Proposed agency will focus more attention on cybersecurity
Richard Clarke, special adviser to the president on cyberspace security, said Monday that the proposed new Homeland Security Department would increase the government's focus on cybersecurity.
Clarke said that the new Cabinet-level department would house the FBI's National Infrastructure Protection Center, the Commerce Department's Critical Infrastructure Assurance Office, the General Services Administration's FedCIRC and the Defense Department's National Communications System, hence increasing the cooperation among the agencies.
"It will concentrate our focus and result in better cooperation," Clarke said at George Mason University's Networked Economy Summit.
He did not comment on whether the Office of Cyberspace Security, currently located within White House offices, would be moved to the Homeland Security Department.
Clarke also noted that the government continues to work on a strategy for protecting the nation's critical infrastructure but said the date for public release has slipped to late summer or mid-September. Originally, the plan was to be released in mid-summer, around the same time as the release of White House Homeland Security Director Tom Ridge's security plan. Ridge released a part of that plan last week when President Bush announced the plan for the new department.
The critical infrastructure plan will include input from the private sector, including the academic community. Clarke said he met last week in Seattle with 35 university officials and 150 faculty members to discuss their role in protecting critical infrastructure.
The meeting also included discussion of the president's cyber corps program, which provides scholarships for students to study cybersecurity. Clarke said the 35 universities have agreed to provide cybersecurity programs, and the 150 faculty members attending the Seattle meeting endured "boot camp" training in how to teach cybersecurity.
Clarke also outlined other actions the government is taking to boost cybersecurity. Because 85 percent to 95 percent of the Internet is operated by the private sector, Clarke's staff has been meeting with boards of corporations, insurance companies and auditors to underscore the importance of cybersecurity. In addition, his staff has been meeting with information technology customers to educate them on vulnerabilities in computer software and hardware.
"We are asking these customers if they know about the security flaws and asking them why they put up with that from the IT vendors," Clarke said.
He also said his staff is working on whether a non-government entity could become an authority to certify security products so companies would have better information on whether their products properly protect their systems. "The biggest role the government can play is be a nudge" in getting the private sector to focus on security, he said.
In addition, to improve government security, Clarke said the president has asked for $5 billion in IT security products for government agencies in fiscal 2003, and "it looks good" for Congress to pass legislation that would authorize the spending.