Clarke: U.S. Cybersecurity Efforts Lacking

"The government, having published a good National Strategy to Secure Cyberspace, has been extremely slow off the mark to implement it," Clarke said Tuesday in a press conference at the Vanguard Enterprise Security Expo in Orlando, Fla.

"Because of the reorganization of the federal government through the Department of Homeland Security, the federal government is in less good shape today to deal with IT security in the private sector than it was a year ago," he said.

Clarke, now chairman of Good Harbor Consulting, an Arlington, Va.-based IT security consulting firm, headed up the creation of the nation's cybersecurity strategy, which was finalized earlier this year. He stepped down from his federal post shortly afterward.

Clarke joined several other IT security executives at the press conference to announce an alliance of technology companies--including several solution providers--to secure the nation's critical infrastructure of power, oil, transportation, banking and other systems.

The coalition includes Acts Automation, Core Consulting, Cornerstone Systems, Mainline Information Systems, MSI Systems Integrators and Protegrity.

Because the federal government has failed to implement the public-private partnership called for by the national cybersecurity strategy, private companies need to join together to "work on security problems without help from the government," Clarke said.

"We need to come together by making a patchwork quilt, stitch [the pieces] together loosely to deliver what organizations that make up the critical infrastructure need in order to protect this nation, to protect the quality of life for people in this country," said Ronn Bailey, CEO of Vanguard Integrity Professionals, a Las Vegas-based provider of enterprise security software.

Clarke said the threat to the nation's critical infrastructure is significant. The number of software vulnerabilities is "at an all-time high," while the time between the discovery of vulnerability and the creation of exploit code is shortening, he said.

"We have to have a new paradigm, a new system of IT defense that isn't just a series of little niches of firewalls, antivirus devices and intrusion-detection systems that go off all the time. . . . We need a holistic security system that recognizes that you can't have perimeters anymore. You need to allow controls in a network based on one integrated seamless system," he said.

The reorganization of five federal cybersecurity functions into the Department of Homeland Security has made things worse in the short term, Clarke said. Since many people in the original organizations opted not to move over to the new department, there are fewer people working on cybersecurity in the federal government now. Also, his former high-level White House position has been replaced by someone five levels down, he said.

"We are vulnerable to a cyberattack of the 9/11 category or greater, and that could happen at any moment," said Vanguard's Bailey.

Clarke said a major attack on the networks running the nation's financial services or transportation systems could have a prolonged impact. He also said that Al Qaeda is well-versed in technology.

"It is a huge mistake to think Al Qaeda isn't technologically sophisticated," he said, adding that criminal organizations and others also pose a threat with advanced computer expertise.

"We should never underestimate the potential of future enemies to attack us," Clarke said. "Unfortunately, if we wait again until after it happens, we will suffer again."