Richard Clarke sets tone for Black Hat 2007
In his keynote speech, Richard Clarke, novelist and chairman of Good Harbor Consulting, called for the adoption of IPv6 and the National Cyber Security Plan that President Bush signed in 2002 but has never implemented. While promoting his new novel, Breakpoint, the former National Security Council counterterrorism chief also took a few digs at former boss President Bush during a 30-minute speech.
"We are building more and more of an economy on cyberspace 1.0," Clarke told Black Hat attendees Wednesday morning. "Yet we still are running code from major vendors replete with errors that can be used to cause damage." Clarke, who gave the keynote speech at Black Hat in 2001, resurfaced an idea of his to have national standards for software. That proposal was removed from the National Cyber Security Plan that went to President Bush.
"We still do not have, and could have, cyberspace authenticated," said Clarke. "We should all be using encryption," which he said would reduce instances of laptops containing Social Security numbers being stolen. If they were all encrypted, we wouldn't care. He further suggested that encryption be used on e-mail, databases, even telephone calls to prevent illegal wiretapping.
Clarke leveled the harshest language on the Bush administration. "The Bush administration has systematically reduced the work to secure cyberspace." Clarke cited recent cuts to the Defense Advanced Research Projects Agency as an example. While he doesn't believe that government is the solution--it is just a part of the solution--he said he thinks government helps set the tone. He said he thinks Bush is "setting an example how not to do cybersecurity."
"We should all be using encryption," which he said would reduce instances of laptops containing Social Security numbers being stolen. If they were all encrypted, we wouldn't care. He further suggested that encryption be used on e-mail, databases, even telephone calls to prevent illegal wiretapping.
:
HERE HERE. With the absolute ton of CPU power we all have nowadays, there is no excuse for encryption. None. Absolutely nothing should traverse networks in clear text, internal or external. Encryption in transit and encryption at rest are fundamental. I am very happy to hear Mr. Clarke publicize his disdain for the adoption of such technologies.
Encryption is not a sliver bullet that will kill off the bad guys.
It is a hurdle, how large depends on the competence of the team designing and implementing it, and those deploying it, but it will not save anyone.
Reminder of events that happened while Clarke was Chair of the Counter-Terrorism Security Group (1992-2003):
* The 1993 bombing of the World Trade Center
* The 1995 bombing in Oklahoma City
* The 1996 Khobar Towers bombing
* The 1998 bombings of US Embassies in Kenya and Tanzania
* The 2000 bombing of USS Cole
* The events of September 11, 2001
All happened during Clarke's watch as Chair of the Counter-terrorism Security Group. And except for the Oklahoma City bombing, all were also al-Qaeda operations.
Why anyone is still listening to Clarke is the real mystery.
As to the rest, I suppose it is the the fault of a police chief because his department didn't catch everything beforehand.
which one do you think is more important to bush right now?
there have been no cyber attacks on the united states that affects the american population or national security yet.
let's wait until something happens first instead of scare mongering.
Even without a legitimate cyber-terrorist threat there is severely lacking computer and network security that needs to be addressed now.