RSA Europe 2010: Replace internet with something safer, urges former White House advisor

The internet is inherently unsafe and should be replaced with a safer, re-architected alternative, says former White House cybersecurity advisor Richard Clarke.

The internet is inherently unsafe and should be replaced with a safer, re-architected alternative, says former White House cybersecurity advisor Richard Clarke.

Developing a more secure alternative would cost less than buying more products that do not work in an attempt to make the current internet safer, he told RSA Europe 2010 in London.

Clarke, currently chairman of Good Harbor Consulting, is an internationally recognised expert on security, including cybersecurity and cyber war.

He left his audience in no doubt that cyber war is a real and present threat, but said that, like nuclear weapons, cyber weapons are likely to be used only when necessary.

"Just because countries have these weapons, does not mean they are going to rush out and use them tomorrow," he said.

It is also unlikely that any world super powers would go to war with each other any time soon, said Clarke.

But, he said, Iran was clearly a target of Stuxnet, described as the first known cyber weapon, and if tensions escalate, it is not impossible that Iran could retaliate in kind.

If increasing pressure on Iran's nuclear problem escalates into conflict, it is not hard to imagine that such a country could resort to cyber weapons in retaliation, he said.

Cyber weapons give countries the ability to cause physical damage, he said, by attacking control systems for power grids, pipelines and financial trading systems.

This is cyber war, said Clarke, which is different from cybercrime, which is why each one needs a different solution.

Cybercrime is best addressed in the same way as international money laundering has been tackled, by identifying sanctuary states and threatening them with consequences if they do not fall into line with international norms, he said.

Cyber espionage is the other major type of threat, said Clarke, and although directed at stealing industrial and government secrets, the difference between cyber espionage and cyber war is just a few keystrokes.

"The techniques used in cyber espionage are very similar to those that could be used in cyber war," he said.

A key technique is the ability to get control of monitoring systems, he said, be they intrusion detection systems, radar systems or critical infrastructure control systems, and making the situation appear normal while malicious activity is going on.

In addition to finding a more secure replacement for the internet, Clarke called for nation states to stop sabre rattling about cyber offence capabilities and turn their attention instead to developing cyber defence capabilities.

"We need public-private plans to defend the systems that matter, because there currently are not any such plans, and laws and responsibilities are unclear," he said.

Clarke also urged nation states to consider investing in cyber peace initiatives along the lines of arms control agreements, similar to those achieved in controlling conventional, nuclear and biochemical weapons.

"If we begin with baby steps now, they can lead to international agreements that will make us safer, but we need to start now," he said.

Read more on IT risk management