On September 19th, 2011, Ellen Messmer of Network World interviewed former White House cybersecurity adviser Richard Clarke, author of the book "Cyber War," on his thoughts about US cybersecurity, SLL certificates, and more.
With regard to US cybersecurity, Clarke notes that cyberattacks have not gone so far as to bring down a power grid; although actors can attack the power grid, the only reason to do so would be for war, and no one currently has the motivation for war. Furthermore, Clarke believes that the US government has good cyber intelligence, but is not well-informed on attacks done on U.S. companies. To improve US cybersecurity, Clarke recommends that internet providers filter packets to look for signatures of attacks and block them.
With regard to SSL certificates and certificate providers like Comodo, DigiNotar, and GlobalSign, Clarke believes that digital certificates cannot be trusted. Calling the hacking of authentication companies a game-changer and a turning point, Clarke said he no longer has confidence in two-factor authentication or on SSL certificates.
Finally, Clarke notes that APTs (cyber attacks to steal sensitive information like intellectual property to advantage industry competitors or foreign governments) raise serious questions of justice; "if the attacker is a government or a cyber-sanctuary, you don't get justice." Clark mentions countries like "Eastern Europe, Russia, Belarus, Ukraine, China" as possible cyber-sanctuaries. As for China, Clarke explains that there are two types of non-government cyberattacks: the attack the Chinese government is letting happen and the attacks they ask to happen. However, Clarke points out that the US is also engaged in this type of cyber espionage.
You can find the source article here.
Leave a Reply