Richard Clarke, a former top adviser on information security and terrorism in the Bush White House, is calling for Barack Obama to initiate an open public dialogue on the use of offensive and defensive information warfare capabilities and what the consequences of a cyberwar could be for the country. In an article published Tuesday on National Interest Online, Clarke argues that while the United States is moving ahead with the creation of a new Cyber Command dedicated to cyberwar efforts, the country’s critical infrastructure remains highly vulnerable to attack. What’s needed, he says, is not just a major overhaul of the systems that control the nation’s utilities, financial networks and other key pieces, but the establishment of a public discussion of the issues surrounding the use of cyberwar capabilities by the U.S.
“In the absence of a public cyber-war strategy, we do not know today whether an air-force general could launch an effective cyber war. We have not had the basic discussion of whether the United States is better-off with the advent of cyber-war capabilities, or whether it is we who will be deterred in the future by the threat of cyber attack on our vulnerable infrastructure,” Clarke writes.
“Although President Obama may not yet know it, his freedom to maneuver in the world is likely already restricted by those vulnerabilities. Perhaps in a crisis, someone will tell him. Or maybe he will learn it by looking out the window at a darkened city after he has ordered a bombing raid on Iran, or sent a carrier battle group to protect Taiwan, or done something to irritate the Dear Leader of Pyongyang.”
Other experts have argued for a public discussion on this issue as well, saying that it is vital that lawmakers, military leaders and voters understand what’s at stake and what the use of information warfare weapons could mean. Clarke says that because there have been confirmed attacks on the country’s military networks, power grid and other critical infrastructure pieces, it’s imperative that the public not only hear about what’s happening but have a voice in the policy-making process.
Many experts say U.S. military, government and civilian networks
regularly are attacked by foreign governments and that the U.S. has
retaliated in kind. But because military and intelligence capabilities on this front are closely guarded secrets, few people outside the Beltway have any idea whether the U.S. is in the lead, somewhere in the middle of the pack or falling behind on information warfare. By necessity, decisions on whether to use offensive capabilities are made in secret, as are discussions of attacks on sensitive U.S. networks. However, Clarke argues, the reflexive secrecy inside the Beltway is doing more harm than good.
“The fact that legislators and policy makers do not understand the strategy issues surrounding cyber war may stem from the lack of public discussion, absence of academic contribution, minimal media coverage and insistence on unnecessary government secrecy. A multidepartment effort this year to develop a cyber-war-deterrence strategy produced a paper that is still labeled ‘secret,'” he writes.
Public discussion is almost never a bad thing. It brings a diversity of viewpoints and opinions, serves as a reality check for insulated policymakers and politicians, and most importantly, prevents small cadres of people from making such vitally important decisions unilaterally and without public knowledge or input.
But a public discourse on cyberwar isn’t an end in and of itself. It should be a first step in a process that leads to the establishment of a definitive framework for the use of offensive cyber weapons and a plan for addressing the weak spots in the nation’s critical infrastructure. These are musts in today’s environment.
Clarke goes even further on this. Drawing a parallel to the development of nuclear arms policy 60 years ago, Clarke argues that the Obama administration should open talks with other powers aimed at defining the use cases for cyber weapons and limitations on their spread. While this might have some positive outcomes, it does not contemplate the existence of non-state attackers such as politically motivated hacktivists, cybercriminals who sell their services to the highest bidder or nationalist groups with an axe to grind. None of those groups will think twice about what terms the U.S., Israel and South Korea have settled on.
Still, the need for open discussion on this topic is real and the time to get it done is now, before anyone’s hand is forced.