Clarke will need all his conviction and persistence to marshal the government, private businesses, and the IT industry behind a campaign to protect critical systems. Clarke, appointed in October by President Bush to the newly created post of special adviser to the president for cyberspace security, also is chairman of the President's Critical Infrastructure Protection Board. That position makes him the federal official most directly responsible for protecting not just IT systems and electronic networks such as telecommunications infrastructure and the Internet, but all essential utility systems, including energy, water, and transportation. He reports to Homeland Security Director Tom Ridge and National Security Adviser Condoleezza Rice.
Colleagues say Clarke's persistence will help him convince doubters of the pressing need to prepare for cyberattacks. "The thing about Dick is that once he gets the bit in his teeth, he doesn't let go easily," says Bob Kimmitt, executive VP of global and strategic policy at AOL Time Warner. As a National Security Council official, Kimmitt worked with Clarke in the late 1980s and early 1990s.
Clarke's determination and focus can come off as caustic or abrasive at times, yet he can't afford to ruffle too many feathers. How successful he'll be in preparing the country for cyberthreats will depend heavily on his powers of persuasion, since his office has only a half-dozen staffers and no regulatory authority of its own. Clarke must persuade others in government to carry out his office's policy recommendations, while also convincing private-sector companies to step up their own security efforts.
He doesn't think it's proper for the government to dictate exactly how the IT industry should respond to the threat of cyberterrorism. "The government is incapable of writing regulations to create IT security," he says. What it can do is increase awareness of the threat, research new security technologies, and assess how interdependent systems would respond in attack scenarios.
Clarke sees his key challenge as convincing policy makers and businesses that-in light of the Sept. 11 terrorist attacks-they've devoted too little money, time, and attention to cyberthreats. "We need to insist that the next generation of hardware and software systems have security built into their basic architecture," he says. "As long as we're a superpower, there will be people who will come after us."