Want CNET to notify you of price drops and the latest stories?

Security czar: Button up or get hacked

Richard Clarke, the United States' top adviser on cybersecurity, says many companies spend less on computer security than they do on coffee for employees.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
Click here to Play

Securing the Net from cyberthreat
Richard Clarke, White House adviser
SAN JOSE, Calif.--The United States' top adviser on cybersecurity on Tuesday took companies to task, pointing out that many spend less on computer security than they do on coffee for employees.

Richard Clarke, the special adviser to the president on cybersecurity, told security experts at the RSA Conference 2002 here that such complacency leaves the Internet--and many other critical infrastructures--in danger of attack. Clarke cited statistics that indicate that less than 0.0025 percent of corporate revenue on average is spent on information-technology security.

"If you spend more on coffee than on IT security, then you will be hacked," Clarke said during his keynote address. "What's more, you deserve to be hacked."

Software companies have said that during tough times, businesses aren't interested in spending big for security. But Clarke said his own research has found the opposite. He further stressed that the industry needs to work together to secure the Internet as a whole, and that companies should not just worry about their own little piece of the network.

"Let's admit that the emperor's new clothes are rather skimpy sometimes," he said.

Since the Sept. 11 terrorist attacks, national interest in security has grown considerably. Clarke said the attacks showed that the United States' enemies are technologically savvy--and persistent.

"Our future enemies will understand our technology at least as well as we do," Clarke said. To combat this, President Bush in his proposed budget has pushed to increase spending on information security 64 percent, to $4 billion, Clarke said. The increase would represent 8.1 percent of the total budget for information technology, he added.

Clarke also praised efforts by companies such as Cisco Systems and Microsoft to pay better attention to security issues. In January, Microsoft Chairman Bill Gates sent a memo to employees urging them to pay renewed attention to security issues in products.

The crowd gathered in the conference hall laughed after mention of Microsoft's security push, a strategy that has been frequently criticized in the press. Yet Clarke said the program was no laughing matter.

"Let's not just laugh and be cynical about that promise," he said. "Let's instead say to Bill Gates, 'You are right, and we are going to hold you to it.'"

The RSA Conference is the largest computer security and encryption conference in the world.