[ISN] Clarke book cites management, info-sharing problems at DHS
InfoSec News
isn at c4i.org
Wed Mar 24 07:01:33 EST 2004
http://www.computerworld.com/securitytopics/security/story/0,10801,91561,00.html
[http://www.amazon.com/exec/obidos/ASIN/0743260244/c4iorg - WK]
News Story by Dan Verton
MARCH 23, 2004
COMPUTERWORLD
The Bush administration's homeland security strategy, including its
new emphasis on cybersecurity, is poorly managed and being held
hostage to decades-old cultural and turf battles, according to a new
book out this week by former White House adviser Richard Clarke.
Clarke's book, Against All Enemies, hit stores yesterday and caused an
immediate uproar in Washington. In it, Clarke accuses the Bush
administration of politicizing the war on terror and forcing a virtual
army of professional staffers to pull recalcitrant senior officials to
the realization that national threats had changed and required new
defenses.
Clarke ended a 30-year career in government last March as chairman of
the President's Critical Infrastructure Protection Board and the de
facto cybersecurity czar.
In 291 pages that describe detailed conversations and meetings with
the president and many of his key cabinet members, Clarke paints a
portrait of an administration so sidetracked by the idea of deposing
Saddam Hussein that many officials charged with setting up the new
Department of Homeland Security and improving information sharing
across agencies quit in frustration.
Even on Sept. 11, 2001, the ability of Clarke and other members of the
president's senior White House staff to communicate and direct a
response to the terrorist attacks was severely hampered by poor
communications, according to Clarke.
"The comms in this place are terrible," said Vice President Dick
Cheney, according to Clarke. He was referring to the East Wing bomb
shelter in the White House.
"Now you know why I wanted the money for a new bunker," replied
Clarke.
"I could not resist," he wrote later. "The President had canceled my
plans for a replacement facility."
The FBI under former director Louis Freeh also falls squarely in
Clarke's cross hairs for failing to take the issue of information
sharing and IT infrastructure seriously.
"The lack of computer support was a failure of the bureau's
leadership," wrote Clarke. "Local police departments throughout the
country had far more advanced data systems than the FBI. In New York,
I saw piles of terrorism files on the floor of the [FBI Joint
Terrorism Task Force]. There was only one low-paid file clerk there,
and he could not keep up with the volume of paper that was being
generated. There was no way for one agent to know what information
another agent had collected, even in the same office."
This was in "stark contrast to the CIA, NSA and the State Department,"
wrote Clarke, "which flooded my secure e-mail with over 100 detailed
reports every day."
Eventually, the volume of intelligence reporting became so great after
the terrorist attacks that Clarke established a threat subgroup
charged with tracking intelligence leads in a program made famous by
the television program Threat Matrix. Many people would be surprised
to learn, however, that the infamous threat matrix is nothing more
than an Excel spreadsheet, according to Clarke.
Clarke describes a conversation he had with a veteran FBI official who
likened the agency to an aircraft carrier. "It takes a long time to
stop going in one direction and turn around and go in another," the
official told Clarke.
Senior officials at the Department of Homeland Security are also
faulted for mishandling the massive merger of 22 federal agencies and
200,000 employees. Clarke calls Secretary of Homeland Security Tom
Ridge "at root a politician, not a manager nor a security expert."
Clarke claims that the administration downgraded the importance of
homeland security in favor of the war in Iraq, and in an interview
with Computerworld last week, Clarke said cybersecurity and
critical-infrastructure protection suffered the same fate.
"They've demoted the issue from a White House issue to being an issue
four or five levels down in the Department of Homeland Security," said
Clarke. Asked about the charges that his office succumbed to industry
pressure and at the last minute ripped the teeth out of the National
Strategy to Security Cyber Space, which Clarke released in February
2003 just before leaving government, Clarke called such claims "an
urban legend."
He doesn't address the national strategy in detail in his book but
does say that he and deputy Roger Cressey worked on the issue of
cybersecurity for a year "before quit[ting] the administration
altogether."
The creation of the DHS was flawed from the start, according to
Clarke. It should have been done in phases. Instead, dozens of
agencies were simultaneously merged into one in an effort that was the
equivalent of the AOL/Time Warner merger "multip[lied] by several
orders of magnitude."
Fixing the DHS will require the creation of a management cadre from
the best and the brightest of the civil service, military and private
sector, according to Clarke. The DHS must become a place where senior
managers want to work, he wrote, saying that it must become "the GE of
the government." Hiring bonuses may be needed, but creating a halo
effect costs money.
"Regrettably, the administration sought to do homeland security on the
cheap, telling Ridge that creating the new department has to be
'revenue neutral,' jargon for no new money to implement the largest
government reorganization in history," Clarke wrote.
More information about the isn
mailing list