Clarke presses industry on security

The White House is calling on the information technology industry to assist in government efforts to strengthen the state of cybersecurity and is also urging vendors to ensure that what they sell is secure.

The government has several programs under way to increase security within agencies, Richard Clarke, the Bush administration's cyberspace security adviser, said Dec. 4 at the Business Software Alliance's Global Tech Summit 2001 in Washington, D.C.

These programs include:

* Establishing a simulation center by January to build a model of the interdependent networks that support critical infrastructures, which include telecommunications and electric power.

* Analyzing comments from industry on the proposed GovNet intranet for critical federal systems.

But industry also must play a part to secure systems within government and within the private sector, Clarke told the audience of BSA members, which include Adobe Systems Inc., IBM Corp., Microsoft Corp. and Network Associates Inc.

To start, members of the IT industry must build information security into their products at the point of development and not treat it as an afterthought, Clarke said. In essence, manufacturers must say that "from now on, the default setting on all our products as they come to market will be for high security," he said.

Vendors must also work with government and other users to determine a better way to deploy patches to fix security vulnerabilities in software, he said. Right now when a vulnerability is discovered, vendors issue a patch and send out an alert to users, but Clarke said that industry must follow through, since most attacks happen because the patches are not used.

"It is also your responsibility to work with your customers to make sure those patches are applied," Clarke said.

Internet service providers also have a responsibility to their customers, including scanning for viruses and doing more to stop the spoofing of Internet Protocol (IP) addresses — a tactic used by many attackers to hide from investigators, Clarke said.

Beyond those steps, he said ISPs should insist that users install a personal firewall when they buy an always-on connection, such as Internet access via cable modem or Digital Subscriber Line. Many security incidents occur because home users — including federal and industry employees who work from home — have always-on connections without any security because ISPs do not necessarily provide a firewall as part of the connection service, Clarke said.

"People who sell cable modems and DSLs should sell them packaged with firewalls," he said.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.