WASHINGTON (05/24/2000) - Congressional funding to curtail cybercrime has been focused on law enforcement and existing programs, but the real solution will come from education, research and development programs, federal officials said Tuesday.
"There's no more important part in our national agenda for protecting our information systems than education," said Jeffery Hunker, director of transnational threats at the National Security Council, during the National Colloquium for Information Systems Security Education in Washington, D.C.
Advancing federal, state and local law enforcement capabilities and strengthening sentencing will help advance some aspects of cybersecurity. But the problem of cyberattack vulnerability will not be solved until there are people who know how to make the systems more secure, said Richard Clarke, national coordinator for security, infrastructure protection and counterterrorism, and senior director of transnational threats at the National Security Council.
The reason that attacks are occurring is because the government doesn't have enough properly trained IT security personnel, Clarke said. "If every house in the United States were without a front door lock, is the solution to hire more cops? I think not," he said.
The United States has not produced a group of people who can handle the new IT infrastructure, Clarke said. "We have built a country that we cannot run because we don't have the people who know how to run it," he said.
And without those people, the research and development needed to build security into networks will not happen, Hunker said. "There's a substantial overlap between that research and development agenda and the opportunity to advance education," he said.
Overall government and industry spending on IT is far too low because people still think of IT as a way to cut costs, "and IT security funding as a subset of that is critically low," Clarke said.
So while Congress may see this year as a transition year, with "no new starts," the education and R&D funding requests must be the exception, he said. "If this is truly the year of "no new starts,' then next year may be the year that nothing starts and nothing works," he said.