The former White House advisor controversially declared “that spending more money on technology like anti-virus and IPS is not going to stop us losing cyber-command. Instead, we need to re-architect our networks to create a fortress. Let’s spend money on research to create a whole new architecture, which will cost just a fraction of what we spend on all of the technology crap that doesn’t work”, he said, to a loud round of applause.
In his keynote, titled ‘Confronting the Hydra: Cyber crime, cyber espionage, and cyber war’, Clarke declared that the US does not have an effective defense against cybercrime in place, “like the UK and the rest of the UN”. He insisted that the US should divert its attentions away from offensive cyberwar, and instead worry about “defensive cyber war”.
While Clarke insisted that “cyberwar won’t happen tomorrow”, he did acknowledge that nation states do have the tools to launch a critical cyber attack, “but they won’t rush out and use these new toys. They will store them in their inventory for when they are needed.”
Clarke draws on the example of the UN security council trying to stop Iran from building nuclear weapons. “Israel, and perhaps even the US, are considering bombing Iran. It isn’t hard to imagine that within the next twelve or twenty-four moths that Iran will be at war with Israel, the US and possibly even the UK. If bombs fall in Iran, and damage is done, they will not be satisfied until they have attacked the US on US soil. Physically, that’s very difficult, but much more easily they could launch a cyber attack and cripple our systems.”
Clarke referred to the Stuxnet worm as “proof in the public domain that we could have cyber war today.”
He concluded his presentation with a request to “think about cyber peace. We need to take baby steps. We need to think about arms control and treaties and agreements around cyberwar”.