[ISN] Ex-Security Czar Richard Clarke Speaks Out

From: InfoSec News (isnat_private)
Date: Wed May 28 2003 - 00:24:30 PDT

  • Next message: InfoSec News: "[ISN] HIPAA One Step at a Time"

    http://www.eweek.com/article2/0,3959,1108617,00.asp
    
    By Dennis Fisher
    May 26, 2003 
    
    During his 30 years in Washington, Richard Clarke evolved from a State 
    Department staffer into the nation's top counterterrorism official 
    and, at the time of his retirement in March, the special adviser to 
    the president for cybersecurity. Along the way, he developed a 
    reputation for knowing how to get things done and also became one of 
    the more polarizing figures in the inner circles of power inside the 
    Beltway. He worked directly for three presidents in a span of 11 years 
    at the White House and was the driving force behind the development of 
    the National Strategy to Secure Cyberspace. He's now working as a 
    consultant to ABC News and several security vendors. Senior Editor 
    Dennis Fisher sat down with Clarke recently in Boston to talk about 
    the state of security in the government and private sector and the 
    development of the new National Cybersecurity Center. 
    
    
    eWEEK: When you decided to leave the government, was that something 
    that you planned for a while or was there some proximate cause? 
    
    Clarke: No, that was something I had planned for 20 years. I had just 
    reached the 30-year mark. I had completed 30 years of government 
    service. 
    
    
    eWEEK: The whole establishment of the Department of Homeland Security 
    and the way that was all set up, how much of a role did that play in 
    your decision to leave? 
    
    Clarke: What we had decided to do, I had been involved with the 
    president and others in helping to decide to create a department in 
    the beginning before the administration had even announced its support 
    for a department. We decided to take the cyber-security components of 
    five different organizations and put them together in the department. 
    Then, when we did the National Strategy to Secure Cyberspace, we 
    intentionally sort of made two-and-a-half of the five priorities 
    things that the new department would have to implement. So there was a 
    plan in place for almost a year to move a lot of this function to the 
    new department. It was one of the key things that the department would 
    do. 
    
    
    eWEEK: What's your impression so far of how everything's going there 
    and how the consolidation is working? 
    
    Clarke: If you think about private sector mergers, where two or three 
    companies have to be put together, you understand that there is a 
    normal period of adjustment. The Department of Homeland Security is 
    trying to merge 22 organizations at the same time so it's that much 
    more difficult. They're obviously having some growing pains. 
    
    
    eWEEK: Do you expect that to continue? 
    
    Clarke: Yeah, if you look at past federal departments coming into 
    existence by merging federal organizations, you look at the Department 
    of Transportation, the Department of Energy, it frequently took four 
    to six years before the organizations thought of themselves as one 
    department. We hope obviously that it's going to go quicker, but the 
    historical record is it takes a little time. 
    
    
    eWEEK: One of the big complaints I always hear from private sector 
    folks is that they don't know where to go when they find a new 
    vulnerability or have some other problem. Will this help with that? 
    
    Clarke: Some people in the past called the National Infrastructure 
    Protection Center at the FBI, some people called the CERT or the 
    FedCIRC, the federal version. The idea of putting all of these 
    organizations together is to create a National Cybersecurity Center, 
    which I think they probably will announce early next month. That 
    center will be the obvious place to make the call. 
    
    
    eWEEK: That'll be for incident response, new vulnerabilities...
    
    Clarke: Yeah, the center will probably be more than just event 
    response. It'll also be policy development, awareness, public 
    outreach. It should be that thing that we described where the five 
    cyber components come together in one room. The key to making the 
    center work is that the person chosen to head it be sufficiently 
    high-level. They can't be buried in that department. Because the 
    person who's going to head that center has to do the job that in 
    effect I did as the special adviser to the president. So they can't be 
    on the fourth level of the department, and that's something they're 
    still trying to work out. 
    
    
    eWEEK: Do you think that'll be someone internal at the department 
    itself? 
    
    Clarke: No, no. I imagine it will be some nationally recognized expert 
    in cyber-security. 
    
    
    eWEEK: That seems like something that would've been a nice fit for 
    you. Was that not something that interested you? 
    
    Clarke: Ah, no. I had done 30 years of government service, 11 of that 
    with the White House. No one had ever done 11 years continuous service 
    at the White House before. So I had done enough. It's kind of like a 
    sentence of hard labor. 
    
    
    eWEEK: Were you surprised to see Howard Schmidt leave so soon after 
    you left? 
    
    Clarke: No. I think Howard did the right thing. He certainly by 
    leaving sent a message to the administration and the Department of 
    Homeland Security that they needed to move quickly to create the 
    national center and they needed to have a person in charge of that 
    with some real power. So I think his departure caused a lot of 
    attention on the Hill, a lot of attention in the Congress that the 
    national center hadn't been created yet. And one of the reasons the 
    administration is going to announce the creation of the center soon is 
    because of that pressure that Howard's departure engendered. 
    
    
    eWEEK: How vital is it that they really get someone with a strong 
    national reputation? 
    
    Clarke: The center will never become what it should be in terms of the 
    national locus for policy unless there's a nationally recognized and 
    high-level person with high-level access in the administration. 
    Because otherwise people will just consider it another bureaucratic 
    organization. It's very key that they get the right person, very key 
    that person has access to the president, the homeland security 
    adviser, and homeland security secretary. 
    
    
    eWEEK: Looking at the process of putting out the national strategy, is 
    there anything that you think you'd do differently? 
    
    Clarke: Well, not much. I think people got involved all across the 
    country, both in the 10 town meetings that we held and in the about 15 
    groups that contributed by writing their own parallel strategies. The 
    electric group, the banking group, oil and gas—all of the verticals 
    created their own national strategies as part of that process. Often, 
    strategies are just the documents themselves. This was not just the 
    document, but also all of the awareness activity that was created by 
    the process. And that was our goal from the beginning, was to have an 
    unusual process that drew people in and raised awareness. I think it 
    was very successful. The unprecedented idea of then turning out a 
    draft and letting the entire world comment on it also stimulated a lot 
    of involvement and awareness. No one's ever done that before. 
    Typically Congress doesn't even have a shot at it. If you look at the 
    other national strategies for drug control or physical security, 
    national security, military, only the cyber strategy was done in a 
    participatory way with the public involved helping to write it. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed May 28 2003 - 02:42:28 PDT