U.S. cybersecurity czar Richard Clarke, warning that cyberattacks on the nation's critical IT infrastructure could potentially cause "catastrophic damage to the economy," last week urged more spending on IT infrastructure and security.
Clarke, chairman of the president's Critical Infrastructure Protection Board, also told a gathering here of about 150 security and privacy experts from business and government that he opposes a national identification card and wants to reduce the opportunities for anonymity on the Internet.
Although the Bush administration has taken no formal position on national ID cards, Clarke said most officials "feel it's not a smart idea" to push for a single card. What he'd like to see instead, he added, is broader use of strong authentication technologies for IDs such as drivers' licenses.
Speaking at the Trusted Computing Conference, hosted by Microsoft Corp., Clarke also strongly defended the proposed GovNet project, which would build a closed-loop government network that would be isolated from the Internet.
"We are not abandoning the Internet," he said, adding that he envisions a GovNet system in which workers would have more than one PC on their desktops one on a system open to the Internet and the other on a closed-off and highly classified network. Clarke stressed that if the GovNet proposal turns out to be a vast expense, it won't be pursued, and he urged the audience to get involved in the request-for-information process under way this month. GovNet is "not intended to be a silver bullet," he added, "but just one piece of the overall solution."
In his first speech since the Sept. 11 terrorist attacks, Clarke said spending on IT security and infrastructure protection has to increase in both the private and public sectors. "Freedom isn't free, and security isn't free, either," he said, adding that unlike six weeks ago, "no one is saying we shouldn't pay more for security now."
IT security is just as important as the broader collection of homeland security initiatives, Clarke said, urging private industry to play a prominent role in helping the government craft its plan for online security.
"What do you want in the plan? How should we structure it?" he asked.
But several attendees said they found Clarke's call to action a little too vague in terms of how the private sector could coordinate its security- and privacy-related IT efforts with those of the government.
"Market forces are not necessarily going to protect the infrastructure," observed one attendee from a large West Coast financial institution, who asked not to be named. "I'm suggesting that counter to regulation, or even coinciding with regulation, that the government offer incentives for us to be good citizens, like tax cuts for those who conduct assessments and develop recovery procedures."