Richard A. Clarke Talks Cybersecurity at AIAA AVIATION 2013 Written 4 September 2013

By Duane Hyland, AIAA Communication (2008-2017)

Richard A. Clarke, delivered a luncheon keynote address on the afternoon of Tuesday, August 13 during the 2013 AIAA AVIATION  Forum, at the Hyatt Regency Century Plaza, Los Angeles, CA.

Cybersecurity expert Richard A. Clarke delivered a keynote address on the afternoon of Tuesday, 13 August as part of AIAA’s AVIATION 2013 Conference, which took place 12–14 August in Los Angeles, CA.

Clarke, chairman and CEO, Good Harbor Security Risk Management LLC, and former U.S. national coordinator for security, infrastructure protection, and counterterrorism, delivered a stern warning, pointing out to the audience of 500+ aviation professionals that “aviation is the sine qua non of U.S. society, if not the world,” and reminding them that the bulk of the world’s commerce is fueled by the aviation sector.

He went on, however, to paint a grim picture of the realities of cyberspace, reiterating to the audience what U.S. Attorney General Eric Holder recently pointed out, “There are two types of American companies, those that have been hacked and those that don’t know they have been hacked.” Clarke went on to point out that almost every large and mid-sized company in America has been compromised. He informed the audience that 26 nations around the world have announced that they have military units dedicated to cyberwarfare, and that nations like China and North Korea are working hard to ensure their cyberwarfare capabilities are the best in the world. But, Clarke also maintained that the best cyberwarfare capabilities today lie in the hands of non-state actors like the Syrian Electronic Army and Al Queada. Clarke went on to ask the audience to reflect, in light of this knowledge – “how have you changed? How have you adapted?” while pointing out that only by constantly upgrading cyberdefenses and knowledge, can America’s industry ensure an adequate response to the cyber threat.

Clarke then reviewed three troubling trends in current cyberspace: 1) The emerging efforts of hackers to penetrate medical devices, such as pacemakers, making it possible for them to put patients in potentially grave danger, and the ongoing efforts to hack automobiles, giving the hacker a wide range of control over the car’s systems, thus allowing them the ability to potentially cause great harm to the car’s occupants; 2) The vulnerability of the electric power grid and its vulnerability to attack over the next 15 to 20 years while modernization of its cyberdefenses are ongoing; and 3) The ongoing losses in the financial services, amounting to several billion dollars each year, due to cyber attacks. Each of these examples, Clarke told the audience, pointed to good reasons why the aviation industry, which is fairly insulated from cyberattacks now, must continue to be vigilant and work at continuing to evolve the industry’s defenses. Clarke reminded the audience that to be effective at cybersecurity, you first have to be honest that a problem exists, and then move quickly to solve it.

Toward that end, solving the problem, Clarke gave the audience his “Ten Commandments of Cyber Security” which are:

  1. Do not be in denial. Do not think the risk is not significant. Do not trust that you are “OK”
  2. Don’t underestimate the extent of the problem.
  3. Do not fight the government, they can help you!
  4. It is not a CEO problem, it is a whole company problem.
  5. Organize. Set up teams who can work and doe this, do R&D, share information.
  6. Think holistically, don’t think about your part – think as a whole.
  7. Don’t attempt to defend the whole network, it is too late to build moats when the enemy is already in the castle.
  8. Discover what your company’s real Crown Jewels are, and guard them.
  9. Think: “What is the worst case?” “What would it look like?”
  10. Have an industry strategy.

Clarke closed his remarks by noting that while at the current time existing security protocols in the aviation sector would not allow a hacker to bring down an airliner simply by computer invasion, as society becomes more reliant on aircraft, especially Unmanned Aerial Vehicles (UAVs), the risks will grow, meaning that the risk of attack is a growing specter which the industry must be united in to defeat.