lists for cyber warriors during any future conflict.
As reported by Breaking Defense, Richard Clarke, co-author of the 2010 book “Cyber War” and a fixture in the cyber security community through several administrations, does not believe the Pentagon has done enough to security military and civilian networks against cyber attack and may find out the hard way what it missed during a conflict with a sophisticated adversary.
Then again, even with enhanced cybersecurity measures in place, Clarke sounds like a man who isn’t convinced that any amount of security would be enough.
“The nightmare scenario that I hear a lot of flag officers worrying about is, they get involved in a combat situation against a sophisticated enemy and that sophisticated enemy activates trap doors and shuts off systems and you’ve got beautiful aircraft and beautiful naval vessels or missiles that just sit there,” Clarke said at an American Institute of Aeronautics and Astronautics conference in Washington, where he spoke on cyber security last week.
His idea: An international treaty to put certain infrastructure and entities off-limits to cyber assaults, as well as require signatory countries to pass laws that enforce treaty provisions and give the United Nations Security Council authority to impose sanctions on violator nations like it did when Iran was found to be in violation of the International Atomic Energy Agency safeguards regarding nuclear proliferation.
He also noted that last fall President Obama and Chinese President Xi Jinping signed an agreement that, in principle, bans either from cyber theft of each nations’ intellectual property. Such agreements should also put banks, hospitals and aviation off-limits too, he said.
Breaking Defense went on to question Clarke about whether he thinks the U.S. is winning the cyber arms race against Russia, China, North Korea and others.
“The problem is that we don’t know,” said Clarke, who as chairman and chief executive officer of Good Harbor Security Risk Management spends most of his time consulting on cyber security. “The problem is that there’s millions of code applications running in weapons systems. Some of them have been verified by running repeated different ways of checking the code,” Clarke added.
“But there’s so much code there, and the way you develop code today in major corporations is, you take the code that’s out there in open source material and bring it in,” he continued. “Frequently, people don’t even know that they have open source code buried in the code that they’re just bought from somebody. That makes it very hard to tell whether the code that is running in weapons systems is secure. And the only time I think we’re going to find out is when somebody actually proves that they’ve put a trap door in, put a vulnerability in, by shutting off a weapons system. And they’re not going to do that until we’re engaged in combat.”
One spot of good news: Clarke says the military is on the problem, with the Pentagon finally paying giving the attention to the situation that it warrants. That said, he also added that he didn’t think the military is quite there yet in terms of understanding how important it is to protect weapons systems from cyber attack.
“You think of all the software that’s necessary for the support systems to work. If the support systems don’t work, it doesn’t really matter if the weapons system does. I don’t think they’ve begun to be able to address that,” he said.