Clarke Outlines Plan To Boost IT Security

National cybersecurity czar Richard Clarke Tuesday outlined several initiatives to help the federal government bolster security of the nation's IT systems without stepping on any toes in the private sector.

Clarke also discussed steps he believes the IT industry can take to help protect computer, telephone, and Internet systems against cyberattacks. Clarke disclosed the government's plans and its hope for help from the private sector during a keynote speech at the Business Software Alliance's Global Tech Summit in Washington. In October, President Bush named Clarke Special Adviser to the President for Cyberspace Security, a new position on the National Security Council.

The Bush administration wants the IT industry to offer as much input as possible into the national strategy that his office is drafting, Clarke said. "We must work together in partnership, public and private, to deal with these threats," he said. Above all, Clarke said he doesn't want to create a strategy that's "a document written by bureaucrats for bureaucrats, sitting on a senator's coffee table somewhere."

As part of the initiatives, Clarke said the federal government in January plans to open a national simulation center to examine how a terrorist attack on one part of the nation's critical infrastructure systems will affect other interdependent systems. He described the center as "an acupuncture map of the country" that will simulate how pressure on one system can spill over into other areas. The government will use the center to study, for example, how a large-scale computer disruption or an outage of the telephone network or the Internet would disrupt the delivery of essential utilities such as water or electricity.

Clarke also provided details on a new initiative that's part of the administration's goal of setting an IT security example for the private sector. When it comes to securing IT systems, "the government has to set a better example, and we will," Clarke said. Under the initiative, federal agencies for the first time will be required to include IT security spending in their annual budgets. Some attendees at the tech summit said that could add billions of dollars annually to the government's federal IT security budget.

According to Clarke, the Office of Management and Budget this week will send letters spelling out the new spending policy. The letter will explain that if an agency's budget does not include IT security spending, the office will deduct funds from other areas in the budget and earmark them for security.

"We're very encouraged" by Clarke's proposals, says Jim Molini, executive director at Brinks Internet Security. "I like the idea of having someone at high levels of the government talking about cooperation and partnership for IT security policy," Molini said at the tech summit. Plus, the areas Clarke identified for cooperation between the government and the private sector are, he said, "a very good set of initial talking points for us to work with."