20 Feb 2002 10:13
The United States' top adviser on cybersecurity on Tuesday took companies to task, pointing out that many spend less on computer security than they do on coffee for employees.
Streamed video: Richard Clarke on IT managers' responsibility for security
Richard Clarke, the special adviser to the president on cybersecurity, told security experts at the RSA Conference 2002 in San Jose that such complacency leaves the Internet -- and many other critical infrastructures -- in danger of attack. Clarke cited statistics that indicate that less than 0.0025 percent of corporate revenue on average is spent on information-technology security.
"If you spend more on coffee than on IT security, then you will be hacked," Clarke said during his keynote address. "What's more, you deserve to be hacked."
Streamed video: Richard Clarke's keynote from the RSA Conference
Software companies have said that during tough times, businesses aren't interested in spending big for security. But Clarke said his own research has found the opposite. He further stressed that the industry needs to work together to secure the Internet as a whole, and that companies should not just worry about their own little piece of the network.
"Let's admit that the emperor's new clothes are rather skimpy sometimes," he said.
Since the 11 September terrorist attacks, national interest in security has grown considerably. Clarke said the attacks showed that the United States' enemies are technologically savvy -- and persistent.
"Our future enemies will understand our technology at least as well as we do," Clarke said. To combat this, President Bush in his proposed budget has pushed to increase spending on information security 64 percent, to $4bn, Clarke said. The increase would represent 8.1 percent of the total budget for information technology, he added.
Clarke also praised efforts by companies such as Cisco Systems and Microsoft to pay better attention to security issues. In January, Microsoft chairman Bill Gates sent a memo to employees urging them to pay renewed attention to security issues in products.
The crowd gathered in the conference hall laughed after mention of Microsoft's security push, a strategy that has been frequently criticised in the press. Yet Clarke said the program was no laughing matter.
"Let's not just laugh and be cynical about that promise," he said. "Let's instead say to Bill Gates, 'You are right, and we are going to hold you to it.'"
The RSA Conference is the largest computer security and encryption conference in the world.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Copyright © 1995-2009 CBS Interactive Limited. All rights reserved
ZDNET is a registered service mark of CBS Interactive Limited. ZDNET Logo is a service mark of CBS Interactive Limited.