Clarke says the worst is yet to come
- By William Jackson
- May 23, 2003
Leaving government service has not improved Richard A. Clarke's outlook on cybersecurity.
'The threat level is going up, and it is going up at a steep angle,' the former White House adviser told a lunchtime audience in Washington Thursday.
Clarke, who has advised the last three presidents on national security, counterterrorism and cybersecurity, retired in February after a 30-year government career. He spoke at a security seminar hosted by TippingPoint Technologies Inc. of Austin, Texas.
TippingPoint security analyst Vicki Irwin described what she called an impending train wreck for IT administrators and security officers. While the number of IT vulnerabilities and attacks is increasing exponentially, the time between discovery of a vulnerability and publication of an exploit for it is shrinking, and the speed with which attacks propagate is increasing.
Recent examples of efficient and increasingly speedy exploits are the Nimda, Code Red and SQL Slammer worms, and recent attacks against the Internet's Domain Name Service system.
None of these attacks resulted in serious system-wide damage, but Clarke warned against being lulled into a false sense of security.
'People are not doing it just for the hell of it,' he said. 'It suggests to me someone is calibrating the attacks. I think a lot of what we're seeing is reconnaissance. People are planning attacks, and probably multiple simultaneous attacks.'
On the bright side, more money is being made available to secure government systems, from about $2.7 billion two years ago to $4.9 billion requested for fiscal 2004.
'There is every indication the House will actually add to that,' Clarke said. 'The problem is that we don't se a correlation between how much money we spend and the results achieved. It's not just a matter of money. We have to find out how to spend it wisely.'
William Jackson is a Maryland-based freelance writer.