Clarke presses private sector to protect against cyber attacks

White House cybersecurity adviser Richard Clarke on Thursday said a top administration priority is to convince private companies to invest in computer security. Speaking at panel on cybersecurity hosted by the Forum on Technology and Innovation, Clarke quoted a Forrester Research report that said Fortune 500 companies on average are spending more on coffee than on computer security, leaving most networks at companies vulnerable to attack. "Companies will continue to be raped by 'Nimda' and 'Code Red' viruses," two that caused damage last year, until they invest in network security, Clarke said. The administration is concerned that vulnerable computer networks in the private sector are a threat to national security. Clarke noted that no known terrorists groups have shown an interest in attacking the United States through computer networks, but most hardware and software products are rife with vulnerabilities that leave them open to attack. Bruce Schneier, founder and chief technology office at Counterpane Internet Security, underscored Clarke's message. Schneier said current market pressures are not providing incentives for companies to spend more money on computer security. Still, he thinks companies should be held liable for leaving computer systems vulnerable to attack and that the insurance industry should start requiring firms to protect their networks. He suggested that companies be required to note security measures in their balance sheets, as they were required to do two years ago in outlining their steps to address the Y2K computer threat. Schneier also said software companies need to consider better security as part of the design process and law enforcement should be more vigilant about prosecuting computer crimes. "I think this problem is less a technology problem and more of a business problem," he said.