Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

White House cybersecurity chief defines cyberthreat

By Dan Verton
September 6, 2002 12:00 PM ET
Recommended
(0)
Digg
Share/Email

Computerworld - Richard Clarke, chairman of the president's Critical Infrastructure Protection Board, recently spoke with Computerworld reporter Dan Verton about the nature and potential of the threat to the nation's critical infrastructure and what he sees as his biggest challenges with respect to national cybersecurity.


Excerpts from the interview follow:


Q: Can you briefly explain the cybersecurity threat for those who still may not be sure who or what the enemy is?


A: There's a spectrum of threats out there, some of which we experience every day. That spectrum runs from [individuals] who simply vandalize Web pages to those who conduct nuisance denial-of-service attacks. That's on the low end, which is usually conducted by young hackers -- so-called script kiddies.


In the middle, you have criminals who conduct fraud and industrial espionage online. The middle range of threats is usually carried out by organized crime, companies and also nation-states.


















Coming next week: Computerworld's in-depth look at the IT response to the Sept. 11, 2001, attacks.
Coming next week:
Computerworld's in-depth look at the IT response to the Sept. 11, 2001, attacks.


On the high end, however, you face people who potentially could conduct attacks to destroy or stop things from working. At the high end, it's potentially nation-states or terrorist groups. These attacks could be conducted in isolation or in conjunction with a physical attack.


I think we have to anticipate that a smart opponent would use some of these asymmetric tactics against us. In the larger scenarios, the private sector would be the targets for attack, either by terrorist groups or nation-states because those groups would seek to disrupt the national economy.


Q: What are the greatest challenges facing the private sector in terms of cybersecurity, particularly with respect to your mission of building an effective public/private partnership that can provide for a common defense?


A: The first problem we've always had was awareness. However, the awareness problem has diminished greatly for two reasons. People in boardrooms asked themselves after Sept. 11, "How secure is our company?" Also, there have been a lot of cyberattacks, which have doubled in the last year.


The second problem facing companies is determining what is a good product, who's a good service provider and what they should be asking for. Most people think the first thing to do is to run out and buy a firewall or an intrusion-detection system. But that doesn't even begin to solve your problems. You need to have a continuous process of looking for vulnerabilities and you need to have a layered defense. We passed the 2,000 mark a few months ago in terms of known vulnerabilities that we have to deal with.



Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

POLL RESULTS
Leading IT Pros Weigh In on Top IT Issues
Accelerate your knowledge of the IT world you inhabit by viewing the results of a series of polls taken by your IT peers. These polls of 100+ IT professionals each are available for full viewing. They cover key topics such as virtualization, processor performance, green IT, cloud computing and many others. Be a part of the buzz.
WHITE PAPER
For Best Results, Think Beyond the Box
Technology is complex. Keeping it running productively shouldn't be. To that end, you want to minimize the number of solutions needed in-house to simplify operations, maintenance, and support. Kodak offers a best-practices model. One company provides support for both scanner and software, for fast problem resolution without vendor finger-pointing. Download now!
WHITE PAPER
Accelerating the Path to Demand Intelligence with a Demand Signal Repository
Utilizing demand intelligence improves the precision of pricing, product assortments, channel/store placement, and promotion, which are all essential for sustainable revenue management performance. Learn more, download this free whitepaper today.

White Papers & Webcasts

How Controlling Access to Privileged Accounts Can Keep Insider Threat from Hurting Your Bottom Line
This white paper explores insider attacks and insider risk, and shows how to control them by controlling and monitoring access. The paper describes...  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

Military Uses Bit9 Parity to Defend Against New Generation Attacks
When a military organization faced an exercise, in which there was an attempt to breach and infect the network, they decided to use...  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

Eliminate Spam, Gain Productivity
In this exclusive whitepaper, learn all about the dangers of spam and the cost to your business....  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

Accelerate SSL Encrypted Applications
The amount of SSL traffic is growing in the enterprise. Because it is encrypted, it cannot be properly controlled and accelerated. Blue Coat...  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

ESG Lab Field Audit
Many companies have successfully implemented Riverbed WAN optimization solutions within their Cisco networks. This ESG Lab Field Audit document explores the success that...  

Agile Enterprise Content Management (ECM) for Rapid ROI
Find out how combining ECM and BPM will help adress issues about content rich business processes....

All White Papers | All Webcasts

Computerworld Reports

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

Computerworld Technology Briefing: Intelligent Users Use Business Intelligence

All Computerworld Reports
 

Symantec Report on the Underground Economy
The Symantec Report on the Underground Economy examines activity on underground economy servers observed by Symantec between July 1st, 2007 and June 30th, 2008. It includes analysis and discussion of the goods and services advertised, advertisers participating in the economy, the servers and channels that host the trading, and a snapshot of piracy activity observed.
Download this white paper 
Data Loss Risks During Downsizing
With the dramatic increase in lost jobs, companies should be aware of the possibility that these employees may be walking off with their sensitive and confidential data. An independent study done by the Ponemon Institute surveyed employees leaving their jobs and taking company data with them. This type of data loss problem may be putting companies at risk for a potential data breach. This study will help you to understand what employees are doing with the data on the laptops their employers provided them.
Download this white paper 
3 Steps to Protect Confidential Data on Laptops
Learn how to avoid being part of the one-third of security breaches that occur due to laptop theft. This report outlines specific steps to help you secure confidential data and minimize the impact of data loss resulting from stolen or missing laptops.
Download this white paper 
Managing Spend on Information Security and Audit for Better Results
The benchmarks conducted by the IT Policy Compliance Group show almost all organizations have financial incentives exceeding 100 percent to make improvements to reduce financial risk from data loss, downtime and regulatory audit. This report includes findings covering the principal operational outcomes being experienced by organizations, financial risks, losses and returns, and the practices making the most difference to control risks, reduce costs, and improve results.
Download this Report! 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.