Tuesday, April 3, 2012

Richard Clarke: A Little Knowledge Is A Dangerous Thing

Richard Clarke's editorial in today's New York Times underscores what I've written before about Mr. Clarke. He's not well-informed about the scale and scope of cyber espionage or any other cyber-related threat. And when you combine that lack of depth with his "name" power, then you have the dangerous combination of ignorance informing policy. Here's a quick survey of what's wrong with Clarke's editorial.

While China does engage in cyber espionage against U.S. companies, so do many other nation states. In my ebook, A Traveler's Guide to Cyber Security, I created an Appendix which lists multiple examples of cyber espionage by Brazil, China, France, Germany, Greece, Iran, Israel, Nigeria, Russia, Turkey, and Venezuela. The reality is that acts of espionage - cyber or other-wise - is very wide spread. You would never know that fact by reading Clarke's sinophobic writings.

Further, Richard Clarke attempts to provide a solution to this problem that is (a) impossible to implement and (b) reveals his lack of understanding of how data flows between networks. When sensitive data is located within a network, an attacker will encrypt those files and extract them in a way that doesn't draw attention. There's no way for any agency to see into those files and say "Hey - that's our secret sauce!".

Clearly Mr. Clarke is in the business of selling his time to clients who are worried about cyber attacks, and his background as a government bureaucrat is helping him do that - at least in the United Arab Emirates. However, if he's truly interested in contributing solutions to this very serious problem he needs to start by learning enough information about what's actually happening at a substantive level and then formulate an appropriate solution. 

No comments:

Post a Comment