National Security Council top cyber-official Richard Clarke said Friday that the next president of the United States has to make Internet security a top priority if the country is to avoid potentially catastrophic events.
“What are we prepared to do now to reduce the probability and to mitigatethe damages when a major cyber event does occur? That is the meta-questionthat will face the new President in the area of cyber security,” saidClarke, the National Coordinator for Security, Infrastructure Protection andCounter-terrorism.
Clarke’s comments were made at a Microsoft-sponsored conference of leading cyber privacy experts.
Clarke said that as a country whose national security depends on theprotection of its IT networks, the U.S. is vulnerable to cyber attacks fromwhat he called the “information war units” of other nations.
Because the United States’ IT network infrastructure was designed by multiplearchitects, “those who wish to do us ill in cyberspace can do so easily,”Clarke said.
The new president will find that “most of the federal agencies have poor cyber security and are not properly protecting Privacy Act material residingon their networks and in their databases,” Clarke said.
Clarke called for the creation of a new “Chief Information InfrastructureOfficer,” with the government-wide authority to “create and enforce standardsof computer security for essential government systems.”
Clarke also said government should work together with the technologyindustry to build a secure zone in the cyber infrastructure where, “messagescould travel on fiber and switches exclusively serving authenticatedmessages.”
Private sector involvement in such a security zone would be voluntary,Clarke proposed, and the plan would require an exemption from the Freedom ofInformation Act so that “corporations will share data about their cybersecurity vulnerabilities.”
“In the critical infrastructure part of cyberspace, privacy and security canbe achieved, but only if we end anonymity,” he said.
Clarke also announced that the Clinton administration is creating a newscholarship program, called CyberCorps, to recruit government securityexperts. As part of the program, computer security students would receiveUS$25,000 in scholarship money for each year they agree to sign on with thegovernment.
Last Friday, the government said it has doubled its cybersecurity spending to $2 billion a year.
Other speakers at the security conference addressed theimpact of faltering cyber security on e-commerce.
According to Forrester Research, more than 35 million households made onlinepurchases this year, but about half curtailed their online shopping becauseof privacy concerns. Another 20 million households refrained entirely fromonline shopping for the same reason, resulting in annual estimated lostsales of $12.2 billion.
“Even when we focused on those online for four years or more, over half ofthem still have serious reservations about their privacy on the Web,” saidJohn McCarthy of Forrester Research.