By Ron Rosenbaum
The story Richard Clarke spins has all the suspense of a postmodern geopolitical thriller. The tale involves a ghostly cyberworm created to attack the nuclear centrifuges of a rogue nation—which then escapes from the target country, replicating itself in thousands of computers throughout the world. It may be lurking in yours right now. Harmlessly inactive…or awaiting further orders.
A great story, right? In fact, the world-changing “weaponized malware” computer worm called Stuxnet is very real. It seems to have been launched in mid-2009, done terrific damage to Iran’s nuclear program in 2010 and then spread to computers all over the world. Stuxnet may have averted a nuclear conflagration by diminishing Israel’s perception of a need for an imminent attack on Iran. And yet it might end up starting one someday soon, if its replications are manipulated maliciously. And at the heart of the story is a mystery: Who made and launched Stuxnet in the first place?
Richard Clarke tells me he knows the answer.
Clarke, who served three presidents as counterterrorism czar, now operates a cybersecurity consultancy called Good Harbor, located in one of those anonymous office towers in Arlington, Virginia, that triangulate the Pentagon and the Capitol in more ways than one. I had come to talk to him about what’s been done since the urgent alarm he’d sounded in his recent book, Cyber War. The book’s central argument is that, while the United States has developed the capability to conduct an offensive cyberwar, we have virtually no defense against the cyberattacks that he says are targeting us now, and will be in the future.
Richard Clarke’s warnings may sound overly dramatic until you remember that he was the man, in September of 2001, who tried to get the White House to act on his warnings that Al Qaeda was preparing a spectacular attack on American soil.
Clarke later delivered a famous apology to the American people in his testimony to the 9/11 Commission: “Your government failed you.”
Clarke now wants to warn us, urgently, that we are being failed again, being left defenseless against a cyberattack that could bring down our nation’s entire electronic infrastructure, including the power grid, banking and telecommunications, and even our military command system.