Lacking Defense in Cyber War with Richard Clarke

by rmacmich on Tuesday, June 1, 2010

On the landmark 50th episode of Silver Bullet, Gary talks with Richard A. Clarke. Richard Clarke is an internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. Gary and Dick discuss what needs to change in order for the United States to focus more attention on defense against cyber war (as opposed to offense). They also discuss the importance of software security in preventing cyber crime and cyber war, network scanning as a part of Dick’s “Defensive Triad,” and balancing cybersecurity against individual liberty. We also uncover whether being a guest on Silver Bullet is more stressful than being on The Colbert Report.

This special edition of Silver Bullet was also captured on video. View the video below (for those on feed readers, go to this episode’s page for the video):

  • Menlo Technical

    This is a great interview.
    For those who did not watch / listen to this, it needs to be said that Richard mentions a common case wherein a CEO has been told that a breach happened, and asks the CIO “WHY did I spend so much money on all these preventative measures?!? Aren’t we protected?” Richard basically implies that the CIO has to confess that the equipment doesn’t work.

    If Richard’s comment is misunderstood, a less technical CEO would believe they really do not need to buy any of these protective devices and softwares since it is costly and cannot help. From my experience – CEO’s and business owners often believe they can disregard the need for these costs and take comments like Richard’s out of context.

    Speaking as a consultant to CIOs, protecting a corporate network infrastructure may seem dismal and pointless, as Richard says, because there are always going to be attacks which could possibly get in to the ‘secure’ corporate network.
    But disregarding security and a CIO’s attempt to help the corporate information security is not intelligent. If a company has used this ‘expensive equipment’ and held off from infection for a time – then in fact, that protection HAS helped the company. There are viruses, trojans. malware and worms that constantly get re-released and float within the Internet ready to attack. They come from SPAM, redirected Internet traffic, unpatched clients, web banner ads, social network exploits, lack of continued training with employees, etc. A CIO has to use MANY concepts and strategies in order to protect the network and allow business to function with the Internet.

    A CIO budget DOES help a company, but it is an ongoing ever-changing landscape and CIO’s need to be on the ball ALL the time. Today’s protection is only a fraction of tomorrow’s needs.

  • Brad Burmeister

    Wow! how you create is basically spectacular