It will take a sophisticated cyber attack from an adversary like Russia or China to prove how well, or poorly, the U.S. has protected its weapon systems against hackers, former National Security Council (NSC) Cybersecurity Director Richard Clarke told BreakingDefense.com during an American Institute of Aeronautics and Astronautics conference in Washington, where he also called for an international treaty to ban cyber attacks on certain entities.
“Frequently, people don't even know that they have open source code buried in the code that they're just bought from somebody. That makes it very hard to tell whether the code that is running in weapons systems is secure,” Clarke told Breaking Defense. “And the only time I think we're going to find out is when somebody actually proves that they've put a trap door in, put a vulnerability in, by shutting off a weapons system. And they're not going to do that until we're engaged in combat.”
A treaty that places limits on cyber attacks could be a strong tool in curbing terrorism.
“When you think that international norms are all sort of airy fairy things that have no teeth — they can have teeth if we want them to have teeth,” the report quoted Clarke as saying. “With regard to criminal cartels and terrorists, they live in countries, they need sanctuaries. They need countries that will tolerate their activity. And countries that tolerate their activity should be subject to the sanctions and punishment of the international norms.”NATO Secretary General Jens Stoltenberg said a cyberattack on a member state could trigger the defense organization's mutual defense agreement possibly resulting in a joint, conventional response to the attack.