President’s Cyber Security Czar Warns of Threats


Clarke urges high-tech industry, government cooperation


The government and the private sector must collaborate to protect the nation's IT infrastructure, President Bush's cyber security chief said Tuesday at the RSA Conference 2002 here.

In an opening keynote address, White House Cyber Security Czar Richard Clarke said the Sept. 11 terrorist attacks in New York and Washington have made it clear that the United States is a target. "Because we stand for freedom, we have enemies," he said. "We must not underestimate our enemies. Our enemies will use our technology against us."

Potential hackers will search for fractures in the U.S. IT infrastructure, Clarke said, noting that the Internet wasn't designed with the idea that it could be attacked. "The government alone cannot defend us. The private sector alone can't defend us. Only by working together can we defend against these threats," he said.

The high-tech industry, Clarke said, must admit that the Internet is vulnerable and spend the money to secure it--or else it will suffer the same fate as the airline industry, which was used as an instrument in the Sept. 11 attacks. "No one has conducted a massive attack on our IT infrastructure. Does that mean it can't happen?" Clarke said. "We have to come together, government and industry. We all have a stake in this."

He urged attendees to participate in cyber security activities with the government, such as a current initiative to develop a strategy for protecting the nation's critical infrastructure, including utility companies.

Clarke outlined some of the federal government's steps to bolster cyber security, including the president's proposed 64 percent increase in spending to secure federal networks. The security chief also gave an update on his proposal to create a separate, air-gapped network from the Internet for federal agencies. Called Govnet, the effort drew 167 proposals from the high-tech sector, and the ideas are being analyzed by a team, he said.

Turning to IT security in general, Clarke said people should demand that security be a "No. 1 design criteria" in products, not an add-on feature. He cited a recent memo by Microsoft Chairman Bill Gates that said the company will make product security a priority. However, the example drew some chuckles from the audience.

"Let's not laugh and be cynical about that pledge," Clarke said, adding that people must hold Gates to his pledge. "We'll stop buying products unless they're secure."

Clarke noted that cyber crime is on the rise, as is the cost of cleaning up the damage from computer viruses and worms.

"We need to invest more money in security," he said. "Security isn't cheap. Only by investing in security will we continue to have freedom."

The RSA Conference continues through Friday.