During a recent CSO roundtable in Boston, Richard Clarke, former special adviser to the president for cyberspace security, said that CSOs looking for the federal government to take the lead on cybersecurity should look elsewhere. If you’re waiting for the government to secure cyberspace, it’s going to be a while. During a recent CSO roundtable in Boston, Richard Clarke, former special adviser to the president for cyberspace security, said that CSOs looking for the federal government to take the lead on cybersecurity should look elsewhere. Though he praised the president’s National Strategy to Secure Cyberspace, a plan he helped draft, Clarke said that the massive new Department of Homeland Security, in theory the government’s lead agency for cybersecurity and threat information analysis, exists only on paper. It will be five to seven years before the 22 federal agencies that make up the DHS shake off their distinctive cultures and begin functioning together as parts of a new department, Clarke said. “Think of AOL Time Warner or Hewlett-Packard and Compaq, and then multiply those mergers by 22,” he said.Beyond the organizational challenges facing the DHS, Clarke noted that the government must clean up its own house. Audits by the General Accounting Office and others have consistently given federal agencies low marks for IT security. Government CIOs are far from trendsetters in the area of IT security and often fall victim to the same security holes and viruses that afflict corporations and home users.The solution for both the federal government and private-sector organizations is simple, according to Clarke: Reduce the number of product vulnerabilities. First and foremost, software developers need to be trained to write better code with fewer security flaws, such as buffer overflows. They also need to revamp the development and deployment of software. In addition, companies that address these issues and bring together the people responsible for physical and IT security with those in HR and legal will likely find themselves better able to anticipate and respond to security threats. But all of those things take time. (To hear more from Clarke, read “Setting the Course,” Page 48.) Related content news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO CSO and CISO C-Suite news Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements Open letter claims current provisions will create new threats that undermine the security of digital products and individuals. By Michael Hill Oct 03, 2023 4 mins Regulation Compliance Vulnerabilities opinion Cybersecurity professional job-satisfaction realities for National Cybersecurity Awareness Month Half of all cybersecurity pros are considering a job change, and 30% might leave the profession entirely. CISOs and other C-level execs should reflect on this for National Cybersecurity Awareness Month. By Jon Oltsik Oct 03, 2023 4 mins CSO and CISO Careers feature The value of threat intelligence — and challenges CISOs face in using it effectively Knowing the who, what, when, and how of bad actors and their methods is a boon to security, but experts say many teams are not always using such intel to their best advantage. By Mary K. Pratt Oct 03, 2023 10 mins CSO and CISO Advanced Persistent Threats Threat and Vulnerability Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe