During his 30 years in Washington, Richard Clarke evolved from a State Department staffer into the nations top counterterrorism official and, at the time of his retirement in March, the special adviser to the president for cybersecurity. Along the way, he developed a reputation for knowing how to get things done and also became one of the more polarizing figures in the inner circles of power inside the Beltway. He worked directly for three presidents in a span of 11 years at the White House and was the driving force behind the development of the National Strategy to Secure Cyberspace. Hes now working as a consultant to ABC News and several security vendors. Senior Editor Dennis Fisher sat down with Clarke recently in Boston to talk about the state of security in the government and private sector and the development of the new National Cybersecurity Center.
eWEEK: When you decided to leave the government, was that something that you planned for a while or was there some proximate cause?
Clarke: No, that was something I had planned for 20 years. I had just reached the 30-year mark. I had completed 30 years of government service.
eWEEK: The whole establishment of the Department of Homeland Security and the way that was all set up, how much of a role did that play in your decision to leave?
Clarke: What we had decided to do, I had been involved with the president and others in helping to decide to create a department in the beginning before the administration had even announced its support for a department. We decided to take the cyber-security components of five different organizations and put them together in the department. Then, when we did the National Strategy to Secure Cyberspace, we intentionally sort of made two-and-a-half of the five priorities things that the new department would have to implement. So there was a plan in place for almost a year to move a lot of this function to the new department. It was one of the key things that the department would do.
eWEEK: Whats your impression so far of how everythings going there and how the consolidation is working?
Clarke: If you think about private sector mergers, where two or three companies have to be put together, you understand that there is a normal period of adjustment. The Department of Homeland Security is trying to merge 22 organizations at the same time so its that much more difficult. Theyre obviously having some growing pains.
eWEEK: Do you expect that to continue?
Clarke: Yeah, if you look at past federal departments coming into existence by merging federal organizations, you look at the Department of Transportation, the Department of Energy, it frequently took four to six years before the organizations thought of themselves as one department. We hope obviously that its going to go quicker, but the historical record is it takes a little time.
eWEEK: One of the big complaints I always hear from private sector folks is that they dont know where to go when they find a new vulnerability or have some other problem. Will this help with that?
Clarke: Some people in the past called the National Infrastructure Protection Center at the FBI, some people called the CERT or the FedCIRC, the federal version. The idea of putting all of these organizations together is to create a National Cybersecurity Center, which I think they probably will announce early next month. That center will be the obvious place to make the call.
eWEEK: Thatll be for incident response, new vulnerabilities…
Clarke: Yeah, the center will probably be more than just event response. Itll also be policy development, awareness, public outreach. It should be that thing that we described where the five cyber components come together in one room. The key to making the center work is that the person chosen to head it be sufficiently high-level. They cant be buried in that department. Because the person whos going to head that center has to do the job that in effect I did as the special adviser to the president. So they cant be on the fourth level of the department, and thats something theyre still trying to work out.
eWEEK: Do you think thatll be someone internal at the department itself?
Clarke: No, no. I imagine it will be some nationally recognized expert in cyber-security.
eWEEK: That seems like something that wouldve been a nice fit for you. Was that not something that interested you?
Clarke: Ah, no. I had done 30 years of government service, 11 of that with the White House. No one had ever done 11 years continuous service at the White House before. So I had done enough. Its kind of like a sentence of hard labor.
eWEEK: Were you surprised to see Howard Schmidt leave so soon after you left?
Clarke: No. I think Howard did the right thing. He certainly by leaving sent a message to the administration and the Department of Homeland Security that they needed to move quickly to create the national center and they needed to have a person in charge of that with some real power. So I think his departure caused a lot of attention on the Hill, a lot of attention in the Congress that the national center hadnt been created yet. And one of the reasons the administration is going to announce the creation of the center soon is because of that pressure that Howards departure engendered.
eWEEK: How vital is it that they really get someone with a strong national reputation?
Clarke: The center will never become what it should be in terms of the national locus for policy unless theres a nationally recognized and high-level person with high-level access in the administration. Because otherwise people will just consider it another bureaucratic organization. Its very key that they get the right person, very key that person has access to the president, the homeland security adviser, and homeland security secretary.
eWEEK: Looking at the process of putting out the national strategy, is there anything that you think youd do differently?
Clarke: Well, not much. I think people got involved all across the country, both in the 10 town meetings that we held and in the about 15 groups that contributed by writing their own parallel strategies. The electric group, the banking group, oil and gas—all of the verticals created their own national strategies as part of that process. Often, strategies are just the documents themselves. This was not just the document, but also all of the awareness activity that was created by the process. And that was our goal from the beginning, was to have an unusual process that drew people in and raised awareness. I think it was very successful. The unprecedented idea of then turning out a draft and letting the entire world comment on it also stimulated a lot of involvement and awareness. No ones ever done that before. Typically Congress doesnt even have a shot at it. If you look at the other national strategies for drug control or physical security, national security, military, only the cyber strategy was done in a participatory way with the public involved helping to write it.
Latest Security News: