Richard Clarke's vision of the coming cyber-Armageddon is easy to poke fun at. The former White House cybersecurity point person's recent book is full of convoluted worst-case scenarios, like foreign agents wishing the U.S. ill triggering destructive office fires by causing Internet-connected photocopiers to jam. Clarke's going for high drama to get attention, and he should get some deference for being one of the few people in government to see the Al Qaeda threat clearly. But I'll reiterate something I tweeted last month, "What I've learned from Richard Clarke's 'Cyber War' book: Your toaster will, in fact, kill you."
More seriously, what's really concerning about Clarke's approach to "Cyber War" is highlighted in Jack Goldsmith's review for The New Republic. Clarke's militaristic framing obscures the very real fact that we in the United States have grown increasingly dependent on digital infrastructure without having made arrangements for what happens should it fail -- whether it's China or an Estonian hacker or a domestic accident that brings down the Internet, electrical grids, and other interdependent networks. Here's Goldsmith:
For over a decade, the Pentagon has been networking every element of the American military -- from the soldiers, sensors, and (computer-controlled) robots on the ground, in the air, and at sea to commanders around the globe and every relevant node in between -- with the aim of dramatically enhancing our knowledge about the enemy and making military decision-making faster and more accurate. Our intelligence services are similarly wired. And our civilian infrastructure sectors -- which include banking and finance, energy, health care, telecommunications, and critical manufacturing -- are both deeply computer-dependent and deeply reliant upon the Internet.
We've expended a huge amount of public and private money and attention in the last several decades developing the potential of these digital networks. That's been, on the main, a good thing. Where corners have been cut is in figuring out how to cope with their weaknesses. The U.S. Army analyst involved in the Wikileaks leak, for example, reportedly overcame the air gap between secure U.S. military networks and the public Internet by the super high-tech method of burning sensitive data to Lady Gaga CDs.
You want to believe that government and corporate interests wouldn't become blindly dependent on technologies without people and processes in place to, as David Brooks recently wrote, "weigh the risks of a system failure and take appropriate measures to reduce those risks." But then you remember that we're living in an age where BP was encouraged to drill an underwater well it had no bloody idea how to handle. The debate is still very open over whether cyber war is a legitimate threat. But it seems like we're misguided in waiting for the outcome of that debate to have a discussion on whether we're being smart about managing the possible outcomes of being so dependent on cyber space.