Richard Clarke, the special adviser to the president on cybersecurity, told security experts at the RSA Data Security Conference here that such complacency leaves the Internet--and many other critical infrastructures--in danger of attack. Clarke cited statistics that indicate that less than 0.0025 percent of corporate revenue on average is spent on information-technology security.
"If you spend more on coffee than on IT security, then you will be hacked," Clarke said during his keynote address. "What's more, you deserve to be hacked."
Software companies have said that during tough times, businesses aren't interested in spending big for security. But Clarke said his own research has found the opposite. He further stressed that the industry needs to work together to secure the Internet as a whole, and that companies should not just worry about their own little piece of the network.
"Let's admit that the emperor's new clothes are rather skimpy sometimes," he said.
Since the September 11 terrorist attacks, national interest in security has grown considerably. Clarke said the attacks showed that the United States' enemies are technologically savvy--and persistent.
"Our future enemies will understand our technology at least as well as we do," Clarke said. To combat this, President Bush in his proposed budget has pushed to increase spending on information security 64 percent, to US$4 billion, Clarke said. The increase would represent 8.1 percent of the total budget for information technology, he added.
Clarke also praised efforts by companies such as Cisco Systems and Microsoft to pay better attention to security issues. In January, Microsoft Chairman Bill Gates sent a memo to employees urging them to pay renewed attention to security issues in products.
The crowd gathered in the conference hall laughed after mention of Microsoft's security push, a strategy that has been frequently criticized in the press. Yet Clarke said the program was no laughing matter.
"Let's not just laugh and be cynical about that promise," he said. "Let's instead say to Bill Gates, 'You are right, and we are going to hold you to it.'"
The RSA Data Security Conference is the largest computer security and encryption conference in the world.
