Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] Interview mit Richard Clarke



Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Clarke ist seit kurzem Cyber-Sicherheits-Koordinator der US-Regierung.
Er hat bereits unter Clinton die Terrorismus-Abwehr koordiniert. Clinton
wiederum hatte ihn schon von Bush sen. "geerbt", daher sagen manche in
Washington "Das ist der neue J. Edgar Hoover - den werden wir nicht
wieder los". ;-)
RB


http://www.siliconvalley.com/docs/news/svfront/clrkqa110301.htm

San Jose Mercury News 
Friday, Nov. 2, 2001 

President Bush last month named Richard Clarke to the newly created
post of cyberspace-security adviser to the president. Clarke will
report to both the Office of Homeland Security and national security
adviser Condoleezza Rice.

Clarke, who served as a White House counterterrorism adviser in two
previous administrations, also will head a new federal cyber-security
group, the Critical Infrastructure Protection Board, composed of
members from 28 federal agencies.

Clarke, currently in Silicon Valley to confer with tech industry
leaders, met with the Mercury News on Thursday to discuss
cyber-security threats and responses. This is an edited transcript of
his remarks.  

Why are you here in the valley this week?

I'm trying to meet with everyone from the big multinationals to some
of the niche security companies and at least one little start-up, plus
academics at Berkeley and Stanford. I'm telling them how the
government's cyber-security structure is organized and asking them
what they've seen and where they think we're going. I'm also inviting
them to join us in drafting a national strategy to secure cyberspace.
It's what can they do for us and what can we do for them.

What was the state of awareness and preparedness on these issues prior
to Sept. 11? Hasn't the federal government been building some effort
to address strategic vulnerability for some time?

The Clinton administration issued a plan in January of 2000. A
perfectly nice plan, written by the government with some consultation
with the private sector -- but not a lot. Prior to Sept. 11, although
most sectors had some planning, there was also a lack of belief that
this was a real threat. In the past, there was a belief that the kind
of damage that could be done by non-state terrorists against us, or
even nations, was a nuisance.

We've never had a framework before where all activity on this issue is
brought together. We had a myriad of committees and groups that,
frankly, didn't report to anybody. Our goal is a single, unitary
structure to produce a national strategy. That strategy is designed to
be written in concert with the private sector.

What are you telling companies they must do on their own behalf to
meet cyber-terror threats?

It's been a chicken-and-egg problem. Hardware and software vendors
have said that there's no market for security. And then when you talk
to the people doing the buying for the finance industry, for the
electric-power industry, they say, `We know the value of security, but
we can't find anything to buy that has security in it.' There's a lot
of truth on both sides of the argument. Our message is: Sector by
sector, the industries need to get together, establish best practices,
and then work with vendors to get it.

We knew from the Y2K experience that some structure for centralized
threat reporting was really important. Do we have a system where we
can see a virtual attack in real time?

Not a sufficient one. What we have are a network of information
centers for various sectors. The structure is there for individual
companies who are seeing a problem to report it.

What warning systems are in place for the government to efficiently
get the word of a threat out? Do we need the Internet equivalent of
radio's Emergency Broadcast System?

The Internet needs more than it has. What it has now is the National
Communications System, where a telecom carrier can send up a red flag
very quickly. What we haven't done yet is set this up so that if there
is, say, a major denial-of-service attack, we can get information out
quickly to companies.

Up until now, most hackers haven't had much of a political agenda or
state sponsorship. Are we entering an era of hacking warfare supported
by hostile nations?

We're aware of a number of countries who are creating offensive
information warfare units. And I can't prove it, but I suspect a lot
of the activity we see on our networks today is reconnaissance by
those units.

Many tech companies are extremely reticent to report or acknowledge
security breaches on their networks for fear of calling attention to
weaknesses or making themselves a more prominent target. If the CIA or
the NSA or any other government agency has already been compromised,
would the government acknowledge it?

To the extent that we do know what's happening, we are required to
disclose and discuss it. There's no knowledge of a breach that we have
that you don't have. But the problem is, how do you know there's been
a breach? If they're really good, you will not know. You almost have
to assume it's happened, even though you can't prove it.

How far along are you with the plans for Govnet, a closed, secure
federal network to parallel the Internet.

Govnet is a concept right now. We've issued a request for information.
The concept is a series of intranets for federal departments so that
people in a particular department could talk securely to other people
in that department. The agencies would be walled off from each other.

What did we learn about the vulnerability of information
infrastructure immediately after Sept. 11?

Well, the telephone networks didn't do very well right after Sept. 11.
Cellular phones all overloaded rapidly and there was no way for
emergency personnel who needed cellular phones to get access. The
Internet worked fine. What we're trying to do now is create a national
system for emergency priority use on cell phones.

---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.