, SecurityFocus 2000-09-13
The President's cyber-security czar gives Congress an 'F', for Failing to Fund.WASHINGTON--A top aid to President Clinton said Wednesday that Congress deserves the blame for the poor state of computer security at Federal agencies.
"For two years in a row now the administration has asked Congress for funding [for computer security], and for two years in a row they've refused," said Richard Clarke, national coordinator for security, infrastructure protection and counter-terrorism on the White House's National Security Council. "What grade do we give them?"
On Monday, a House subcommittee issued a "report card" rating the cyber-security of 24 federal agencies. The panel gave failing grades to more than a quarter of them, and gave the administration an overall rating of 'D-.' Rep. Stephen Horn (R-Calif.), who heads the committee, called the results "extremely dismal."
"I think he's damn right," said Clarke. "I think the government deserves a grade of D-, or less, with the possible exception of the DoD [Department of Defense] and intelligence agencies."
But Clarke issued a report card of his own, charging that Congress has refused to fund White House initiatives to create a federal intrusion detection network, an ROTC-style 'cyber-corps,' and a government cyber-security R&D program. "We'd have to give them an incomplete," said Clarke. "In two or three weeks, the semester's over, and if they still haven't funded it they get an 'F'." Congress adjourns in October.
During his address at the InfowarCon 2000 conference, Clarke also urged the private sector to do more for computer security, and asked technology companies to build security into next generation products. Calling it a matter of "national security," Clarke warned that the U.S. is open to crippling cyberattacks against critical infrastructures like the power grid and telecommunication systems. "There are nation states that have formed information warfare attack units that are mapping our networks," said Clarke.
"The next time there's a crisis, and we're going toe-to-toe with a country... then we may experience infowar attacks here in the United States on a massive scale," Clarke said. "That will hurt companies. That will hurt our economy."
But Clarke also took a moment to counter a widely held opinion that computer-cracking terrorists are a threat to the United States. "I don't know what a cyberterrorist is," Clarke said. "We have not found a terrorist group engaged in computer attacks on the United States. We haven't even found one preparing for computer attacks on the United States."