Richard Clarke: Every Major U.S. Company Already Hacked by Chinese Government

Former counterterrorism official Richard Clarke, who oncefamously apologized to the families of the 9/11 victims bysaying, "Your government failed you, thoseentrusted with protecting you failed you, and I failed you," is onceagain back in the headlines, this time for pointing out that America(and its major corporations) are woefully unprepared tofend off cyberattacks from terrorist groups and hostile nation-stateslike China.

Clarke was recently interviewedby Ron Rosenbaum for Smithsonian Magazine,primarily for an article that focuses on who Clarke believes was behindthe Stuxnet cyberattack against Iran in late 2010. Clarke --like many othersecurity experts -- points the finger squarely at the U.S., hintingthat America may have received some assistance fromIsraeli intelligence services. Here's a keyClarke quote about Stuxnet from Rosenbaum's article:

"I think it’s pretty clear that the United States government did theStuxnet attack...I think there was some minor Israeli role in it.Israel might have provided a test bed, for example. But I think thatthe U.S. government did the attack and I think that the attack provedwhat I was saying in the book [which came out before the attack wasknown], which is that you can cause real devices—real hardware in theworld, in real space, not cyberspace—to blow up."

Microsoft Technical Fellow Mark Russinovich writes about terroristsusing cyberwarfare to destroy physical machinery in his fictional novelZero Day,but it's clear that Stuxnet -- and possible successors like Duqu --have turned fiction into reality. Several security experts havesuggested that China was behindthe cyberattack on security vendor RSA that nettedinformation about RSA SecurID tokens, information which was thenallegedly used to launch attacks against major defense contractors likeLockheed-Martin and Northrop-Grumman.

In addition to attacks against U.S. government agencies anddefense contractors, Clarkebelieves that China has invested billions in an attempt to usecyberwarfare to steal secrets from U.S. companies, a strategy thatClarke says the U.S. government won't emulate. Clarke suggeststhat China's cyber-espionage efforts pose a significantlong-term risk to US interests, mainly because China is leveragingcyberwarfare to steal trade secrets from US companies. Clarke toldRosenbaum that his "...greatest fear is that, rather than having acyber-Pearl Harbor event, we will instead have this death of a thousandcuts. Where we lose our competitiveness by having all of our researchand development stolen by the Chinese."

Rosenbaum's article presents a chilling outlook for UScybersecurity efforts, and should be a must-read for anyoneinvolvedin IT security. 

What are your thoughts on the current state of cybersecurity? Feel freeto add a comment to this blog post or contribute to the discussion onTwitter.