New Cyberspace Czar Pushes for Tighter Online Security

[R. A. Hettinga]

http://www.washtech.com/news/regulation/13532-1.html

New Cyberspace Czar Pushes for Tighter Online Security
By Ariana Eunjung Cha,
Washington Post Staff Writer
Sunday, November 4, 2001

Back in the early 1990s, when crashing planes and anthrax in the mail were
the stuff of movies or at least far-away places, Richard Clarke was already
warning of terrorism on U.S. soil.

Attacks on our skyscrapers. Biological warfare in Washington and New York.
All sorts of havoc worked up by none other than Osama bin Laden and his
associates.

Clarke, a career public servant who until recently was a senior advisor to
the National Security Council, has had the ear of the current and past two
presidents. But some others in government and industry had dismissed him as
overly cautious and a little paranoid.

Then much of what he said came true. And now everyone wants to know what's
on his mind.

These days Clarke spends his time worrying about America's computer
systems, about what he calls a "digital Pearl Harbor." He believes that as
the nation with the most advanced communications networks, the United
States also is the most vulnerable to imminent attack. By taking out
certain data networks, he said, another country, terrorists or other
hackers could disrupt everything from telecommunications and the power grid
to hospitals and banking.

"There are a countless number of bad scenarios," Clarke said in an interview.

A once-obscure bureaucrat, Clarke was thrust into the spotlight earlier
this month after President Bush named him the nation's new cyberspace
security czar, reporting both to the director of homeland security, Tom
Ridge, and national security adviser Condoleezza Rice.

Clarke's great challenge is that more than 90 percent of the country's
critical infrastructure systems are owned and managed by private companies.
He cannot force them to boost their security. He will have to coax them. To
be successful, many say Clarke will have to be part intelligence operative,
part economist, part salesman.

Clarke, though, is not known for his diplomacy. Former colleagues describe
him as effective but abrasive. And with a budget that's still being
negotiated and a staff that consists, as he put it, of "mostly me" and 15
to 20 people who are on loan from various agencies, some wonder whether
he'll run into the same bureaucratic barriers he did in the past.

"For years he was being as aggressive as the rest of government would
permit, but it was hard to make people pay attention," said Jonathan Winer,
a former State Department official who is now a lawyer at Alston & Bird
LLP. "The question is, will he get people to pay attention now?"

Clarke, the son of a chocolate-factory worker, was educated at the Boston
Latin School, the University of Pennsylvania and the Massachusetts
Institute of Technology. He has spent his entire career in the
military-national security field and was assistant secretary of state under
the elder George Bush. Then he became the nation's first counterterrorism
chief in the executive branch under President Bill Clinton.

The year was 1998 and it was the middle of the dot-com boom, when most
high-tech executives seemed to be interested only in the stock market and
the newest new thing. Clarke found it challenging to get appointments with
top executives, and many workers seemed oblivious to what they believed
were largely hypothetical threats. They preferred to devote much of their
energy to erecting computer systems that emphasized speed rather than
security.

Former national security adviser Samuel R. "Sandy" Berger, his boss during
those years, remembers how Clarke would return from his talks with various
industry groups frustrated by their lack of interest.

"It was like he was talking a foreign language," Berger said.

Still, Clarke persevered.

He drafted a 159-page "National Plan for Information Systems Protection"
that he handed out to government agencies and private companies. He urged
Congress to increase its budget for counterterrorism; it has grown to $12
billion in 2001 from about $7.2 billion in 1998, according to the Office of
Management and Budget.

Many of his achievements are things that didn't happen.

On the eve of Jan. 1, 2000, while the world was out partying, Clarke was
decked out in a tuxedo at a top-secret government communications vault
monitoring intelligence reports for signs of bin Laden and his associates.
Based on interviews and intercepted communications in the months before,
the government had reason to believe that the terrorists planned a series
of attacks aimed at killing dozens or even hundreds that night. The night
passed without incident.

Former national security adviser Anthony Lake said in an interview that
Clarke's obsessive focus on his mission and impatience for office politics
is at the same time his greatest strength and weakness.

"Yes, he may occasionally ruffle feathers, but I think there are a lot of
feathers that need ruffling right now," said Lake, now a professor of
diplomacy at Georgetown University.

In his 2000 book, "Six Nightmares: Real Threats in a Dangerous World and
How America Can Meet Them," about threats to America's safety, Lake calls
Clarke one of the smartest and most effective civil servants he has ever
known. Lake describes him this way: "a bulldog of a bureaucrat, notorious
among his colleagues for utter devotion to those he works for, fierce
loyalty and support toward those who work for him, and a bluntness toward
those at his level that has not earned him universal affection."

In his new role, Clarke, who works out of a spacious third-floor suite in
the Eisenhower Executive Office Building next to the White House, juggles
what amounts to two jobs. He is special adviser to the president on
cybersecurity issues, and he is chairman of a yet-to-be-appointed
government-industry board on critical infrastructure systems.

After being named special adviser at the beginning of this month, Clarke
took a series of quick actions. He urged telephone companies to give rescue
personnel priority when making wireless calls during emergencies. He also
called for the creation of a separate and more secure Internet for
government systems. Since then, he's been working to strengthen the
government's ties with industry to make those and other efforts a reality.

For his trip last week to the technology industry's command centers, Clarke
came loaded with technical questions about the security of VeriSign Inc.'s
Internet address servers, Yahoo Inc.'s e-mail systems and Juniper Networks
Inc.'s routers.

"Sept. 11 has been a wake-up call to an economy that's been a little lazy
and complacent about security in the past," said Michael Aisenberg,
director of technology policy for VeriSign, of Mountain View, Calif.

The trickiest part of his job may be that the enemy could be anyone. Even a
"single 14-year-old can do damage," Clarke said. "Computers are a poor
man's weapon."

In the worst-case scenario, doing something as simple as manipulating the
online sales systems of a Defense Department vendor could create chaos.

"The military could think they ordered ammunition, but when they opened up
the crates they might find sneakers," Clarke said.

With the threat of all sorts of unconventional forms of warfare looming in
the wake of U.S. bombings in Afghanistan, people from all sorts of
industries have been speculating about which systems could be vulnerable.
Many have agreed that while our online retail and e-mail systems might be
disrupted by an online attack, it is unlikely any attack would have
catastrophic consequences on other things.

Clarke is not so optimistic: "Essentially everything we depend on is part
of one information network. Very few systems are completely off the grid."

He worries most about a domino effect, a chain reaction that could result
in our information ecosystem collapsing due to what might first seem a
minor hit. He calls these critical junctures "interconnected points of
vulnerability."

Take the camp fire in New Mexico last summer.

The flames hit a gas pipeline which exploded, meaning that Southern
California power plants had to shut down because they didn't have enough
natural gas flowing in. The situation helped contribute to a shortage of
electricity on the West Coast grid, which caused some chip plants in
Silicon Valley to be shut down temporarily.

Clarke is pushing for legislation that would create a research center to
study how destroying one bridge or one satellite might affect other
seemingly unrelated things, such as an oil pipeline or the Internet. Some
describe the task as akin to mapping the weather, imprecise at best and
useless at worst.

But Clarke's not one to be intimidated by complex problems. After all, he's
already managed to predict scenarios that others missed.

He takes no pleasure in knowing he was right. When asked how he felt about
having predicted some of the terror that's taken place lately, Clarke
simply frowned.

"Not good," he said. "Not good."





Back to Washtech.com Home

© 2001 The Washington Post Company
 Techway Events: Techfast Live | Fast 50
Company Postings: Press Releases | IT Almanac
About Washtech | Advertising | Contact Washtech | Privacy
My Profile | Reprints | Subscribe to print edition





-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com