Reclaim the 'Net, says former cybersecurity czar

AUCKLAND, New Zealand (Computerworld New Zealand) -- It's time to take back cyberspace from hackers, phishers and others who are preventing e-commerce and e-government from reaching their full potential.
That was the message Richard A. Clarke, former special adviser to President George W. Bush on cybersecurity, gave at a CIO breakfast meeting here recently.
Clarke, who was visiting New Zealand as a guest of Symantec Corp., also advised President Clinton on terrorism. Clarke published a book, Against All Enemies: Inside America's War on Terror, and is an outspoken critic of the decision to go to war with Iraq.
However, he stuck to cybersecurity during his presentation, turning to terrorism and politics only during the question-and-answer session. After serving three presidents, Clarke is chairman of security company Good Harbor Consulting.
Security fears are the main factor holding back the widespread adoption of online banking and other transactions that can be more cheaply and efficiently done over the Internet, Clarke says.
"Most banks have about 30% of their customers doing online banking, and when you consider that an over-the-desk transaction that costs $2 can be done for five cents online, if a bank can move from 30% online customers to 70%, it'll save a lot of money.
"The No. 1 reason more people aren't banking online is the fear of chaos in cyberspace."
There are "all sorts of things" that are possible over the Internet but aren't being done "because we haven't achieved security in cyberspace," he says.
The U.S. government will spend 8% of its IT budget on security this year, double the percentage of five years ago, with the bill coming to $5 billion. Banks and other businesses are increasingly using their commitment to security as a point of differentiation in advertising, he says.
Clarke went on to list 12 trends, a "dirty dozen" that will shape IT security in coming years. Among them were encryption of archived and stored data and automated audits of IT assets, using asset management software that certifies hardware and software as being secure.
Also on the list were greater use of intelligence and advisory services on security issues, increasing reliance on patch management systems instead of patches being applied ad hoc, and an ever-greater need to secure digitally controlled and Scada (supervisory control and data acquisition)-based systems that run utilities such as electricity, water and gas suppliers.

"We're seeing worms getting into those kinds of networks and in Ohio, a power plant was knocked out by one," Clarke told the audience.
The IT security