PALO ALTO, Calif.--In his first public appearance in his new post,
President Bush's special advisor for cyber security urged business leaders
to base their information security spending on the threat posed by
ultra-sophisticated computer attackers that may emerge in the future,
rather than the current "nuisance" created by hackers and virus writers.
Speaking at a dinner function hosted by Microsoft as part of its Trusted
Security Forum, Richard Clarke argued that a purely economic analysis of
computer security isn't enough to justify the kind of effort needed to
prevent future cyber calamity at the hands of U.S. enemies.
"If I'm going to persuade you, if I'm going to persuade this country, to
spend more money on IT security, and not just spend more money but spend
more time and intellectual effort on IT security, I'm not going to be able
to do that if the only thing that I have to show ... are the few billion
dollars that [attackers] cost us as an economy due to viruses and denial
of service attacks," said Clarke.
"Instead... ask yourself what could occur because of the vulnerability
that we have," Clarke said. Indicating computer security researchers in
the audience, Clarke asked, "What could this group do if they were
malevolent, using the vulnerabilities that they know about? Could they
create catastrophic damage that would cost our society and our economy a
lot more than the annual cost of hacking? You know the answer. Yes, they
"We haven't patched the holes, literally or figuratively. We haven't put
the patches on. We still have a system that is fragile, that is vulnerable
to sophisticated attacks. Not to 14-year-olds, but to a sophisticated
group, or nation state, with multiple simultaneous attacks."
"It could lead to catastrophic damage to the economy, and, if done at a
time of national security crisis, it could lead to catastrophic damage to
our national defense," said Clarke.
Casting himself as something of a Cassandra, Clarke said that he issued
identical warnings about U.S. exposure to physical terrorism prior to
September 11, but those warnings met with skepticism. "What I tried to
argue was that instead of looking merely at what terrorist acts had
already occurred, we should instead ask ourselves, 'what are the
vulnerabilities that we have, and how might a terrorist use them?,'" said
But in his prior position as the President's infrastructure protection and
counterterrorism advisor, Clarke was known less for predicting terrorist
attacks, than his frequent warnings that foreign
governments were preparing to launch crippling computer network attacks
against U.S. critical infrastructures, like the power grid and
telecommunications systems, resulting in an "electronic Pearl Harbor" that
would cause devastating economic damage, and even loss of life.
The position of 'special advisor for cyber security' was created last
month, when President Bush opened the Office of Homeland Security in
response to the September 11 terrorist attacks. In his new post, Clarke
reports to director of homeland security Thomas Ridge, and national
security advisor Condoleezza Rice.
Clarke said Wednesday that he requested the new cyber security post, and
was "honored" to receive it. By Kevin Poulsen