Clinton Outlines Plan for Hacker Counter-Attack

At a brief meeting with supporters from the computing community this week, President Bill Clinton laid out a plan for the U.S. government to respond to the national security threat that has been highlighted over the past two weeks by hacker attacks on popular Internet sites.

The strategy consists largely of Clinton’s previously announced plan to commit more federal dollars into long-term research and development of security technology. In the short-term, the administration argues, public awareness of security measures that are already available today must be heightened, starting at the federal government level.

Cooperation, Not Regulation

Neither Clinton nor the group of Internet and e-commerce company executives, consumer advocacy groups, security experts, former hackers, and academics support regulating the Internet as a method of thwarting future hacker attacks, White House Chief of Staff John Podesta said. “The solutions that we talked about did not involve greater government regulation, or really even greater governmental power. The point was made that we do not need to reduce privacy as we enhance security in the network. Privacy and security go together, in fact.”

Podesta added that the members of the computer industry at the meeting agreed to continue sharing information on security strategies, as they have already begun to do under the oversight of the U.S. Department of Commerce. The example set in the industry and government’s manner of addressing the year 2000 computer bug, Podesta said, can be followed on these new security issues.

“We need to get going, enhance those efforts, and get some real solutions on the table,” he said.

The private sector has given “tremendous support” to the government’s efforts to form public-private partnerships to address these issues, U.S. Commerce Secretary Richard Daley said. “We can support them. It is not about the government regulating this, or taking steps to take actions that would at all impede the Internet, because of course it is the dynamic engine that is driving our economy today, and we must keep that open,” he said.

At the meeting, 38 companies and 10 high-tech trade associations expressed their support for further public-private cooperation in a joint statement, according to Harris Miller, president of the Information Technology Association of America (ITAA). They also impressed upon the White House that “even though some of the technology challenges in protecting the Internet are relatively easy to address, in fact it’s a very hard issue.”

Not an Insurmountable Challenge

In general, the White House maintains that the current security threats to business and government Internet sites and to computer networks can be overcome if both sectors take an aggressive, proactive, cooperative approach.

According to Podesta, the obvious first step is to tap security measures that are currently available but often ignored by many companies and government agencies. “We need to be more proactive in getting the tools out and getting them in use, to practice better hygiene, as many of the people commented,” Podesta said.

Such improved “hygiene” will start at the federal government level, the White House pledges. “We’re not doing a good enough job in making sure that the government’s own systems are secure,” Podesta admitted. “We need to enhance the security on the government systems, and make sure that they’re not broken into, that the firewalls are in place, and that we’re practicing good security procedures.”

Applying Cash to Stop the Attacks

In addition, the Clinton administration will keep pushing for both short-term and long-term research programs. These efforts will attempt to ensure that the hardware, software and networks comprising the global information infrastructure “evolve in a way in which security is built in at the front end, rather than thought about at the back end, when solutions will be more difficult to implement and more expensive to implement,” Podesta said.

Clinton will likely use the recent spate of hacker attacks to rally support for the $2 billion (US$) included in his 2001 budget — sent early this month to Congress — to federally fund such research efforts. That strategy got a boost from the computer industry professionals and academics who gathered at the White House this week, and, according to Podesta, expressed “strong support” for the plan.

The Clinton budget contains funding increases for “critical infrastructure,” including more money for research and development. Specific federal cyber-security initiatives include a Federal Cyber Services Training and Education Initiative, for which the budget includes $25 million, and a permanent Expert Review Team at the Commerce Department’s National Institute of Standards and Technology to help federal agencies test their vulnerability to hacker attacks. That group would get $5 million under Clinton’s budget.

In addition, the President has asked Congress for a $9 million supplemental appropriation for fiscal year 2000 to do the prep work for these and a few other security-related research and development programs before the new fiscal year funding kicks in.

Good Deal of Money

“The events of last week involved attacks that can involve a good deal of money,” Podesta said, noting that the Department of Justice (DOJ) will need funds to continue investigating the sources of these types of hacker attacks. Attorney General Janet Reno invited further input from the computing world about how to enforce the cyber security measures that are already on the books, Podesta said.

According to Miller, Reno also expressed willingness to discuss whether the laws as currently written are stiff enough to thwart hackers. “But as to whether specific statutes need to be amended, I think that requires further analysis and discussion,” he said.

Miller disagreed with the suggestion that perhaps some Internet companies also bear some of the blame for the Internet’s susceptibility to hacks by focusing more on making an e-commerce buck than maintaining security at their sites or their databases. However, he did agree that the recent flurry of attacks “has helped to focus the attention of many people in the industry that they are going to have to put more resources into security.”