[ISN] Term 'cyber-terrorism' damaging security investment, says ex-White House advisor

InfoSec News isn at c4i.org
Mon Nov 8 05:31:50 EST 2004


Daniel Thomas in Barcelona
05 Nov 2004

Overuse of the term 'cyber-terrorism' is confusing board directors and
preventing much needed investment in IT security, says former White
House security advisor Richard Clarke.

By describing denial of service attacks, hacking and defacement of
corporate web sites as cyber-terrorism, IT directors are negatively
affecting the amount of investment companies makes in IT by failing to
properly communicate the real risks to businesses, he says.

'If you say cyber terrorism they get confused and think it's Osama Bin
Laden in cave with a laptop,' said Clarke during his keynote speech at
RSA Conference 2004 in Barcelona.

'And CEOs don't want to spend money on that because they don't think
it's a real threat to them, they think it's a cost and not a benefit.'

Clarke explained: 'Say information security, say information
assurance, say cyber security, say cyber crime but don't say cyber

But Clarke, who spent 11 years advising the last three Presidents on
national security and IT threats, says firms also need to do more to
join up physical and IT security procedures and that lack of attention
could threaten business continuity.

'We go into a lot of buildings and sign-in and most of the time no one
knows who we are,' said Clarke. 'I sign my name Benjamin Franklin most
of the time and no one notices.'

By creating secure computing and using two-factor authentication
devices for access to both buildings and technology systems companies
can hugely improve security, he says.

'If you worry about security you need to worry about cyber security as
well - our economy is increasingly dependent on the internet,' he

Clarke was also critical about the current US administration's
commitment to internet security, saying more action was needed to
combat growing threats.

'If the US administration keeps going through cyber security directors
at the pace it is we could fill up this hall with them next year,'
said Clarke. 'They are very good at saying they care about cyber
security and then they don't give them the money or the power to do
anything about it.'

The Bush administration should also do more to allay citizen concerns
around biometric citizen identification trials, says Clarke.

'An awful lot of people are concerned about civil liberties and see
security technology as a threat,' he said. 'But technology is a tool -
it's neither good or bad - it depends on the way that we use it.'

He concluded that both governments and businesses need to be forward
looking when it comes to security, rather than being reactive.

'I think that one of the lessons we learned from 9/11 is that
shouldn't wait for something to happen,' he said.

More information about the ISN mailing list