/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBy Elinor Mills Abreu
LAS VEGAS: Telephone companies, Internet service providers and software makers must do more to protect their customers from cyber attacks, the Bush administration's cyber-security czar said on Tuesday. Richard Clarke, a special adviser to President Bush, told the annual Black Hat computer security conference here that, "Since we were here last year, things have changed. This is ... a nation at war. It's a different kind of war."
Clarke said the software industry is failing to create more secure products. "The process for developing software isn't working," he said. "Quality control isn't there." He pointed to the Nimda Internet worm of last year, which attacked computers using a handful of known vulnerabilities and caused an estimated "$3 billion in damage in one week."
Phone companies and ISPs that sell broadband connectivity, such as cable and DSL access, should offer firewall software to help protect consumers from hacking attacks and provide services to automatically update customer software and install patches, Clarke said. "It's a little like selling a car without seat belts," he said. "For the average home user it's kind of a lot to ask ... that you should also spend a couple of hours per week worrying about updating patches. We should not force the average home user to go through all that."
In addition, Clarke said all government agencies should set an example. They should refuse to purchase bug-prone software and shut down insecure wireless networks at government buildings until they achieve a better track record, as the U.S. Department of Defense has done. The Department of Defense already has a policy of buying only products that have specialized security certifications and the government is considering extending that to all other agencies, he said.
With federal spending on computer systems and software increasing 64 percent in the budget that is before Congress and federal spending on information technology to reach an estimated $20 billion over the next three years, suppliers are bound to listen, Clarke said. "We're not trying to go down the route of regulation. We are trying to go down the route of market forces," he said in a question-and-answer session with reporters.
© Reuters