[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Rickard Clarke: Computerindustrie und ISPs sind schuld an Sicherheitsproblemen
Security czar points finger of blame
By Robert Lemos
Staff Writer, CNET News.com
July 31, 2002, 2:42 PM PT
LAS VEGAS -- Software makers and Internet service providers must share
the blame for the nation's vulnerable networks, President Bush's
special adviser on cyberspace security said Wednesday.
Speaking to a thousand attendees at the annual Black Hat Security
briefings here, Richard Clarke identified five specific groups
responsible for the vulnerability and said that people who can secure
the Internet must step up to the plate.
"There are a lot of people in our country that rely on cyberspace, who
are not taking responsibility for securing their part of cyberspace,"
The speech, which precedes the Bush administration's rollout on Sept.
18 of the national strategy for critical infrastructure protection,
outlined many of the issues that Clarke and others had to consider in
constructing the new strategy.
The major issue, Clarke said, is that companies and organizations that
create the hardware, software and services that makeup the Internet
aren't doing enough to secure their products. In laying the blame for
the vulnerabilities in the Internet, he pointed not only to software
makers and ISPs, but also to those who create and use wireless
networks, to the lack of a group responsible for securing the
Internet, and to the government itself.
While he didn't outline the national strategy's recommendations,
Clarke's list of the five groups shows whom the government is
targeting with the new initiative.
Clarke saved much of his rhetoric to lambaste the software industry.
"The software industry has an obligation to do a better job producing
software that works," he said. "It's no longer acceptable that we can
buy software and run software on sensitive systems that is filled with
Clarke pointed to statistics published by the Computer Emergency
Response Team (CERT) Coordination Center that show that the number of
software vulnerabilities found by researchers has increased every
year. The number of flaws found to date has already surpassed the
total flaws found last year, he said.
He also said that while few firms acknowledged the incidents, nearly
every major financial and banking company was hit hard by the Nimda
virus last September. He cited damage figures of nearly $3 billions
attributed to the virus.
He stressed, however, that the virus got into computers through
vulnerabilities that at the time were known.
"It's not because the vulnerabilities has not been identified (that
Nimda spread), but because the patches had not been applied," he said.
He called on software makers to provide patches that are easy to
install and also have been checked for compatibility with the major
software applications used by most companies.
"That's why Nimda was so successful," he said. "Not because (the
system administrators) didn't have a chance to put the patches on but
because they wanted to test the patches themselves."
ISPs to step up
Internet service providers also have to be more security conscious,
Clarke said. By selling broadband connectivity to home users without
making security a priority, telecommunications companies, cable
providers and ISPs have not only opened the nation's homes to attack,
but also created a host of computers with fast connections that have
hardly any security.
"Millions of houses are getting connected, which means that more and
more are getting vulnerable," he said.
In a measure of how greatly wireless networks are undermining
corporate and home-user security, Clarke put such networks in his top
five of security offenders. Already, he said, the Department of
Defense has ordered the shutdown of all wireless LANs in use within
the department and in the various military forces.
"Companies throughout the country have networks that are wide open
because of wireless LANs," he said.
Clarke also called on the government to drive more secure standards
for the Internet and for the Net's gurus to form an organization
responsible for the network's security.
Clarke likened the situation to Winston Churchill's early warnings of
Germany's air force buildup prior to World War II that prepared Great
Britain for the air war against Germany. He said that today's system
administrators must do the same.
"You all have responsibility to be Winston Churchills, to be out there
in front of anyone who will listen to say we are vulnerable," he told
the attendees. "If a cyberwar comes, and come it will, we will be like
the (Royal Air Force) and win."
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.