Skip to content

Bit9

← Back to Blog
21 Feb 2012

State-Sponsored Threats: Q&A with Richard Clarke

Jon Cilley

There has been no greater advocate against cyber espionage and its influence on worldwide markets than Richard Clarke. As a former White House advisor on cyber security, his extensive insight and access has allowed Mr. Clarke a vantage point few others have had. In a discussion below, Clarke describes how China, specifically, is participating in one of the largest thefts in intellectual property (IP) the world has ever seen. Because most companies fail to recognize the seriousness of advanced threats, many never realize they’ve been breached until months or years after being initially compromised. As a result, terabytes of intellectual property are funneling out of the corporate door and into the hands of competing companies and governments. By failing to have an advanced threat protection solution, companies are giving years of IP over for a minimal cost to them. Richard Clarke explains:

Bit9: Is China still considered the dominant nation state when it comes to state-sponsored cyber-attacks? We’ve heard they are involved in the Nortel hacking incident that some are alleging helped bring the company to bankruptcy. Where does Russia fit into the mix? And regarding these nation-state attacks, are there any new methods or strategies that have emerged of late that concern you?

Mr. Clarke: China is engaged in a widespread, global industrial espionage net. Russia is equally, if not more capable, but seems to be doing more targeted attacks. The Chinese and Russian attacks are both persistent. Meaning after you think you’ve eliminated their presence on your networks, they are still there.

Bit9: What is your take on the recent cyber-attacks in the Middle East? Stuxnet was a high profile event last year. What is concerning you these days about cyber activity in the Middle East?

Mr. Clarke: Since December, Arab-Israeli tensions have been spilled onto the region’s fiber optic cables. Citizen hackers on both sides have engaged in tit-for-tat raids on Israeli, Saudi and other regional computer networks. I believe what we’re seeing is large scale “hacktivism,” not terrorism. No one has died and, so far, nothing has blown up. Moreover, it seems that most of the attack methods have been relatively unsophisticated – I noted this in an opinion piece in the Wall Street Journal on February 16. However, this ongoing hacktivism has reached a point that should cause nations to act.

If the hackers decide that identity theft and website defacement aren’t enough and wish to cause disruption and destruction, as some have threatened, they may be able to access controls for electric power grids, oil pipelines, and water systems due to inadequate security on these systems. Once physical damage occurs, a crisis could quickly escalate, which would involve governments retaliating against each other with both cyber and conventional weapons. Middle Eastern governments should act to control their citizen hackers and better protect their own critical networks, or they may eventually be dragged into unwanted conflict.

Bit9: There have been two recent high profile breaches in the United States. The Chamber of Commerce had a serious hack in which data was stolen on the people and companies that work with Chamber of Commerce, and Symantec’s Source Code was stolen recently. What is your take on these two hacks and do they indicate that there may be a bigger wave of high profile hacks coming up?

Mr. Clarke: The Chamber of Commerce attack probably didn’t yield any valuable information to the attacker, but it’s similar to other attacks done by Chinese entities who probe any organization that may affect US/China policy. The attempt to get Symantec’s source code is part of a pattern of hackers attacking the defenders (like the RSA breach) – that is, hackers going after software companies that create cybersecurity applications, a trend that I expect will continue.

Bit9: Intellectual Property (IP) has emerged as the primary target for today’s hackers – we’re seeing it right now with Nortel. Can you talk about this evolution in cyber-attacks and why should it concern CSO’s and CISO’s?

Mr. Clarke: In a knowledge economy, the most valuable assets that a company may have are its intellectual property, trade secrets, research and development data, and plans for new products and services. The industrial espionage that we are seeing is targeting that sort of information to beat us to market, to allow competitors in China and elsewhere to bring products to market more cheaply, and to eliminate their R&D costs by simply using ours. A company’s ability to protect such sensitive information will be directly correlated to how competitive it will be in the marketplace. The recently revealed decade-long campaign against Nortel is a perfect example of this. It illustrates the persistence of the malicious actors engaged in industrial cyber espionage and the risks of corporate complacency in the face of this threat.

email

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy this password:

* Type or paste password here:

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.


Our Solutions

Our Products

  • Blog

+1 617-393-7400 US