Never before has it been so evident that the nation's existing cyberdefenses are failing, a former White House security adviser said Wednesday during a panel discussion at the RSA Conference in San Francisco.
Drawing on the recently revealed Google-China attacks as an example, Richard Clarke, former special adviser to President George W. Bush on cybersecurity, said every major U.S. company and government agency likely has been successfully penetrated in industrial espionage operations, resulting in the loss of terabytes of intellectual property.
"They're stealing anything that's worth stealing," said Clarke, now chairman of Good Harbor Consulting. "All the little cyberdevices that the companies here [at the RSA Conference] sell have been unable to stop that...We're having little Pearl Harbors every day."
But Clarke said organizations shouldn't have to even worry about deploying the best security solutions. Instead, he suggested that internet service providers patrol networks and conduct deep-packet inspection for malware. And because the government is not involved, concerns over privacy can be assuaged, he said.
"We have to look for ways where companies don't have to be perfect," Clarke said.
Michael Chertoff, who served as secretary of the U.S. Department of Homeland Security from 2005 to last year, said part of the blame rests with existing security mechanisms, such as passwords.
"The solutions seem so complicated to the average person," Chertoff said. "They feel unempowered and they ignore it."
Better education is required, he said.
"When we structure our security, we have to take into account how people behave," Chertoff said.
The panel, which included Marc Rotenberg, executive director of the Electronic Privacy Information Center, also discussed the need for a government entity tasked with protecting user privacy and civil liberties. Creating such an organization would help the government reclaim some credibility that may have been lost over the last decade due its increasing right to monitor the public in the name of national security.
"This is all about the need to establish oversight measures to balance what you've given the government," Rotenberg said.
Clarke, meanwhile, said the U.S. government also should encourage other governments to sign an international treaty calling for each nation to police its individual cyberspace.