The world's leading cyberpower is … North Korea. This is the considered opinion of Richard Clarke, former cyberczar and advisor to four presidents. How has he come to this conclusion? Very sensibly, by assessing countries in terms of their offensive and defensive capabilities, along with the degree to which they are dependent on the Net and the Web. North Korea has only modest attacking capabilities -- don't look for the next Stuxnet to come slinking out of Pyongyang -- but its cyberdefenses are formidable, and there is little in that sad land that requires connectivity to cyberspace in order to keep working.
How does the United States fare in Clarke's analysis? Despite fielding the world's best computer worms and viruses, America rates only a fourth-place position -- Russia comes in second and China third. The United States gets dragged down by its pitifully poor defenses, coupled with very high cyberdependence. At the Aspen Security Forum this summer, the head of Cyber Command, Gen. Keith Alexander, went so far as to give a grade of "3" to U.S. defenses on a scale of 1 to 10. He observed that cybersnooping is now so rampant that the theft of intellectual property constituted the "greatest transfer of wealth in history."
Things don't look so good -- and they're not getting better.
The recent defeat of the Senate's Cybersecurity Act of 2012 is just the latest reverse in a nearly 20-year run of repeated failures to master the challenge of protecting the virtual domain. Back in President Bill Clinton's first term, the "clipper chip" concept was all about improving the security of private communications. Americans were to enjoy the routine ability to send strongly encoded messages to each other that criminals and snoops would not be able to hack, making cyberspace a lot safer.
But the government was still to hold a "key" that would let it tap into and monitor said messages, primarily for purposes of law enforcement. The initiative foundered over this too-intrusive capacity. All these years later, the Cybersecurity Act called for a similar (though less encompassing) monitoring capability -- along with the request that commercial firms voluntarily share more information -- and died because of the concerns it rekindled.
These events are just the bookends of a long policymaking trail of tears. In the years after the clipper-chip debacle, commission after commission rose up to study how to improve cybersecurity without unduly violating privacy. Yet, even as the government considered snooping and hacking central concerns, it opposed the very idea of improving individual security by encouraging the use of powerful encryption -- largely because the intelligence and law enforcement communities strongly resisted any initiative that might reduce their ability to conduct cybertaps.
The government's intransigence was only countered in the end by the actions of "code rebels," to use tech journalist Steven Levy's term, who broke the rules -- and, arguably, the law -- by making top-tier encryption available to the people. Thanks to them, average Americans now have access to the same strong encryption capabilities available to their leaders -- as well as to the range of criminals, terrorists, and other rogues who are so utterly reliant on keeping their communications secure.