By Jeff Stein
Sunday, May 23, 2010; B01
The Next Threat to National Security and What to Do About It
By Richard A. Clarke and Robert K. Knake
290 pp. $25.99
Cyber-war, cyber-this, cyber-that: What is it about the word that makes the eyes roll? Adults of a certain age, myself included, have a hard time getting worked up over something that seems more akin to pushing buttons frantically in "Grand Theft Auto" than waging a real war, in which very loud weapons shred bodies and devastate cities, possibly with a nuclear accent. How authentic can a war be when things don't blow up? Carried out in dark rooms by computer geeks armed with joysticks and keyboards, this click-click contest seems merely virtual, not really fatal.
Maybe that's why experts such as Richard A. Clarke, the former White House terrorism adviser who famously failed to excite George W. Bush's aides about al-Qaeda in the summer of 2001, have had such a hard time convincing top policymakers that cyber-war is "the next threat to national security," as the subtitle of Clarke's new book puts it. By his account, Clarke was about as successful at getting the Bush administration to take cyber-war seriously as he was at warning them of al-Qaeda. But a cyber-9/11 could be the next big thing, he cautions, conjuring visions of frozen Pentagon computers, blinded telecom satellites, dead power plants, subways grinding to a halt, exploding petrochemical installations -- all the stuff that adds up to another mind-numbing cyber-phrase: critical infrastructure.
Still, few seem too worked up about it. On a recent "Real Time With Bill Maher" episode, for instance, Clarke's cyber-scare stories fell flat. And even a 1,000-point swoon in the Dow failed to trigger much worry over what cyber-war could wreak, outside of the people who are paid to worry about it. So now Clarke is taking his campaign to the bookstores and the airwaves, wrapping his urgent policy prescriptions in easy-to-digest, occasionally riveting, tales from the cyber-front.
Most people have probably heard something about Chinese hackers rooting through U.S. military, commercial and congressional computers, if only because they do it so often. We'll never know for sure, but it's possible that the break-ins account for the breathtaking speed with which China has modernized its weapons. In any event, according to Clarke and his co-author, Robert K. Knake, an international affairs fellow at the Council on Foreign Relations, Beijing drew important lessons from our quick, high-tech takedown of Saddam Hussein: It downsized its infantry and poured the savings into its cyber-forces, the better to prevail in an asymmetrical military clash with the U.S. Navy.
Even backward North Korea is exercising its cyber-muscles. Last year, on July 4, the hermit kingdom reportedly sent a virus to attack commercial and government Web sites in the United States, including those of the New York Stock Exchange and the White House, as well as sites in South Korea. Little damage seems to have been done, but Clarke suspects it was an electronic reconnaissance, "preparing the battlefield" for the real thing -- a ground invasion of the South.
Our adversaries are busy.
There was Russia's suspected mass botnet invasion of Estonia in 2007, which "staggered" the nation's largest bank, Hansabank, disrupted commerce and communications across the country and launched "distributed denial of service" (DDOS) attacks. Like a swarm of mosquitoes, such attacks, which overwhelm computers with more requests for data than they can handle, eventually moved on to Georgia. In 2008, as Russia mobilized to invade the former Soviet republic, it allegedly deployed an electronic version of the Dirty Dozen, shutting down Georgian government Web sites and cutting off news from outside. How much did these cyber-tactics contribute to Georgia's humiliating defeat? The authors don't say.
But the utility of cyber-tools in service of old-fashioned firepower had already been made clear, when Israel reportedly took over Syria's air defenses as its jets attacked a suspected nuclear facility in 2007. "Israel had 'owned' Damascus's pricey air defense network the night before," Clarke writes, recounting news reports. "What appeared on the radar screens was what the Israeli Air Force had put there, an image of nothing."
We, too, have cyber-forces to attack foreign targets, but we are not even close to defending ourselves, Clarke warns. Our technological prowess scares nobody. It makes our critical infrastructure even more tempting to China and Russia, not to mention North Korea.
Yet for years, U.S. presidents have treated cyber-defense like spinach, picking it up and then putting it down. The Bush administration went through so many officials that each was dubbed "cyber czar of the week." It took Obama more than a year to "get around" to picking his own, Clarke notes with nonpartisan disdain. It will probably take "an electronic Pearl Harbor" to wake us up, Clarke says. Until then, we're just too bored to care.
Jeff Stein writes the "SpyTalk" blog for The Post.