[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Zwischenbericht: Richard Clarkes Arbeit als Cyber-Sicherheits-Zar für Bush
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Die beste Nachricht dürfte sein, dass die verschiedenen
Cyber-Sicherheits-Einrichtungen der US-Regierung (NIPC, CIAO, etc.) nun
unter einem Dach sitzen werden, in dem ehemaligen Gebäude der
Y2K-Initiative in Downtown Washington.
RB
http://www.washingtonpost.com/wp-dyn/articles/A42165-2002Feb7.html
Cybersecurity a Top Priority
White House Adviser Presses Computer Industry to Do More
By Ariana Eunjung Cha
Washington Post Staff Writer
Friday, February 8, 2002; Page E01
The unusual announcements from three of the technology industry's most
powerful men came just weeks apart.
Microsoft Corp. Chairman Bill Gates declared that making his company's
software less vulnerable to security breaches would take precedence over
adding new features. Oracle Corp.'s Larry Ellison pledged to make his
company's database programs "unbreakable." Cisco Systems Inc.'s John
Chambers told clients at a private conference that he no longer regarded
security enhancements on equipment that directs traffic across the
Internet as extras but as necessities.
The timing of the announcements was no coincidence.
Directly or indirectly, the statements were influenced by an aggressive
public awareness campaign orchestrated by Richard A. Clarke, who in
October took on the new job of White House cyberspace security adviser.
In private meetings with chief executives and in speeches at
conferences, Clarke has pushed companies to commit themselves to
protecting the online world from attacks by terrorists and other
nefarious parties.
"There is . . . a growing consensus in government and industry that we
can no longer continue praising the emperor's new clothes," Clarke said
in an interview this week. "There is a willingness to admit that there
are vulnerabilities and it is not inconceivable that they will be used
against us in a way that could be very damaging to the economy."
Clarke's push is part of a government-wide effort to improve
cybersecurity and to better coordinate the efforts of bureaucracies and
corporations.
Just yesterday, the House passed a bill that would allocate $880 million
over five years to computer-security research. And a coalition of
companies in partnership with the federal government announced a
National Cybersecurity Campaign to teach home and small-business
computer users how to safeguard their machines.
Over the past few months Clarke has drawn up his own ambitious agenda,
which includes:
? Creating an Underwriters Laboratory-type place to test software
security.
? Establishing a priority cell-phone system for law enforcement and
medical personnel.
? Creating a "reverse 911," or multimedia emergency broadcasting
service, to send alerts to people in specific areas on land lines, cell
phones or computers.
? Establishing ties with cybersecurity experts in other countries to
coordinate investigations.
? Setting up a government-run Internet called GovNet.
Clarke successfully lobbied for an increase from $2.7 billion in fiscal
year 2002 to $4 billion in 2003 for government-computer security.
His office has created task forces of major Internet service providers,
router manufacturers and security experts in and out of government to
develop a plan to protect the basic infrastructure of the Internet.
Their proposals are due in April.
Clarke is still assembling a staff. He has filled only half of the 16
jobs.
The staff so far is a mix of national security officials, businessmen
and technical geeks. Howard Schmidt, the former head of computer
security for Microsoft, started in late January as Clarke's deputy.
Roger Cressey, a career public servant who has worked on anti-terrorism
efforts in Israel, Somalia and the Balkans, is the chief of staff.
Also in the office are Paul Kurtz, a longtime National Security Council
staffer specializing in international relations; Steve Poizner, a former
Silicon Valley entrepreneur; and Marcus Sachs, a retired army officer
who is better known for being part an elite group of hackers that helped
the government neutralize the "Code Red" and "Nimda" worms.
Clarke is emphasizing that government agencies and other interests talk
and share information.
"I see that office as having its greatest effect by bringing together
resources that already exist and making them go in the same direction,"
said Allen Paller, director of research for the SANS Institute, a
computer-security think tank in Bethesda.
The various government agencies in charge of cybersecurity will come
together under one roof this month at the old Y2K initiative
headquarters at 18th and G Street. The
Commerce Department's Critical Infrastructure Assurance Office and the
FBI's National Infrastructure Protection Center outreach operations --
two groups known for past turf battles -- will join Clarke's staff.
There has already been some awkwardness. While Tom Ridge's Office of
Homeland Security has taken the lead in issuing alerts about physical
threats, it has always been the FBI's job to let the public know about
viruses, worms, hacks and other things that threaten the online world.
And the mission of Clarke's office overlaps greatly with the Commerce
Department's critical infrastructure unit.
The groups have temporarily resolved the issues by making sure that
Clarke's office is informed when the FBI issues alerts and by appointing
John Tritak, director of the Commerce Department unit, as a high-ranking
member of the critical infrastructure protection board that Clarke
oversees.
Clarke spent much of his first 100 days in office making the rounds of
technology companies. Many corporate executives expected feel-good pep
talks about how government and industry could work hand-in-hand to
prevent cyber attacks.
Instead, Clarke and his staff brought binders full of research papers
raising questions about security vulnerabilities. They were not above
coaxing or bullying the business officials with threats of regulation
and appeals to patriotism.
"No vendor wants to appear like they are not being patriotic or
responsive to real concerns about security breaches or flaws now and I
think Mr. Clarke is very effective at using that to push them to make
changes," said Catherine A. Allen, the chief executive of the technology
group for the Financial Services Roundtable, which represents the chief
executives of some of the nation's largest companies.
Microsoft spokesman Jim Dessler said while the company chose on its own
to redirect its software development efforts, "it came in the backdrop
of an increased emphasis in security that has been put forward by those
in government such as Clarke."
Mary Ann Davidson, chief security officer at Oracle, said that since
Sept. 11 federal officials have made many people realize that perhaps
"the most frightening type of attack is one that's launched in
cyberspace to bring down our critical infrastructures."
"To get these companies to put their money where their mouths have been
for years, that is a major victory for his office," said Gilman Louie,
who heads In-Q-Tel, the high-tech venture fund financed by the Central
Intelligence Agency.
But even as they praise his aggressiveness, some question Clarke's
priorities.
His proposal to create GovNet has been criticized by many experts as
impractical and costly. His partnership approach to get industry to do
things voluntarily has clashed with the opinions of groups such as the
National Academy of Sciences, which recently put out a report that said
new liability laws are the answer.
Eugene Spafford, director of Purdue University's Center for Education
and Research in Information Assurance and Security, said Clarke should
spend more of his energy on getting federal computer systems up to par.
"They are starting in the wrong place," Spafford said. "If I were out in
industry I would find it unpersuasive to be told that I have to spend a
lot of money on new security without some indication that government has
done it first."
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.