Former White House advisor urges action on 'cyber sanctuaries'

A former presidential special advisor on cyber security has called on the UK, US and European Union to crack down on "cyber sanctuaries", nation states which allow hackers to carry out attacks from within their borders as long as they are directed outside the country.

Richard Clarke said at the RSA Conference Europe that nations such as Belarus, Russia and Moldova do not offer much help to US or UK law enforcers when they track hacking attacks to within their borders.

"These countries have in effect become cyber sanctuaries where governments allow the hackers to do the attacks as long as they are directed outside the country, and they provide a kickback to the authorities, and that they do a little [hacking] work for the government when that government needs plausible deniability," he said.

Clarke argued that pressure needs to be applied on these countries to co-operate, just as it had been on nations such as the Bahamas that supported money laundering.

"We can do the same for cyber crime. If you don't live up to a set of norms like the European Convention on Cybercrime there will be consequences," he said.

"We could limit traffic in and out of renegade countries, or insist that all traffic coming in and out be filtered and monitored by an international organisation."

Clarke warned that cyber criminals are becoming richer and more sophisticated, even hiring computer scientists to alter hardware and firmware so that it contains backdoors which can be exploited.

The security expert also said that the Stuxnet worm highlighted the existence of cyber warfare capabilities, and that it is time for nation states such as the US and UK to think seriously about cyber defences.

"We need in all countries to stop worrying about cyber war on the offensive and start worrying about cyber war on the defensive," said Clarke.

"We all need public-private plans to defend the systems that matter. We have strategies, but they don't tell you how to defend the country from an active cyber attack."

Clarke even suggested that cyber peace could eventually be achieved, just as nuclear arms control was engineered despite critics on all sides who said it could never be done.

"If you begin with baby steps there are ways we can make agreements which will make us safer, so it's about time we march down that path even if it takes us 15 years," he said.