Security adviser previews national strategy

Security adviser previews national strategy

LAS VEGAS'Presidential cybersecurity adviser Richard Clarke drew ovations from a crowd of 1,500 security experts attending the Black Hat Briefings when he criticized the performance of software developers.

'The software industry has an obligation to do a better job of creating software that works,' Clarke said.

Clarke, head of the president's Critical Infrastructure Protection Board, also drew applause when he said, 'I don't trust the government to regulate the Internet.' He made the comments while giving a preview of the National Strategy for Securing Cyberspace, which the administration plans to release Sept. 18.

The 2,800-page report focuses on creating responsibility and accountability for cybersecurity. The strategy responds to more than 200 questions, and experts from the private sector developed much of it. Clarke said the administration would update it several times a year.

'Chances are we will get it wrong in some aspects the first time around,' he said.

Without revealing specific recommendations, Clarke outlined the strategy's major areas:

  • Software development: Clarke called for more rigorous development practices on the part of developers, and continued input from users to disclose vulnerabilities.

  • Wireless networking: Wireless LANs are notoriously unsecure, he said. Vendors have a responsibility to create more easily securable systems, and users should not use systems with known vulnerabilities.

  • Broadband access: Telecommunications companies and Internet service providers should provide firewall and other security services to customers using always-on Internet connections, which leave systems open to hacking over the Internet.

  • Internet security: There is no clear-cut responsibility for developing secure Internet technologies, and the government should take a leadership role in promoting security. The government should not regulate the Internet, but it cannot walk away from this responsibility either, Clarke said.

  • Federal government: Agencies need to do their part by using the security products it is encouraging industry to develop. Clarke cited a number of secure computing initiatives by hardware and software developers and said that if they produce significantly more secure products, he would recommend a massive replacement or upgrade of government systems.

  • About the Author

    William Jackson is a Maryland-based freelance writer.

    Stay Connected

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.