Tavis: Richard Clarke is a former counterterrorism adviser turned best-selling author and Harvard professor. His new book is called “Cyber War: The Next Threat to National Security and What to Do About It.” He joins us tonight from Washington. Richard Clarke, good to have you back on the program, sir.
Richard Clarke: It’s great to be back with you, Tavis.
Tavis: You argue in this book, unapologetically and quite aggressively, that the time has come for us to have a national and public discourse about cyber war. Question one, how does one have a public conversation about cyber war without scaring the bejesus out of people?
Clarke: Well, if you go back to the early 1960, there was a very similar situation. We had a four-star general in charge of nuclear weapons, Strategic Air Command, and we didn’t have a strategy. So President Kennedy and his administration began a public dialogue, which was also in a way a dialogue with the Soviet Union about what you should and should not do in nuclear war.
Out of that came a strategy that probably prevented nuclear war. Well, now we’ve got a four-star general in charge of Cyber Command, we have cyber weapons, but nobody knows anything about them and not even the Congress knows what we’re supposed to do with them or what the strategy is.
Tavis: What makes cyber war – there are many things, of course, but what to your mind makes cyber war uniquely different from, for lack of a better term, conventional war?
Clarke: Well, cyber moves at the speed of light, or close to it, so that you could do simultaneous attacks all over a county. People talk about the cyber Pearl Harbor, but Pearl Harbor was in one place. If we had a cyber Pearl Harbor it could be simultaneously hitting things all over our country, and the response, if you’re going to fight back in cyberspace, also has to be really fast.
So there’s not enough room, there’s not enough time for decisions, and the things that are being targeted in most cyber war plans, I think, are civilian facilities. They’re things like the electric power grid and trains and pipelines and the banking system, things that all of us depend upon, so it’s almost inherently an attack on civilians.
Tavis: I’m trying to juxtapose these two points. On the one hand you argue that because cyber warfare moves at the speed of light, speed of sound, you’ve got to be prepared and ready to hit back fast. And yet how do you hit back fast if you don’t altogether know where the attack came from?
It’s not like conventional war where you know where this nuclear warhead came from. You can figure that out pretty quickly. Cyber war isn’t so easy, yes?
Clarke: That’s exactly right. In a nuclear war situation, you could see the Soviet missiles coming up over the pole at you. You had about an hour to do something about it. You could see their bombers coming, you knew who they were.
In cyberspace you may have to guess who’s attacking you, because it’s possible to spoof the identity, to assume an identity of somebody else. There was a recent case of cyber war when Russia invaded Georgia. At the same time their tanks crossed the border they hit Georgia with a cyber assault, knocking out the mobile telephones and knocking out communications, knocking out the banking system.
A lot of that attack appears to have come from a server in Brooklyn, in New York. Now, it was a Russian attack and the Russians probably hacked that server in Brooklyn, but technically the United States did the attack in the sense that it came from the United States.
So you’re right, and this is one of the dangers with cyber war – you could retaliate against the wrong person.
Tavis: Well, it flows off the lips with ease, but it hits the heart pretty hard when the response is that you might have to guess. I don’t know how we go into the future guessing about who hit us and guessing about how we’re going to respond.
That’s the one hand. On the other hand, it was guessing that got us in the mess that we’re in in Iraq as well.
Clarke: It was guessing and lying that got us into the mess in Iraq. (Laughter) Let’s be blunt about it.
Clarke: But I think that was the big problem here, is that we don’t have a strategy to defend ourselves. We’ve got this Cyber Command and underneath it the Navy has a 10th fleet without any ships and the Air Force has a 24th Air Force without any planes. So we’ve got the offense built, but we don’t have any real defensive plan.
You know from football if you’ve got a team that’s really good on the offense but has no defense at all, you’re going to lose to somebody who’s just pretty good at offense and pretty good at defense, and we don’t have a defense plan right now to protect this country.
Tavis: So what ought we be doing?
Clarke: Well, I think the first thing is the Obama administration’s got to decide that it’s going to defend not just the military and the government but it’s going to defend the United States, not only in wartime but in peacetime, because in peacetime you’ve got China and Russia and other people hacking in day after day to companies in the United States and stealing our corporate secrets.
So they steal the pharmaceutical formulas, the engineering diagrams, so we’re losing our economic edge. We spend billions of dollars in research and development and China comes along and gets it all for nothing by hacking. Half the time, the companies don’t even know that they’ve been hacked.
So I think the Obama administration has to make a big decision that it thinks it has some responsibility for protecting America’s cyberspace, all of it. The part that you and I live in, not just the part that the Pentagon lives in. If you do that, then there are other tough decisions about how to defend and that gets politically interesting and complicated.
Tavis: To your point now about politically interesting and complicated, do I take your comments to suggest or mean that these issues are not being taken as seriously as they should be inside the Pentagon and for that matter up on Capitol Hill as well?
Clarke: Well, I think the Pentagon’s very serious about it, both offensively and defensively. I think the White House – Barack Obama’s campaign was hacked by the Chinese during the campaign, and I helped out a little bit in figuring out who did it and how to stop that.
Certainly Senator Obama, during the campaign, spoke about cyber security and I know he understands the issue. But he’s got so many things on his plate, somebody’s got to put this issue in front of him that right now, your administration’s policy is just to defend the Pentagon and not to defend the economy and all the things that are likely to be attacked.
Tavis: What about what’s happening or not happening, as it were, up on the hill?
Clarke: Well, the hill has got so many fiefdoms no one can decide what committee is in charge. (Laughter) There are about 12 committees that think they’re in charge, and there are lots of little pieces of legislation floating around. One actually has bipartisan support from Senator Snowe, from Maine, has co-authored, a Republican, has co-authored something with Senator Rockefeller, a Democrat from West Virginia, that addresses some of this.
But it’s not likely to pass both Houses this year. It’s just not on the administration’s priority list.
Tavis: Can cyber war, Richard, be stopped or just responded to adequately and aggressively?
Clarke: Well, I think we’ve got to talk about cyber peace, and by that I mean international arms control. I did international arms control on biological weapons and chemical weapons and nuclear weapons, and when we started doing all of that, people told us it was too hard; you couldn’t verify it; it’s just too complicated to negotiate.
Now they’re saying the same thing about cyber arms control. But I think the U.S. government has to stop opposing cyber arms control, which it has been doing, and be willing to sit down with experts at the table, at an international table, and say we’re going to put some things off-limits. We’re going to say that cyber war should not be used to attack civilians.
Tavis: In 30 seconds here, are we so far behind at this point in the process that it’s a matter of if and not when with regard to our being hit and not being ready to respond?
Clarke: I think if any country finds a reason to go to war with us – let’s say Iran might, over sanctions over their nuclear program – we’re going to be hit and we are really not ready, and people will wake up the next morning and ask why we weren’t able to defend ourselves.
Tavis: Which is why we’re reading “Cyber War: The Next Threat to National Security and What to Do About It” by the best-selling author Richard A. Clarke. Richard Clarke, good to have you back on the program, sir.
Clarke: Thanks, Tavis.