, SecurityFocus 2001-11-08
Cyber security advisor Richard Clarke says loss from hack attacks and viruses is chump change, compared to tomorrow's sophisticated network assaultsPALO ALTO, Calif.--In his first public appearance in his new post, President Bush's special advisor for cyber security urged business leaders to base their information security spending on the threat posed by ultra-sophisticated computer attackers that may emerge in the future, rather than the current "nuisance" created by hackers and virus writers.
Speaking at a dinner function hosted by Microsoft as part of its Trusted Security Forum, Richard Clarke argued that a purely economic analysis of computer security isn't enough to justify the kind of effort needed to prevent future cyber calamity at the hands of U.S. enemies.
"If I'm going to persuade you, if I'm going to persuade this country, to spend more money on IT security, and not just spend more money but spend more time and intellectual effort on IT security, I'm not going to be able to do that if the only thing that I have to show ... are the few billion dollars that [attackers] cost us as an economy due to viruses and denial of service attacks," said Clarke.
"Instead... ask yourself what could occur because of the vulnerability that we have," Clarke said. Indicating computer security researchers in the audience, Clarke asked, "What could this group do if they were malevolent, using the vulnerabilities that they know about? Could they create catastrophic damage that would cost our society and our economy a lot more than the annual cost of hacking? You know the answer. Yes, they could.
"We haven't patched the holes, literally or figuratively. We haven't put the patches on. We still have a system that is fragile, that is vulnerable to sophisticated attacks. Not to 14-year-olds, but to a sophisticated group, or nation state, with multiple simultaneous attacks."
"It could lead to catastrophic damage to the economy, and, if done at a time of national security crisis, it could lead to catastrophic damage to our national defense," said Clarke.
Casting himself as something of a Cassandra, Clarke said that he issued identical warnings about U.S. exposure to physical terrorism prior to September 11, but those warnings met with skepticism. "What I tried to argue was that instead of looking merely at what terrorist acts had already occurred, we should instead ask ourselves, 'what are the vulnerabilities that we have, and how might a terrorist use them?,'" said Clarke.
But in his prior position as the President's infrastructure protection and counterterrorism advisor, Clarke was known less for predicting terrorist attacks, than his frequent
The position of 'special advisor for cyber security' was created last month, when President Bush opened the Office of Homeland Security in response to the September 11 terrorist attacks. In his new post, Clarke reports to director of homeland security Thomas Ridge, and national security advisor Condoleezza Rice.
Clarke said Wednesday that he requested the new cyber security post, and was "honored" to receive it.