White House crafting cybersecurity plan
White House cybersecurity adviser Richard Clarke said Tuesday that the Bush administration continues to work on a new national plan for cybersecurity, and is planning to make it more "dynamic" with the input of high-tech CEOs.
He said the Bush administration plan would be updated continuously to reflect the advent of new technologies.
"President Bush said we need a national strategy and to make sure it was written by all the stakeholders," Clarke said in a luncheon address to a U.S. Chamber of Commerce conference on cybersecurity. "It will change as the threats change and as the technology changes. It can't be updated just once a year."
Clarke said Bush issued the directive in May this year at a Cabinet briefing on cybersecurity and had planned a formal introduction on Oct. 1, even before the Sept. 11 terrorist attacks on the United States.
Clarke said the Cabinet also agreed in May that one person within the White House should be dedicated to cybersecurity, and Bush wanted industry sector CEOs involved in building the plans. The Cabinet then agreed there should be a critical infrastructure board to oversee government computer security, as well as a national infrastructure council that would be made up of private-sector CEOs.
Clarke said he will be part of fiscal year 2003 budget planning to ensure that government agencies have the money they need to implement computer security measures. Clarke said there is a "myth" among critics that because he does not have budget authority, he will not be able to achieve his cyber-security goals.
Clarke said he agreed with a congressional report card released Friday that gave the federal government a failing grade for computer security. He disagreed, however, with an assessment that the Defense Department deserved an F. He said the No. 1 way for government agencies to bolster their security is to comply with existing regulations requiring the agencies to secure their computer networks.
"There is only one thing we need to do, and that is enforce the law. We have good regulations, and they are being ignored," Clarke said when asked the top four actions government agencies could do to improve their security.