Richard Clarke and Howard Schmidt: Policy Preachers

Richard Clarke and Howard Schmidt are charged with spreading the security gospel to boardrooms across the land. They talk with CSO about cyberattacks, the Freedom of Information Act and more.

. What's this?

By

September 04, 2002CSO — Last September 11, the country got religion when it came to information security—at least until the smoke cleared. Nevertheless, from their new pulpit in the White House, Richard Clarke and Howard Schmidt are still trying to sell vendors, executives, politicians and ordinary citizens on a vision of a more secure future. And converts don't come easily.

"About half of our job is marketing," admits Clarke, President Bush's cybersecurity adviser and chairman of the president's Critical Infrastructure Protection Board, created last October. Clarke, 51, made his name as President Clinton's counterterrorism adviser for most of the 1990s; vice chair Howard Schmidt, 52, is the former CSO of Microsoft. Together, the two men are information security's most prominent preachers.

These days, when they make newspaper headlines at all, it's for reporting doomsday scenarios about cyberattacks. At worst, their comments seem like needlessly alarmist attempts to get people to care about weaknesses in the nation's financial, telecommunications, transportation systems and other pieces of the critical infrastructure. At best, for CSOs, they're preaching to the choir.

In fact, in a lot of ways, the duo's challenges aren't so different from that of a CSO. Their roles are new, their power is limited, and their future is somewhat uncertain as Homeland Defense undergoes a restructuring. But whereas CSOs are influencing policy, spending and awareness in an organization or perhaps an industry, Clarke and Schmidt do so for the nation.

CSO went to their offices two blocks west of the White House not to hear their spiel about why corporate America should care about critical infrastructure protection—you already know about that. Instead, we drilled them about how they might use their power to influence everything from a controversial Freedom of Information Act (FOIA) exemption to vendor accountability to procurement by the federal government. What they had to say may surprise you.

CSO: You've said that the FOIA exemption is the single most important policy change to improve information security. [Editor's note: This controversial exemption would ensure that information given to the federal government about computer attacks would not be made public.] Why is it so important?

Richard Clarke: If you look at the Nimda virus last fall—a major attack that caused billions of dollars worth of losses to the private sector—not one company called us up to tell us they had been attacked because they wanted to be able to keep it secret. They don't want their customers and their stockholders to lose confidence. We understand that. But the result is that we have an inadequate perception of what is going on in the American information infrastructure.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER