http://www.washtech.com/news/regulation/13532-1.html
New Cyberspace Czar Pushes for Tighter Online Security By Ariana Eunjung Cha, Washington Post Staff Writer Sunday, November 4, 2001 Back in the early 1990s, when crashing planes and anthrax in the mail were the stuff of movies or at least far-away places, Richard Clarke was already warning of terrorism on U.S. soil. Attacks on our skyscrapers. Biological warfare in Washington and New York. All sorts of havoc worked up by none other than Osama bin Laden and his associates. Clarke, a career public servant who until recently was a senior advisor to the National Security Council, has had the ear of the current and past two presidents. But some others in government and industry had dismissed him as overly cautious and a little paranoid. Then much of what he said came true. And now everyone wants to know what's on his mind. These days Clarke spends his time worrying about America's computer systems, about what he calls a "digital Pearl Harbor." He believes that as the nation with the most advanced communications networks, the United States also is the most vulnerable to imminent attack. By taking out certain data networks, he said, another country, terrorists or other hackers could disrupt everything from telecommunications and the power grid to hospitals and banking. "There are a countless number of bad scenarios," Clarke said in an interview. A once-obscure bureaucrat, Clarke was thrust into the spotlight earlier this month after President Bush named him the nation's new cyberspace security czar, reporting both to the director of homeland security, Tom Ridge, and national security adviser Condoleezza Rice. Clarke's great challenge is that more than 90 percent of the country's critical infrastructure systems are owned and managed by private companies. He cannot force them to boost their security. He will have to coax them. To be successful, many say Clarke will have to be part intelligence operative, part economist, part salesman. Clarke, though, is not known for his diplomacy. Former colleagues describe him as effective but abrasive. And with a budget that's still being negotiated and a staff that consists, as he put it, of "mostly me" and 15 to 20 people who are on loan from various agencies, some wonder whether he'll run into the same bureaucratic barriers he did in the past. "For years he was being as aggressive as the rest of government would permit, but it was hard to make people pay attention," said Jonathan Winer, a former State Department official who is now a lawyer at Alston & Bird LLP. "The question is, will he get people to pay attention now?" Clarke, the son of a chocolate-factory worker, was educated at the Boston Latin School, the University of Pennsylvania and the Massachusetts Institute of Technology. He has spent his entire career in the military-national security field and was assistant secretary of state under the elder George Bush. Then he became the nation's first counterterrorism chief in the executive branch under President Bill Clinton. The year was 1998 and it was the middle of the dot-com boom, when most high-tech executives seemed to be interested only in the stock market and the newest new thing. Clarke found it challenging to get appointments with top executives, and many workers seemed oblivious to what they believed were largely hypothetical threats. They preferred to devote much of their energy to erecting computer systems that emphasized speed rather than security. Former national security adviser Samuel R. "Sandy" Berger, his boss during those years, remembers how Clarke would return from his talks with various industry groups frustrated by their lack of interest. "It was like he was talking a foreign language," Berger said. Still, Clarke persevered. He drafted a 159-page "National Plan for Information Systems Protection" that he handed out to government agencies and private companies. He urged Congress to increase its budget for counterterrorism; it has grown to $12 billion in 2001 from about $7.2 billion in 1998, according to the Office of Management and Budget. Many of his achievements are things that didn't happen. On the eve of Jan. 1, 2000, while the world was out partying, Clarke was decked out in a tuxedo at a top-secret government communications vault monitoring intelligence reports for signs of bin Laden and his associates. Based on interviews and intercepted communications in the months before, the government had reason to believe that the terrorists planned a series of attacks aimed at killing dozens or even hundreds that night. The night passed without incident. Former national security adviser Anthony Lake said in an interview that Clarke's obsessive focus on his mission and impatience for office politics is at the same time his greatest strength and weakness. "Yes, he may occasionally ruffle feathers, but I think there are a lot of feathers that need ruffling right now," said Lake, now a professor of diplomacy at Georgetown University. In his 2000 book, "Six Nightmares: Real Threats in a Dangerous World and How America Can Meet Them," about threats to America's safety, Lake calls Clarke one of the smartest and most effective civil servants he has ever known. Lake describes him this way: "a bulldog of a bureaucrat, notorious among his colleagues for utter devotion to those he works for, fierce loyalty and support toward those who work for him, and a bluntness toward those at his level that has not earned him universal affection." In his new role, Clarke, who works out of a spacious third-floor suite in the Eisenhower Executive Office Building next to the White House, juggles what amounts to two jobs. He is special adviser to the president on cybersecurity issues, and he is chairman of a yet-to-be-appointed government-industry board on critical infrastructure systems. After being named special adviser at the beginning of this month, Clarke took a series of quick actions. He urged telephone companies to give rescue personnel priority when making wireless calls during emergencies. He also called for the creation of a separate and more secure Internet for government systems. Since then, he's been working to strengthen the government's ties with industry to make those and other efforts a reality. For his trip last week to the technology industry's command centers, Clarke came loaded with technical questions about the security of VeriSign Inc.'s Internet address servers, Yahoo Inc.'s e-mail systems and Juniper Networks Inc.'s routers. "Sept. 11 has been a wake-up call to an economy that's been a little lazy and complacent about security in the past," said Michael Aisenberg, director of technology policy for VeriSign, of Mountain View, Calif. The trickiest part of his job may be that the enemy could be anyone. Even a "single 14-year-old can do damage," Clarke said. "Computers are a poor man's weapon." In the worst-case scenario, doing something as simple as manipulating the online sales systems of a Defense Department vendor could create chaos. "The military could think they ordered ammunition, but when they opened up the crates they might find sneakers," Clarke said. With the threat of all sorts of unconventional forms of warfare looming in the wake of U.S. bombings in Afghanistan, people from all sorts of industries have been speculating about which systems could be vulnerable. Many have agreed that while our online retail and e-mail systems might be disrupted by an online attack, it is unlikely any attack would have catastrophic consequences on other things. Clarke is not so optimistic: "Essentially everything we depend on is part of one information network. Very few systems are completely off the grid." He worries most about a domino effect, a chain reaction that could result in our information ecosystem collapsing due to what might first seem a minor hit. He calls these critical junctures "interconnected points of vulnerability." Take the camp fire in New Mexico last summer. The flames hit a gas pipeline which exploded, meaning that Southern California power plants had to shut down because they didn't have enough natural gas flowing in. The situation helped contribute to a shortage of electricity on the West Coast grid, which caused some chip plants in Silicon Valley to be shut down temporarily. Clarke is pushing for legislation that would create a research center to study how destroying one bridge or one satellite might affect other seemingly unrelated things, such as an oil pipeline or the Internet. Some describe the task as akin to mapping the weather, imprecise at best and useless at worst. But Clarke's not one to be intimidated by complex problems. After all, he's already managed to predict scenarios that others missed. He takes no pleasure in knowing he was right. When asked how he felt about having predicted some of the terror that's taken place lately, Clarke simply frowned. "Not good," he said. "Not good." Back to Washtech.com Home © 2001 The Washington Post Company Techway Events: Techfast Live | Fast 50 Company Postings: Press Releases | IT Almanac About Washtech | Advertising | Contact Washtech | Privacy My Profile | Reprints | Subscribe to print edition -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]