Administration security expert touts benefits of federal CIO

REDMOND, Wash.--Richard Clarke, the Clinton administration's national coordinator for security, counter-terrorism and infrastructure protection, said Friday that a government-wide chief information officer (CIO) confirmed by Senate and accountable to a single congressional oversight committee is an essential element of a comprehensive federal cyber-security plan.

Clarke, speaking at Microsoft's SafeNet conference for security and privacy, also said that an exemption from the Freedom of Information Action was necessary to facilitate the work of the information-sharing and analysis centers (ISAC) that are currently being developed.

Clarke, who was appointed to his agency by President George Bush and retained by Clinton, said that a federal CIO was too important to be held hostage to competing bureaucratic or congressional freedoms.

Detailing the sort of cybersecurity briefing that he would give the President-elect--whether it is George W. Bush or Vice President Al Gore--Clarke said, "what the President will not find is who in charge of all of this."

"We need to create one, a CIO with clout, with the budgetary authority and operational authority to create standards within the government and to enforce them within the government," he said.

He noted that the legislation creating a CIO for each federal agency originally had called for a federal CIO--a move opposed by the Defense Department. "If we need to compromise and say it will have limited authority over DOD and intelligence agencies, fine, let's do that," Clarke said.

He also expressed frustration that 12 of the 13 congressional appropriations subcommittees--including authorizing committees--have some impact on the sprawling field of cyber security. He noted that the amount of money spent in the field is expected to rise to $2 billion in the next fiscal year.

Clarke touted another program that would provide scholarships for students who agree to work for one year in the government. He also lauded the information sharing and analysis centers recently launched by the financial services industry, the telecommunication industry, and the electric power industry.

A fourth--created by the information technology industry, is expected to be finalized shortly. Under the Clinton administration's plan for guarding against cyber attack announced in January, the private sector was slated to play a major role by organizing such centers in their respective industries.