Clarke: Regulation needed to defend critical infrastructure against threat of cyberwar
From: Fierce Government
The likelihood of a cyber war anytime soon is remote, but if it did happen, the United States would have no plan and no capability to defend its critical infrastructure, said Richard Clarke, former special advisor to the president on cybersecurity, during a Dec. 8 Cybersecurity Seminar in Washington, D.C.
Congress must reach a consensus that something needs to be done to defend critical infrastructure with smart, enforceable regulation, said Clarke, who is currently a partner at Good Harbor Consulting. What’s more, citizens and businesses must get over their idealogical aversions to government involvement, he said.
Sign up for our FREE newsletter for more news like this sent to your inbox!
Clarke suggested that regulators be careful and specific about who they tell to do what in this space and, as with any issue in cyberspace, the protection of civil liberties must be a consideration, he said.
“Congress has created the civil liberties protection board and the last two administrations, including this one, have given Congress the finger on that issue,” said Clarke. “And it’s about time that somebody call out the Obama administration for its absolute failure to do what the law requires and create a serious, responsible, capable civil liberties protection board.”
One regulatory measure Clarke supports is granting the Federal Communications Commission safe harbor so that it can go after cyber threats. “The FCC has abandoned the field of security to someone else,” said Clarke. “Perhaps [the Homeland Security Department] should be given that authority.”
It would be difficult for anything to happen at a multinational level, because there’s no international consensus on what constitutes sovereign free speech, said Gen. Michael Hayden, principal at Chertoff Group and former director at the CIA and National Security Agency. Clarke added that a body, such as Internet Corporation for Assigned Names and Numbers, would not be able to set standards in this space. Instead, international regulations should build on the Council of Europe treaty.
It should be the responsibility of a sovereign state to conduct real-time monitoring, force Internet service providers to check registration data and hold cyber criminals accountable, said Hayden. If there were to be a pattern on noncompliance, cyber sanctions or other actions should be applied.
The United States needs to rethink security techniques as well, said Clarke. Considering successful intrusions are those that have not yet been discovered, security should not be built by looking backward, it needs to look forward and build around what we don’t know, said Clarke. For example, Clarke said the recent flurry of breaches stemming from Wikileaks is due to the government’s “criminal negligence.” He said the people responsible for monitoring this activity are “at least as culpable at the private first class,” who allegedly leaked the cables and other documents to the organization.