White House cybersecurity chief defines cyberthreat

By Dan Verton

September 6, 2002 12:00 PM ET

Recommended

(8)

Digg

Twitter

Share/Email

Computerworld - Richard Clarke, chairman of the president's Critical Infrastructure Protection Board, recently spoke with Computerworld reporter Dan Verton about the nature and potential of the threat to the nation's critical infrastructure and what he sees as his biggest challenges with respect to national cybersecurity.

Excerpts from the interview follow:

Q: Can you briefly explain the cybersecurity threat for those who still may not be sure who or what the enemy is?

A: There's a spectrum of threats out there, some of which we experience every day. That spectrum runs from [individuals] who simply vandalize Web pages to those who conduct nuisance denial-of-service attacks. That's on the low end, which is usually conducted by young hackers -- so-called script kiddies.

In the middle, you have criminals who conduct fraud and industrial espionage online. The middle range of threats is usually carried out by organized crime, companies and also nation-states.

Coming next week:
Computerworld's in-depth look at the IT response to the Sept. 11, 2001, attacks.

On the high end, however, you face people who potentially could conduct attacks to destroy or stop things from working. At the high end, it's potentially nation-states or terrorist groups. These attacks could be conducted in isolation or in conjunction with a physical attack.

I think we have to anticipate that a smart opponent would use some of these asymmetric tactics against us. In the larger scenarios, the private sector would be the targets for attack, either by terrorist groups or nation-states because those groups would seek to disrupt the national economy.

Q: What are the greatest challenges facing the private sector in terms of cybersecurity, particularly with respect to your mission of building an effective public/private partnership that can provide for a common defense?

A: The first problem we've always had was awareness. However, the awareness problem has diminished greatly for two reasons. People in boardrooms asked themselves after Sept. 11, "How secure is our company?" Also, there have been a lot of cyberattacks, which have doubled in the last year.

The second problem facing companies is determining what is a good product, who's a good service provider and what they should be asking for. Most people think the first thing to do is to run out and buy a firewall or an intrusion-detection system. But that doesn't even begin to solve your problems. You need to have a continuous process of looking for vulnerabilities and you need to have a layered defense. We passed the 2,000 mark a few months ago in terms of known vulnerabilities that we have to deal with.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Cybercrime/Hacking

Additional Resources

WHITE PAPER

Do You Know the 7 Steps to Successful Data Migration?

Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.

WHITE PAPER

Total Cost of Ownership of Server Computing Vs. PCs

Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.

WHITE PAPER

IDC White Paper: Linux in a Global Recession

Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.