But saying Clarke was a spy doesn’t do him justice. He was a meta-spy, a master counterespionage, counterterrorism savant, the central node where all the most secret, stolen, security-encrypted bits of information gathered by our trillion-dollar human, electronic and satellite intelligence network eventually converged. Clarke has probably been privy to as much “above top secret”- grade espionage intelligence as anyone at Langley, NSA or the White House. So I was intrigued when he chose to talk to me about the mysteries of Stuxnet.
“The picture you paint in your book,” I said to Clarke, “is of a U.S. totally vulnerable to cyberattack. But there is no defense, really, is there?” There are billions of portals, trapdoors, “exploits,” as the cybersecurity guys call them, ready to be hacked.
“There isn’t today,” he agrees. Worse, he continues, catastrophic consequences may result from using our cyberoffense without having a cyberdefense: blowback, revenge beyond our imaginings.
“The U.S. government is involved in espionage against other governments,” he says flatly. “There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. We don’t hack our way into a Chinese computer company like Huawei and provide the secrets of Huawei technology to their American competitor Cisco. [He believes Microsoft, too, was a victim of a Chinese cyber con game.] We don’t do that.”
“What do we do then?”
“We hack our way into foreign governments and collect the information off their networks. The same kind of information a CIA agent in the old days would try to buy from a spy.”
“So you’re talking about diplomatic stuff?”
“Diplomatic, military stuff but not commercial competitor stuff.”
As Clarke continued, he disclosed a belief we’re engaged in a very different, very dramatic new way of using our cyberoffense capability—the story of the legendary cyberworm, Stuxnet.
Stuxnet is a digital ghost, countless lines of code crafted with such genius that it was able to worm its way into Iran’s nuclear fuel enrichment facility in Natanz, Iran, where gas centrifuges spin like whirling dervishes, separating bomb-grade uranium-235 isotopes from the more plentiful U-238. Stuxnet seized the controls of the machine running the centrifuges and in a delicate, invisible operation, desynchronized the speeds at which the centrifuges spun, causing nearly a thousand of them to seize up, crash and otherwise self-destruct. The Natanz facility was temporarily shut down, and Iran’s attempt to obtain enough U-235 to build a nuclear weapon was delayed by what experts estimate was months or even years.