Slashdot Mirror
Bush Names New Cyber Security Czar
goombah99 writes "The Washington Post reports that Cybersecurity "czar" Richard Clarke has confirmed widespread reports that he is leaving the White House, to be replaced by former microsoft security chief Howard Schmidt. He was also part of the Air Force's 'Computer Crime and Information Warfare division'. In related news, the National Strategy to Secure Cyberspace has received Bush's signature and will be released to the public in the next few weeks. Clark's blunt staements on the to the need to avoid erosion of privacy rights is rumored to have rubbed the administration the wrong way, prompting his exit. Anyone know how Schmitt will view the relative security of closed versus open source?"
Nothing says "Security" better to me than "Former Microsoft Security Chief".
screen of death
Our top story - Previous cyberspace advisor sacked after coming worringly near to sticking up for rights of normal Americans. Now replaced by Microsoft "security" manager in amusing henhouse/fox style situation. Corporations breathe freely again. Film at 11.
"To any truly impartial person, it would be obvious that I am right."
Next, RIAA advisor appointed as judge in IP case, Disney spokeperson heads the new congressional committee for copyright term balance, and Pakistan appoints Hans Blix's replacement at the head of the UN Arms Inspectors Committee.
Daniel
Carpe Diem
Nothing says "Security" better to me than "Former Microsoft Security Chief".
Look, do you want extensive experience or not? I trust this guy to have run into more security problems than just about anyone else out there.
I wonder if he leaned more toward engineering (and the godawful CryptoAPI) or policy (and the signing procedures that let Nimda get out)?
On a more realistic note, in terms of practical security benefit, the recent spending of taxpayer dollars on a set of minimum Windows security standards (the "Gold Standard") is probably one of the most cost-effective things that could have been done for nationwide security. Even if it grates those Linux/Mac OS/etc people among us the wrong way... It beats blowing more money on facial recognition at Super Bowls.
May we never see th
According to his biography here. From his bio, it doesn't sound like he's a dyed in the wool microsoftie.
Instead of making jokes or clamoring about how this is a bad (or good) thing, let's try to figure out what this guy is about.
Any signal out there?
My father is a blogger.
I've worked for the Dept of the Navy for 6 years now,4 years as an active marine and 2 for a navy contractor and I've seen a trend in the Navy/MC away from microsoft products and their consultation.
But then again, it doesn't mean that everything will be MS because he's a former MS officer, but it is more than possible. If anything he may have a VERY humble attitude toward things because I'm sure he's been the brunt of many criticisms from his past post.
It's no secret MS has had problems with security.
But I wonder what this will mean for upcoming copyright and piracy issues involving computer software and the like. Since he comes from a company where the doctrine is pretty strict in terms of copyrighting and such, we will see a severe change in the laws?
"Clark's blunt staements on the to the need to avoid erosion of privacy rights is rumored to have rubbed the administration the wrong way, prompting his exit"
Well if the previous guy was removed because he was in favor of keeping privacy rights a concern, this may indeed be the case.
Overall, I can't say this is a good sign.
Excuse my above ramblings, I have strep throat and it's driving me crazy.
"In heaven, the Italians do the cooking, the Swiss do the accounting, the German fix the cars, the French are the lovers, and the British are the police.
In hell, the English do the cooking, the Italians do the accounting, the French fix the cars, the Swiss are the are the lovers, and the Germans are the police".
I guess we can add something about who's in charge of cyber security in either places... and I'm pretty sure where Microsoft has a bigger footprint.
Oh, I can't help quoting you because everything that you said rings true
Just to point out... According to the article, this guy was in charge of Microsoft's network's security, not Microsoft's software's security. The fact that he has been able to keep that web site, which runs on NT, from being cracked for so many years must qualify him as some sort of security god.
(If I am misinformed, and microsoft.com has actually been cracked and defaced at some point in the past, do tell...)
United States SP1
This service pack addresses the following security holes and bugs found in the current public release of United State version 2003:
- free speech buffer overruns
- memory leaks of useless patents
- higher intelectual property security
- copyright roll-over
- civil rights run away processes
- stronger backdoors for stronger crypto
- cpu race conditions
- elimination of privacy APIs
Quoting the last five (short) paragraphs of the story:
Is anyone else disturbed by the way first choice candidates seem to be running away from any involvement with government internet security?
Here are a few legitimate concerns in order of importance (in my mind of course).
1. Blackmail: If this security chief assisted in any of Microsoft's prior bad acts (DR-DOS episode is just one example) and is vulnerable to a criminal charge, he's vulnerable to blackmail. That makes him singularly inappropriate to head a sensitive position such as this one.
2. Incompetence: He's a former head of MS security. His performance is part of the reason that MS had the trusted computing initiative after he left because security was so screwed up.
3. Unwillingness to choose honest dealing with the public over self-interest: He never blew the whistle on MS even though security people generally know where all the bodies are buried. A lot of insecure systems are out there on the Internet in part because he didn't want to make waves. That is not necessarily what you want in a govt. job.
*****
Before joining Microsoft, he was a Supervisory Special Agent, Director of the Air Force Office of Special Investigations, Computer Forensic Lab and Computer Crime and Information Warfare. (HQ AFOSI/CCI). Under his direction he established the first dedicated computer forensic lab in the government. The AF specialized in conducting investigations into intrusions in government/military systems by unauthorized persons in counter intelligence and criminal investigations.
Before AFOSI he was with the FBI at the National Drug Intelligence Center (NDIC) where he headed the Computer Exploitation Team as a Computer Forensic Specialist. As one of the early pioneers in the field of computer forensics and computer evidence collection, he continues to provide training support to an international audience dealing with the new challenges around computer evidence collection and processing.
He was a City police officer from 1983-1994 with the city of Chandler Police Dept. Arizona. He served on the SWAT team, organized crime and narcotics investigations and field sergeant. While there he was detailed to the FBI academy teaching classes in the use of computers in criminal investigations for approximately 2 years.
Howard has over 31 years public service having served with the US Air Force in various roles from 1967-1983 both active duty and in the civil service. He has served in the military reserves since 1989 and currently serves as a Credentialed Special Agent, US Army Reserves, Criminal Investigation Division (CID). He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet activity.
He holds a Bachelors Degree in Business Administration, (BSBA) and a Master of Arts in Organizational Management (MAOM). He also has a Technician class Ham Radio License, and a Single Engine Land pilots license.
******
Hey folks, remember before you kneejerk -- there are more types of security than what programmers think of when they hear the term.
~REZ~ #43301. Who'd fake being me anyway?
Second, if he was ever head of MS security, he is used to dealing with extremely difficult situations and has handled his share of disasters. Overall, that job would provide great experiance understanding the tradeoffs made between functionality, ease of use and security. Also, a good understanding of how some software companies resolve security issues and how to lead an effort to address security flaws in software. Probably an ideal background overall.
I had the opportunity to meet and interview Clarke when he came to my school last year to give a speech as part of a post-9/11 outreach program to CS faculties around the nation. (In fact, I wrote an article about it for our school newspaper, if you're interested.) He really handled himself well. The crowd was more or less 100% engineering and CS faculty, grad students, and the type of smart undergrads that would actually care about such a thing, in other words a tough crowd to play to. And I think everyone was a pretty skeptical at the outset that any government official would know his ass from a hole in the ground when it comes to IT policy, so-called "cybersecurity" (blech), and such. But he did! After he spoke he gave about a 40 minute Q&A where people asked him all sorts of tough and sometimes really esoteric questions concerning software patents, the DMCA, network security, hell, something about quantum computing even came up. His knowledge was impressive and, even more heartening, when he didn't know the answer he just said so rather than bullshitting. All in all I left with a good feeling that this guy was the White House's go-to man for IT policy and would be protecting our computers from the terrorists. Now it sounds like he got fired because he wasn't quite fascist enough for the Bushies, which is really depressing. Guess I should have seen it coming all along.
I think there is a world market for maybe five personal web logs.
About 15 years ago, I was working on for a consulting firm (which shall remain nameless here ;-) that does mostly government contract work. I was one of a small group that was assigned the task of analyzing and reporting on security issues with the growing collection of commercial networked small computers. My task was mostly collecting and/or writing security-test software.
After a couple of months, the security guys discovered some of the things that I'd collected (or written). I was summarily fired.
During the discussions, my boss observed that I was perhaps lucky that they didn't decide to prosecute me. He thought that there were two reasons they merely fired me: 1) I was doing the job that I'd been assigned, and 2) They were afraid that my lawyer would merely demand that all the evidence against me be presented in court.
Within six months, all the rest of the group had quietly resigned. I'm still in occasional contact with some of them. None of us has ever accepted another security-related job.
Computer security is of growing importance. But nobody with much experience in it is likely to accept a government job. I wouldn't avise anyone to take such a job, unless you know that you have the power and money to defend yourself when the inevitable happens.
(It might be interesting to hear from others with similar experiences. Of course, the poster boy for this whole topic is Randal Shwartz. Google him and read all about it.)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
When I hear about a the "Drug Czar" I am reminded about the "war on drugs" that has already cost us plenty of civil liberties and caused a violent and expensive black market for drugs.
The idea of a "Cyber Security Czar" frightens me even more, especially given the fact that the Bush Administration doesn't seem to care jack squat for the rights and privacy of American citizens.
The fact that it seems they dismissed the old Cyber Security Czar because he was actually sticking up for the privacy of citizens (and thus not working towards Bush's vision of a facist-style government in which citizens are reduced to flag-waving serfs with no actual rights) scares me quite a bit.
"You spoony bard!" -Tellah