Tuesday, June 01, 2004

Richard Clarke Talks Cybersecurity and JELL-O

When former White House counterterrorism and cybersecurity czar Richard Clarke testified before the independent commission investigating the 9/11 attacks that the US government could and should have done a better job preventing the attacks, he became a lightning rod for both praise and criticism. In the days following his testimony, Clarke's book Against All Enemies, quickly jumped to the top of the bestseller list.

Clarke retired after the February 2003 release of the US National Strategy to Secure Cyberspace, which signaled the transfer of responsibility for cybersecurity from the White House to the US Department of Homeland Security (DHS), which was still not fully operational at the time. He is now chairman of Good Harbor Consulting, a security consulting firm. He agreed to share his views about what those responsible for bettering network security are doing right—and wrong—with IEEE Security & Privacy shortly after his 9/11 testimony.

" You cannot straight-line the kind of problems we've had in cyberspace and say that's all that's ever going to happen. "

" I do think that in the area of privacy and password protection, the government is not doing its job. "

" Without systems that allow you to have real authentication and identity management, systems that contain files that have information about you—if they're only protected by passwords—aren't protected at all. How often do you find anybody using identity management authentication systems? Not very often. Even if you require an eight-digit password, you can run LOphtcrack and get into anybody's eight-digit password in a matter of minutes. What I say to people—and this stuns them—is that if all you have protecting your information is a password, you might as well publish it in TheNew York Times. "

His Exclusive Interview

No comments: