Blackouts hit New York, Los Angeles, Washington and more than 100 other US cities. Subways crash. Trains derail. Airplanes fall from the sky.
Gas pipelines explode. Chemical plants release clouds of toxic chlorine. Banks lose all their data. Weather and communication satellites spin out of their orbits. And the Pentagon’s classified networks grind to a halt, blinding the greatest military power in the world.
This might sound like a takeoff on the 2007 Bruce Willis Die Hard movie, in which a group of cyberterrorists attempts to stage what it calls a “fire sale”: a systematic shutdown of the nation’s vital communication and utilities infrastructure.
According to the US’ former counterterrorism czar Richard Clarke, however, it’s a scenario that could happen in real life — and it could all go down in 15 minutes. While the US has a first-rate cyberoffense capacity, its lack of a credible defense system, combined with the country’s heavy reliance on technology, makes it highly susceptible to a devastating cyberattack, Clarke says.
“The United States is currently far more vulnerable to cyberwar than Russia or China,” he writes. “The US is more at risk from cyberwar than are minor states like North Korea. We may even be at risk some day from nations or nonstate actors lacking cyberwar capabilities, but who can hire teams of highly capable hackers.”
Lest this sound like the augury of an alarmist, the reader might recall that Clarke, who served as counterterrorism chief under former US presidents Bill Clinton and George W. Bush, repeatedly warned his superiors about the need for an aggressive plan to combat al-Qaeda — with only a pallid response before the Sept. 11, 2001, attacks. He recounted this campaign in his controversial 2004 book, Against All Enemies.
Once again, he writes about a lack of coordination between the various arms of the military and various committees in Congress over how to handle a potential attack. Once again, government agencies and private companies in charge of civilian infrastructure are ill prepared to handle a possible disaster.
In these pages Clarke uses his insider’s knowledge of national security policy to create a harrowing — and persuasive — picture of the cyberthreat the US faces today. Clarke is hardly a lone wolf on the subject: Mike McConnell, the former director of national intelligence, told a US Senate committee in February that “if we were in a cyberwar today, the United States would lose.”
And in November, Steven Chabinsky, deputy assistant director of the FBI’s cyber division, said the FBI was investigating al-Qaeda sympathizers who want to develop their hacking skills and appear to want to target the US’ infrastructure.
Clarke, who wrote the book with Robert Knake, an international affairs fellow at the US Council on Foreign Relations — says that because the US military relies so heavily upon databases and new technology, it is “highly vulnerable to cyberattack.” And while the newly established Cyber Command, along with the Department of Homeland Security, is supposed to defend the federal government, he writes, “the rest of us are on our own.”
“There is no federal agency that has the mission to defend the banking system, the transportation networks or the power grid from cyberattack,” he writes.
In fact, the Wall Street Journal reported in April last year that the US’ electrical grid had been penetrated by cyberspies (reportedly from China, Russia and other countries), who left behind software that could be used to sabotage the system in the future.
For more than a decade now, Clarke has been warning about “an electronic Pearl Harbor” and he is familiar with the frustrations of a political bureaucracy. He says that pressure from both the right and left over the hot-button issues of regulation and privacy have made it difficult for the government to get individual corporations (which control vital services like electricity, Internet access and transportation) to improve their ability to defend themselves against cyberattack.
Meanwhile, Clarke says, China has developed “the ability to disconnect all Chinese networks from the rest of the global Internet, something that would be handy to have if you thought the US was about to launch a cyberwar attack on you.”
After the First Gulf War, he says, the Chinese “began to downsize their military” — which reportedly has about one-eighth of the Pentagon’s budget (before adding in the costs of the wars in Afghanistan and Iraq) — and invest in new technologies, which they believed could give them an asymmetric advantage over the US, despite the US’ overwhelming conventional arsenal.
As for North Korea, Clarke says, it employs an Olympics-like approach to creating cyberwarriors, selecting “elite students at the elementary-school level to be groomed as future hackers.” North Korea is suspected of being behind the cyberattacks of July last year that took down the Web servers of the US Treasury, secret service, Federal Trade Commission and Department of Transportation and is thought to have placed “trapdoors” — unauthorized software that allows hackers future access to a network — on computer networks on at least two continents.
Trapdoors are just one device that rival nation states and cyberterrorists can use. There are also “logic bombs” (code that can set off malicious functions when triggered), distributed denial of service attacks (in which a site or server is flooded with more requests for data than it can process) and foreign-manufactured software and hardware that might have been tampered with before being shipped to the US.
The US Department of Defense began to embrace the cost-saving idea of using commercial off-the-shelf software (instead of applications custom-made in-house) in the 1990s, Clarke said, adding that it “brought to the Pentagon all the same bugs and vulnerabilities that exist on your own computer.”
He says, for instance, that in 1997, when the Windows system on a retrofitted “smart ship” called the USS Yorktown crashed, “the cruiser became a floating i-brick, dead in the water.”
The US’ lack of an effective cyberdefense system, Clarke ominously warns, “will tempt opponents to attack in a period of tensions” and it could also tempt Washington to take pre-emptive action or escalate a cyberconflict very rapidly if attacked. Were such a war to start, it could easily jump international boundaries, causing cascades of collateral damage to unspool around the world.
How best to address this alarming situation? Clarke reports that a meeting last year of about 30 cyberspace “old hands” — former government officials, current bureaucrats, chief security officers of major corporations, academics and senior information technology company officials — came to the conclusion that critical infrastructure should be separated from “the open-to-anyone” Internet. They also came out in favor of more government involvement in cyber research and development and a heightened emphasis on building “resilience” into systems so as to enable recovery, post-attack.
Aside from these suggestions, Clarke adds some fairly common sense — but not so easily achieved — recommendations of his own. He says the US needs to “harden the important networks that a nation-state attacker would target” by putting automated scanning systems in place to look for malware, and the Pentagon should make sure to enhance the security of its own networks. The US also needs to work toward cyberarms-control agreements with other nations.
“The reality is that a major cyberattack from another nation is likely to originate in the US,” Clarke says, noting that logic bombs and trapdoors are quite likely already in place, “so we will not be able to see it coming and block it with the systems we have now or those that are planned. Yes, we may be able to respond in kind, but our nation will still be devastated by a massive cyberattack on civilian infrastructure that smacks down power grids for weeks, halts trains, grounds aircraft, explodes pipelines, and sets fire to refineries.”
And should the US then decide to cross the line from cyberwarfare to conventional warfare, he says near the end of his chilling book, the highly advanced technology in our military arsenal “may suddenly not work.”
The first Donald Trump term was a boon for Taiwan. The administration regularized the arms sales process and enhanced bilateral ties. Taipei will not be so fortunate the second time around. Given recent events, Taiwan must proceed with the assumption that it cannot count on the United States to defend it — diplomatically or militarily — during the next four years. Early indications suggested otherwise. The nomination of Marco Rubio as US Secretary of State and the appointment of Mike Waltz as the national security advisor, both of whom have expressed full-throated support for Taiwan in the past, raised hopes that
Whether in terms of market commonality or resource similarity, South Korea’s Samsung Electronics Co is the biggest competitor of Taiwan Semiconductor Manufacturing Co (TSMC). The two companies have agreed to set up factories in the US and are also recipients of subsidies from the US CHIPS and Science Act, which was signed into law by former US president Joe Biden. However, changes in the market competitiveness of the two companies clearly reveal the context behind TSMC’s investments in the US. As US semiconductor giant Intel Corp has faced continuous delays developing its advanced processes, the world’s two major wafer foundries, TSMC and
Authorities last week revoked the residency permit of a Chinese social media influencer surnamed Liu (劉), better known by her online channel name Yaya in Taiwan (亞亞在台灣), who has more than 440,000 followers online and is living in Taiwan with a marriage-based residency permit, for her “reunification by force” comments. She was asked to leave the country in 10 days. The National Immigration Agency (NIA) on Tuesday last week announced the decision, citing the influencer’s several controversial public comments, including saying that “China does not need any other reason to reunify Taiwan with force” and “why is it [China] hesitant
We are witnessing a sea change in the government’s approach to China, from one of reasonable, low-key reluctance at rocking the boat to a collapse of pretense over and patience in Beijing’s willful intransigence. Finally, we are seeing a more common sense approach in the face of active shows of hostility from a foreign power. According to Article 2 of the 2020 Anti-Infiltration Act (反滲透法), a “foreign hostile force” is defined as “countries, political entities or groups that are at war with or are engaged in a military standoff with the Republic of China [ROC]. The same stipulation applies to
RSS