Former counter-intelligence czar Richard Clarke is best known for testifying before the 9/11 Commission that President George W. Bush failed to take enough action to protect the country ahead of the September 11, 2001 terrorist attacks.
Since leaving the Bush Administration in 2003, Clarke has turned his attention to cybersecurity. He’s the author of the 2010 book Cyber War: The Next Threat to National Security and What to Do About It.
“I think for a lot of people a threat is not a threat unless people die,” Clarke says. “But hundreds of billions of dollars move. Cyber crime works.”
Clarke says cyber crime can easily have real, tangible results, such as the destruction of thousands of computer hard drives belonging to the Saudi oil company Aramco, or the United States destroying hundreds of centrifuges at the Iranian nuclear facility at Natanz.
“So rather than blow up that building with a missile, rather than hit it with a bomb, we hit it with a cyber attack,” Clarke says. “It retarded the Iranian program for perhaps as long as a year.”
But what the United States gives, it also receives. Clarke says every company in the United States with any intellectual property, research and development, or market information of value has their information technology systems attacked by China.
“You cannot compete in a world economic marketplace where your opponent in the marketplace has lower wage prices, lower economic costs because of pollution regulations, and also doesn’t have to pay for R&D because you’re paying for their R&D,” Clarke says.
Clarke says while the stealing of trade secrets about medications or patents affect the United States’ economic well-being, that threat isn’t as dangerous as the theft of military secrets.
“If you look at the new Chinese fighter plane, it bears a shocking resemblance to the U.S. F-35,” Clarke says. “If you look at the U.S. Predator drone, it looks exactly like the Chinese drone, and this is no accident.”
Clarke says the real threat is that American weapons are so dependent on software, any manipulation of these computer systems means U.S. weapons may not work when they’re needed most.
In a 2012 editorial in The New York Times, Clarke wrote that the international community should establish norms of behavior and then enforce them.
Yet the same Congress that has heard all of this disturbing testimony is mired in disagreements about a proposed cybersecurity bill that does little to address the problem of Chinese cyberespionage. The bill, which would establish noncompulsory industry cybersecurity standards, is bogged down in ideological disputes. Senator John McCain, who dismissed it as a form of unnecessary regulation, has proposed an alternative bill that fails to address the inadequate cyberdefenses of companies running the nation’s critical infrastructure. Since Congress appears unable and unwilling to address the threat, the executive branch must do something to stop it.
“If China is going to violate those norms by stealing intellectual property and R&D and it’s going to do things like hack into electric power grids, then there have to be sanctions,” Clarke says. “The United States has to lead that effort, and we have to say to China, ‘Here are the standards. If you violate them, there will be a price to pay.’ And that price has to be heavy.”
KGOU relies on voluntary contributions from readers and listeners to further its mission of public service with internationally-focused interviews for Oklahoma. To contribute to our efforts, make your donation online, or contact our Membership department.
SUZETTE GRILLOT, HOST: Richard Clarke, welcome to World Views.
RICHARD CLARKE: It's good to be with you and good to be in Norman.
GRILLOT: I want to start by looking back a little bit to your days in government. You came to be known as I guess the counter-terrorism czar, and you're really best known at that point in time for trying to warn the government, prior to the attacks of 9/11, about Al-Qaeda and what you saw coming. How and why did you know that this was going on, and how and why did this go unheated?
CLARKE: Well, I think it was pretty obvious certainly by the mid-1990s that the United States faced a threat from a new terrorist group. The group Al-Qaeda had actually organized in 1989, but we didn't really know that at the time. And it took the CIA a while to detect the existence of this organization, but then it began attacking us. And certainly by 1998 when it blew up two American embassies in East Africa, it was very obvious that the group existed and its agenda was to attack what it called, " The Far Enemy," the United States, so that it could topple "the near enemy"--- the Saudi government, the Egyptian government. They thought that the United States was propping those governments up and that in order to replace them with religious, fundamentalist, Islamist governments, caliphates, theocracies, that they had to get the United States out of the Middle East. And the way to do that they thought was to increase the pain level to the United States, so that we would leave. They didn't understand how the United States would react. And so it was very clear that that group was there and was organizing. There was a lot of intelligence. And the Clinton administration slowly came to this realization and then became preoccupied with it, and President Clinton decided to change the rules, so we could actually assassinate the leadership of Al-Qaeda. That was a big step, and it reflected his understanding of what the nature of the threat was. It was the first time that the United States had done that sort of thing---had a hit list to go after people and kill them. And then the Bush Administration came in, and it was a very good team we thought of trained national security specialists---people who had held jobs in the national security apparatus in the past. But they came in, somewhat preserved in amber from eight years before when they were in the government, and they took up the same agenda that they had eight years earlier. And they refused to believe the world had changed fundamentally and that they largest threats to the United States were not from China or Russia, but were in fact from non-state actors, and they really couldn't believe that. So they went on their preconceived agenda ignoring what was the new threat.
GRILLOT: So the purpose obviously of the attack was to get us out of the Middle East, and what it did was it got us more involved in the Middle East. It completely...that strategy didn't work. You were an outspoken critic of the invasion of Iraq, and we now know from history what, what happened there. But kind of bringing us forward, how are we doing now? Have we ever gotten it right---this counter-terrorism activity? I mean we have these recent attacks in Kenya, for example, what are we to do? What are we to make of the government's efforts to try and counter these types of threats?
CLARKE: Well the United States has destroyed most of the leadership of Al-Qaeda. It's destroyed the central organization of Al-Qaeda. The Obama administration really stepped the use of drones to attack Al-Qaeda, both in Afghanistan and in Pakistan. It quadrupled the number of attacks from the small number that the Bush administration was using. And by doing that and by cooperating with a number of regional governments, we really have over the past five or six years suppressed the threat from the central Al-Qaeda organization. But the philosophy of Al-Qaeda has spread, and various regional groups that would have existed anyway have now called themselves Al-Qaeda because that's a popular thing to do. It gets them world attention. It gets them money from various people. It allows them to recruit from outside of their own region. And so we have these groups in North Africa and East Africa calling themselves Al-Qaeda; groups in Iraq and Syria calling themselves Al-Qaeda. And they reflect a movement in Islam, a minority movement designed to create these caliphates and religious governments, and I think that's going to go on for probably as long as we're alive. It's a historical trend that has to work itself out in those regions. I think they represent a distinct minority, and for the most part, I think they will be suppressed, but it's for that region to figure that out. What our goal as the United States should be, I think, is to make sure that those organizations don't threaten us or our interests. That they don't attack Americans in the region, they don't attack the United States back here. Unfortunately some of them have the old Al-Qaeda philosophy of attacking "The Far Enemy." And so we see the group in Somalia, for example, trying to recruit Somali-Americans, train them and send them back to do attacks on the United States. But the U.S. government has gotten very good at finding these people and preventing attacks. It's gotten much, much better than it was 10 or 15 years ago.
GRILLOT: So if that's the case, then let's talk about something you have written about more recently and that is cyber war and cyber terrorist attacks. Is this really where we have not gained much, in terms of being able to address it, and is this really the threat that is even more concerning? Not the bombs and bullets and attacks of you know your average, everyday terrorist with a weapon.
CLARKE: I think for a lot of people a threat is not a threat unless people die. And with this cyber war and cyber activates in general, it's very rare that anyone dies as a result. But hundreds of billions of dollars move. Cyber crime works. Almost no one gets arrested for cyber crime. Cyber criminals live in sanctuary countries where they're not prosecuted for the most part because they bribe the governments in Eastern Europe and the former Soviet Union. And cyber can destroy things in the real world. We saw in Saudi Arabia recently where 30,000 computers running the Saudi oil company, Aramco, were wiped out. Their hard drives were destroyed. They became doorstops. That's an example. Another example is the United States attacking the Iranian nuclear facility at Natanz, where the American attack destroyed hundreds of centrifuges, the devices that were making the nuclear fuel. And so rather than blow that building up with a missile, rather than hit it with a bomb, we hit it with a cyber attack, and that was successful for a while. It destroyed a number of centrifuges and retarded the Iranian program for perhaps as long as a year. So this capability exists, but it's difficult for people to understand.
GRILLOT: So to bring some clarity to it then, you've written about China, for example, and it's fairly well known that China has engaged in attempts to steal secrets of all kinds or you know to engage in international property issues, in terms of stealing designs to things or recreating designs of medications or whatever it is. But you've written about how the Chinese are actively engaged in cyber espionage and again that goes back to the thousands, millions, perhaps billions of dollars are lost. Not so much lives. But is this the wave of the future? Is this what we are to be concerned about next? When will that ultimately lead us to think we are under attack and threatened by this sort of thing?
CLARKE: Well I think the U.S. government believes it's under attack by China and that the United States' private industry, private sector is under attack. So what's going on is the Chinese are stealing from every company in the United States that has any intellectual property, any research and development, any market information of value. The Attorney General Eric Holder has said there are two kinds of companies in the United States---those that have been hacked and know it and those that have been hacked and don't yet know it. It is pervasive. And because it's automated, tens of thousands of companies can be attacked a day. And they're attacked by the Chinese in ways that are not detectable initially by most companies. They don't have the technology to detect it. And so the result is the American taxpayers, American stockholders are paying for research and development, and the Chinese companies are getting that for free. And you cannot compete in a world, economic marketplace where your opponent in the marketplace has lower wage prices, lower economic costs because of pollution regulations and also doesn't have to pay for R&D because you're paying for their R&D. That's what's going on. It's an economic war and it's going on every day. And the Obama administration has been trying to get a bill through Congress to deal with the cyber threat, but Congress as you know doesn't like to pass legislation anymore.
GRILLOT: Well that's a whole different issue, but this stealing of threats is not just, how you mentioned before, kind of medications or patents or things like that, but you know weapons designs. There's a strong connection here not only between the economic warfare and the espionage that goes on to steal information relevant for economic production of goods and services and trade, but you know weapons and things that can actually harm us. So there is that connection even if it might be indirect.
CLARKE: Absolutely. If you look at the new Chinese fighter plane, it bears a shocking resemblance to the U.S. F-35. If you look at the U.S. Predator drone, it looks exactly like the Chinese drone, and this is no accident. They have been able to hack their way into U.S. companies and steal these designs, and so they are ahead in their weapons development from where they would normally be. But the other threat is perhaps when they get into these U.S. weapons companies, they leave behind a back door in the code. And the threat that some generals have mentioned privately is what if we ever get into a war with China, God forbid, but what if we ever get into a war with China, and they have some switch they can throw that stops our weapons from working because they've put a back door in the code of our weapons? And you know weapon systems today will hack your car today. It's all code. The average American car has between 20 and 25 computers running it. The average Triple-7 Boeing airplane has 30, 40 computers running it, so everything is run by computers and everything is run by code, and if you then get into that software and put malicious back doors in it, so that you can gain control remotely then you can stop things from working. And that's the real threat I think with American weapons is our weapons are so advanced, so dependent on software. If the Chinese have been able to manipulate that software without our knowing it, then our weapons might not work when we need them to.
GRILLOT: And of course this true of power grids and the stock market and all kinds of other things that operate on a daily basis.
CLARKE: The president said something really interesting in his State of the Union address in February. He said, "We know that foreign entities are hacking their way into U.S. financial institutions, the U.S. power grid and the air traffic control system." Now, all of that was classified secret or top secret before he said it, but the president has the right to declassify things, to explain problems to the American people, so he did. The thing about that, foreigners are hacking their way into the financial networks and the electric grid control system. That means, and I’ve been saying this for awhile, it's possible to shut off the electric power grid, portions of the grid, if you can get into the control system. And there's every reason to believe that that is possible, and we haven't done enough yet to defend the electric grid.
GRILLOT: So given this situation in the last minute we have left, what in a nutshell can and should the United States and the international community do to address this very real problem?
CLARKE: Well, I think the international community has to establish norms of behavior and then enforce them. If China is going to violate those norms by stealing intellectual property and R&D and it's going to do things like hack into electric power grids. Then there have to be sanctions, and the United States has to lead that effort, and we have to say to China, "Here are the standards: If you violate them, there will be a price to pay,” and that price has to be heavy.
GRILLOT: Well, Richard Clarke, thank you so much for sharing these interesting stories with us today and making visible really for us something that perhaps isn't on a daily basis. Thank you.
CLARKE: Thank you.
Copyright © 2013 KGOU Radio. No quotes from the materials contained herein may be used in any media without attribution to KGOU Radio. This transcript is provided for personal, noncommercial use only. Any other use requires KGOU's prior permission.
KGOU transcripts are created on a rush deadline by our staff, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of KGOU's programming is the audio.