Clarke: Much Work Ahead Before Infrastructure Is Secure

The public and private sectors have much work to do if the national digital infrastructure is to become secure, national cybersecurity czar Richard Clarke said Tuesday during his keynote address at the RSA Conference in San Jose, Calif. As part of that effort, Clarke stressed the need to improve information sharing between the private and public sectors. He also applauded companies such as Microsoft, Oracle, and Cisco Systems for emphasizing the development of more secure products.

Clarke said government recently received a wake-up call when a judge ordered an agency offline because of security problems. U.S. District Judge Royce C. Lamberth's court order requiring the Department of the Interior to disconnect its systems from the Internet until it could resolve rampant security problems concerning access to individual Indian data or assets "sent a shockwave through government," Clarke said.

But Clarke applauded the Bush administration for requesting an 8.1% security spending increase over fiscal year 2002, bringing the total for fiscal 2003 to about $4 billion. In contrast, Clarke was quick to lambaste the private sector for spending 0.0025% on information security. "That's less than most companies spend on coffee," he said. "If you spend as much on information security as you do on coffee, you will be hacked. And you deserved to be hacked."

Clarke also called for an increased emphasis on training information security professionals and a change in the Freedom of Information Act to ensure that information about security breaches that companies share with the federal government would remain private. And he chastised broadband carriers for selling consumers digital subscriber line or cable modems and "never telling them they need a personal firewall."