Clarke presses industry on security

The White House is calling on the information technology industry to assist in government efforts to strengthen the state of cybersecurity and is also urging vendors to ensure that what they sell is secure.

The government has several programs under way to increase security within agencies, Richard Clarke, the Bush administration's cyberspace security adviser, said Dec. 4 at the Business Software Alliance's Global Tech Summit 2001 in Washington, D.C.

These programs include:

* Establishing a simulation center by January to build a model of the interdependent networks that support critical infrastructures, which include telecommunications and electric power.

* Analyzing comments from industry on the proposed GovNet intranet for critical federal systems.

But industry also must play a part to secure systems within government and within the private sector, Clarke told the audience of BSA members, which include Adobe Systems Inc., IBM Corp., Microsoft Corp. and Network Associates Inc.

To start, members of the IT industry must build information security into their products at the point of development and not treat it as an afterthought, Clarke said. In essence, manufacturers must say that "from now on, the default setting on all our products as they come to market will be for high security," he said.

Vendors must also work with government and other users to determine a better way to deploy patches to fix security vulnerabilities in software, he said. Right now when a vulnerability is discovered, vendors issue a patch and send out an alert to users, but Clarke said that industry must follow through, since most attacks happen because the patches are not used.

"It is also your responsibility to work with your customers to make sure those patches are applied," Clarke said.

Internet service providers also have a responsibility to their customers, including scanning for viruses and doing more to stop the spoofing of Internet Protocol (IP) addresses — a tactic used by many attackers to hide from investigators, Clarke said.

Beyond those steps, he said ISPs should insist that users install a personal firewall when they buy an always-on connection, such as Internet access via cable modem or Digital Subscriber Line. Many security incidents occur because home users — including federal and industry employees who work from home — have always-on connections without any security because ISPs do not necessarily provide a firewall as part of the connection service, Clarke said.

"People who sell cable modems and DSLs should sell them packaged with firewalls," he said.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.