Gen. Clark wants more proactive government role in cybersecurity

[InfoSec News <isn () c4i org>]

http://www.computerworld.com/securitytopics/security/story/0,10801,82646,00.html

By DAN VERTON 
JUNE 30, 2003
Computerworld 

PHILADELPHIA - Retired supreme allied commander Gen. Wesley K. Clark
said today that the insurance industry and tougher government
enforcement of security standards are keys to improved cybersecurity
and critical-infrastructure protection.

Clark, who hasn't made a final decision about a presidential bid in
2004, told hundreds of government and private-sector representatives
here that a better balance between market incentives and government
regulation is urgently needed, particularly in the areas of
cybersecurity and critical-infrastructure protection.

"We've got to have standards in this country" that must be
communicated to the private sector and enforced if the homeland
security effort is to succeed, Clark said.

Clark's comments, made during the second annual Government Symposium
on Information Sharing and Homeland Security, come one week after
Microsoft Corp. Chairman Bill Gates and other industry officials
publicly threw their support behind greater use of government testing,
evaluation and certification of commercial software.

In an interview after his keynote speech, Clark acknowledged what
critics have long said about the Bush administration's National
Strategy to Secure Cyberspace: that it lacks teeth and requires little
or no action by the private sector, which owns and operates more than
85% of the nation's critical infrastructure.

"What you need is an arrangement with federal risk-sharing and
counterterrorism insurance," said Clark. "To make the standards work
in the private sector, you start with insurance and with the federal
government underwriting risks. [However], there may be areas where you
can't do that and you simply have to mandate it and say that in order
to be licensed as a business, you must meet certain standards."

Clark retired from military service in 2000 as one of the most highly
decorated U.S. Army officers since Dwight D. Eisenhower. He now heads
his own consulting business and sits on the boards of directors of
several companies. Various private groups during the past few months
have led a campaign to persuade the former NATO commander to run for
the U.S. presidency in 2004. Although Clark maintains that he isn't a
politician, he hasn't ruled out a presidential bid.

According to Clark, the government must do more to push the private
sector toward better cybersecurity. "Here's where you have a
private-market flaw. In my experience, very little has been done in
business in terms of cybersecurity." He said there is little or no
incentive for the private sector to move away from the current
security model, which is centered on not reporting security incidents.

The government also faces challenges when it comes to
information-sharing, he said. "There are enormous barriers between
databases," said Clark. "Some are physical barriers, some are
procedural barriers, and some are institutional and policy barriers.  
We don't need a single ... room-size data storage model. With the
correct use of information technology, we can create virtual databases
that will enable the Department of Homeland Security to become a real
department instead of negotiating with its constituent parts."

Rep. Curt Weldon (R-Pa.) agreed and said that so far the biggest
success at the U.S. Department of Homeland Security (DHS) has been the
massive integration effort led by DHS CIO Steve Cooper.

"We've had a number of real threats [of attack] that we've stopped,"  
said Weldon, referring to classified intelligence briefings given to
members of Congress. Stopping short of providing any details on the
threatened attacks, Weldon credited improvements in IT
interoperability and information sharing made since the formation of
the DHS in November.

"Winning the war on terrorism is all about information," said Clark.  
But trying to integrate hundreds of databases isn't a problem that's
unique to the federal government, he said. Every major company in the
U.S. has, at one time or another, wrestled with the same challenge,
Clark said.

Tim Sample, a former senior staff member of the House Permanent Select
Committee on Intelligence, agreed. "The technology is not the holdup,"  
said Sample. "Technology is not the issue. Bureaucracy is the issue."

Sample said he fears that not enough attention and emphasis is being
placed on the Information Analysis and Infrastructure Protection
Division of the new department.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.