Clarke is probably best known for his outspoken personality and his attacks on the Bush administration over the invasion of Iraq. Last year after he left his post as cybersecurity tzar at the White House, he openly criticised the president's handling of the "war on terror", claiming Bush could have prevented the 9/11 attack if he had listened to his advisers.
Clarke, who now heads up security firm Good Harbor Consulting, has an impressive CV. He has served as a counter-terrorist expert and cybersecurity adviser under four US presidents and was a civil servant for 30 years. But he experienced a mixed reception when he released his book, Against All Enemies , which made the allegations against the Bush administration.
Two days after the US elections, at the European RSA Conference in Barcelona, ZDNet UK sat down with Clarke, to discuss whether cyberterrorism is a misnomer or a real threat and whether he regrets publicly criticising the Bush administration.
Q: With all the areas you've worked in, does looking at the cyberworld seem trivial?
A: No. I've been looking at the cyberworld for about eight years now. I don't think it's trivial at all. Some people, when they talk about security, they use 9/11 as a benchmark. They say unless it's going to result in a 9/11 where we have 3,000 body bags, it's no big deal. You know there are lots of things in our life that are important. And there are important security problems that don't create 3,000 body bags.
Cybersecurity is enormously important. Just because it doesn't create a lot of body bags, doesn't mean it's not important. It's vitally important for our economies
A couple of days ago a UK bank was hit by a denial-of-service attack. Alan Paler, the director of research for SANS said that every online gaming Web site is probably paying extortion demands. Is this something you're seeing?
Yes they are. Over the last year botnets have gone from 2,000 to about 30,000. I don't know what the average number of machines is per botnet, but you can bet it's in the thousands. The only thing I know botnets are good for is denial-of-service attacks. Even if no one is reporting denial-of-service attacks, you know they are happening.
How long will it be before we see some type of vigilante group to tackle the people carrying out denial-of-service attacks?
Well I know companies are reluctant to have their employees to be vigilantes. It increases their own liability. I think we are going to see companies asking their ISPS to do more. A lot of denial-of-service attacks could be prevented if ISPs co-operated with each other.
Are governments looking at using cyberwarfare on other countries?
1%
1%
Quote:
How much can governments see of what goes on in the Internet? Can they see every e-mail?
Oh no. There are technical and legal reasons. The legal reason is, in the US at least, is that you need a court order for each person [to see each e-mail]. The technical reason is that there is too much traffic.
Isn't the whole implementation of the Carnivore server combines with the Patriot Act supposed to make a court order unnecessary?