Clarke used specific events to demonstrate what he called a "sea-state change" in the cybersecurity situation.
"For the last three years, I've been saying that there will be attacks on critical infrastructure such as transportation, banking, and power," Clarke said. "Let's look at what happened this year."
Clarke recounted how cyberattacks knocked out The Bank of America's ATM network, stopped or slowed CSX Railroad's trains, cancelled some of Continental Airline's flights, and forced offline a nuclear power plant in Ohio.
Regarding the Ohio blackout, Clarke noted the irony in a White House report refuting his assertion on ABC News that it could have been the result of a cyberattack. "I had no idea what it was," said Clarke, "But it might have been a cyberattack. The White House was saying it wasn't a cyberattack but, then again, couldn't say what it was. Then, the White House went on to ask former FBI National Infrastructure Protection Center director Ron Dick to investigate the cyberattack angle." The NIPC, which is now a part of the US Department of Homeland Security, focuses almost exclusively on cybersecurity issues. "Make of that what you want," said Clarke.
According to Clarke, the US power grid hasn't been the only grid to experience trouble recently. "The recent collapse of the Italian and British power grids has so far gone unexplained," said Clarke. "Oslo recently reported that cyberattackers attempted to bring down Norway's power grid, and Israel's intelligence agency Shin Bet recently reported that Israel's power grid has been the target of several cyberattacks. All of our infrastructure, including power and the Internet, are vulnerable."
Perhaps the worst news contained in Clarke's presentation is that nobody has been caught. "Look at all of the cyberattacks," said Clarke, "The FBI only has one high school kid who had neon signs in his windows saying 'I did it' and all he did was capture an existing virus (MSBlast) and modify it. The originator was never caught."
Clarke cautioned Gartner Symposium/ITxpo attendees against complacency. "When you hear everyone talking about IT security and you see it in the publications and from vendors, it becomes noise and you tend to turn it off. This is a mistake. What does this say about the future? It's not a pretty picture."
