(continued from previous page)
master--and a little modesty goes a long way. (Also, lectures on cybersecurity tend to be taken more seriously from an agency that has its own problems under control. See above.)
Besides, how do you know whether a company is spending too little or too much on computer security? Perhaps a company would be better served to focus on R&D to avoid being beaten by a rival. Maybe a CEO should spend more on physical security because valuables are being expropriated by thieves. Perhaps a board of directors should offer more vacation to their employees, or extend product warranties, or relocate to a different city, or a zillion other possibilities.
It's true that an outsider without knowledge of those details can offer some uninteresting platitudes like "security is important" or "use firewalls and VPNs." But in the real world, resources are finite. Realistically, only someone with direct knowledge of a company's individual situation can even hope to know what tradeoffs are wise.
That's individualized knowledge that you--and other government bureaucrats--simply don't have.
Two other ideas might be worth considering. To Clarke's credit, he refrained from endorsing a national ID card. But now the Real ID Act requires Homeland Security to create what could amount to be one. You have some influence here, and could choose to use it to ensure this card--due in May 2008--will be secure and privacy-sensitive.
Finally, you could be an advocate for the widespread use of encryption. Yes, it may foil some police surveillance operations, but the privacy benefits almost certainly outweigh the inconvenience to law enforcement.
Above all, show humility. It will serve you well in this job--and differentiate you from your predecessors in a very complimentary way.
Sincerely,
Declan McCullagh
Biography
Declan McCullagh is CNET News.com's chief political correspondent. He spent more than a decade in Washington, D.C., chronicling the busy intersection between technology and politics. Previously, he was the Washington bureau chief for Wired News, and a reporter for Time.com, Time magazine and HotWired. McCullagh has taught journalism at American University and been an adjunct professor at Case Western University.
See more CNET content tagged:
Richard Clarke, department, conference, security
someone advice. You know that story about people in glass houses
not throwing stones>?? I can't tell you the nubmer of times you
guys have commited sins against the journalistic standard.
Please you guys are pathetic. So why am i here in the first place?
Well I totally overlooked your link in my RSS feed. My bad. I'm
going to fix that right now, because god knows you dont belong in
the NEWS section.
research before writing a letter to the new Asst. Sec. (who is
nothing close to final). For example, the position has never
been termed "cyberczar" officially it is simply one of those the
media created and others less affiliated with the activity have
kept.
First time I've seen his name associated with anything cyber
security related. Oh well, I guess everyone can make a few
mistakes the first couple time. Welcome to the community
McCullagh, you will catch on in time.
There is a good point in the letter, however, the lack of response
to any of the strategy recommendations from 2003. Not much
to show for and a lot of catching up to do.
.
- You guys are the last ones to be giving advice
- by May 31, 2005 6:46 AM PDT
- Cnet, seriously, you guys are the last ones on earth to be giving
- Like this Reply to this comment
-
-
- Here Here
- by May 31, 2005 1:33 PM PDT
- You would think that Declan McCullagh would have done
- Like this View reply
Processing -
(6 Comments)someone advice. You know that story about people in glass houses
not throwing stones>?? I can't tell you the nubmer of times you
guys have commited sins against the journalistic standard.
Please you guys are pathetic. So why am i here in the first place?
Well I totally overlooked your link in my RSS feed. My bad. I'm
going to fix that right now, because god knows you dont belong in
the NEWS section.
research before writing a letter to the new Asst. Sec. (who is
nothing close to final). For example, the position has never
been termed "cyberczar" officially it is simply one of those the
media created and others less affiliated with the activity have
kept.
First time I've seen his name associated with anything cyber
security related. Oh well, I guess everyone can make a few
mistakes the first couple time. Welcome to the community
McCullagh, you will catch on in time.
There is a good point in the letter, however, the lack of response
to any of the strategy recommendations from 2003. Not much
to show for and a lot of catching up to do.
.