[ISN] Gen. Clark wants more proactive government role in cybersecurity

From: InfoSec News (isnat_private)
Date: Wed Jul 02 2003 - 02:46:54 PDT

  • Next message: InfoSec News: "[ISN] Microsoft patches another Passport hole"

    http://www.computerworld.com/securitytopics/security/story/0,10801,82646,00.html
    
    By DAN VERTON 
    JUNE 30, 2003
    Computerworld 
    
    PHILADELPHIA - Retired supreme allied commander Gen. Wesley K. Clark
    said today that the insurance industry and tougher government
    enforcement of security standards are keys to improved cybersecurity
    and critical-infrastructure protection.
    
    Clark, who hasn't made a final decision about a presidential bid in
    2004, told hundreds of government and private-sector representatives
    here that a better balance between market incentives and government
    regulation is urgently needed, particularly in the areas of
    cybersecurity and critical-infrastructure protection.
    
    "We've got to have standards in this country" that must be
    communicated to the private sector and enforced if the homeland
    security effort is to succeed, Clark said.
    
    Clark's comments, made during the second annual Government Symposium
    on Information Sharing and Homeland Security, come one week after
    Microsoft Corp. Chairman Bill Gates and other industry officials
    publicly threw their support behind greater use of government testing,
    evaluation and certification of commercial software.
    
    In an interview after his keynote speech, Clark acknowledged what
    critics have long said about the Bush administration's National
    Strategy to Secure Cyberspace: that it lacks teeth and requires little
    or no action by the private sector, which owns and operates more than
    85% of the nation's critical infrastructure.
    
    "What you need is an arrangement with federal risk-sharing and
    counterterrorism insurance," said Clark. "To make the standards work
    in the private sector, you start with insurance and with the federal
    government underwriting risks. [However], there may be areas where you
    can't do that and you simply have to mandate it and say that in order
    to be licensed as a business, you must meet certain standards."
    
    Clark retired from military service in 2000 as one of the most highly
    decorated U.S. Army officers since Dwight D. Eisenhower. He now heads
    his own consulting business and sits on the boards of directors of
    several companies. Various private groups during the past few months
    have led a campaign to persuade the former NATO commander to run for
    the U.S. presidency in 2004. Although Clark maintains that he isn't a
    politician, he hasn't ruled out a presidential bid.
    
    According to Clark, the government must do more to push the private
    sector toward better cybersecurity. "Here's where you have a
    private-market flaw. In my experience, very little has been done in
    business in terms of cybersecurity." He said there is little or no
    incentive for the private sector to move away from the current
    security model, which is centered on not reporting security incidents.
    
    The government also faces challenges when it comes to
    information-sharing, he said. "There are enormous barriers between
    databases," said Clark. "Some are physical barriers, some are
    procedural barriers, and some are institutional and policy barriers.  
    We don't need a single ... room-size data storage model. With the
    correct use of information technology, we can create virtual databases
    that will enable the Department of Homeland Security to become a real
    department instead of negotiating with its constituent parts."
    
    Rep. Curt Weldon (R-Pa.) agreed and said that so far the biggest
    success at the U.S. Department of Homeland Security (DHS) has been the
    massive integration effort led by DHS CIO Steve Cooper.
    
    "We've had a number of real threats [of attack] that we've stopped,"  
    said Weldon, referring to classified intelligence briefings given to
    members of Congress. Stopping short of providing any details on the
    threatened attacks, Weldon credited improvements in IT
    interoperability and information sharing made since the formation of
    the DHS in November.
    
    "Winning the war on terrorism is all about information," said Clark.  
    But trying to integrate hundreds of databases isn't a problem that's
    unique to the federal government, he said. Every major company in the
    U.S. has, at one time or another, wrestled with the same challenge,
    Clark said.
    
    Tim Sample, a former senior staff member of the House Permanent Select
    Committee on Intelligence, agreed. "The technology is not the holdup,"  
    said Sample. "Technology is not the issue. Bureaucracy is the issue."
    
    Sample said he fears that not enough attention and emphasis is being
    placed on the Information Analysis and Infrastructure Protection
    Division of the new department.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Jul 02 2003 - 05:11:22 PDT