Cybersecurity Czar Issues Farewell Warning

U.S. government cybersecurity chief Richard Clarke Friday confirmed plans to quit the post and is bidding farewell with a warning that “sophisticated” hacker attacks could cripple the nation’s IT backbone.

In an e-mail to colleagues that was leaked to sections of the media, Clarke said he is leaving to look for a job in the private sector and warned that a sophisticated version of the ‘Slammer’ worm, which wreaked havoc on IT systems worldwide, could be devastating.

Clarke characterized the worm as “dumb” and said it was “easily and cheaply made” but warned that Internet vulnerabilities can still be exploited by sophisticated attackers. “As long as we have vulnerabilities in cyberspace and as long as America has enemies, we are at risk of the two coming together to severely damage our great country,” the former counter-terrorism advisor wrote.

Clarke did not address reports that claimed he was quitting because of dissatisfaction with positions offered to him in the new Department of Homeland Security (DHS), but government sources speaking under condition of anonymity said he felt he was being sidelined because the jobs on offer were considered a “demotion” from the job as security czar.

Clarke, the former coordinator for security, infrastructure protection and counterterrorism at the National Security Council (NSC), has spent the bulk of his time as President Bush’s cyberspace security advisor preparing a comprehensive National Strategy to Secure Cyberspace, a document that will spell out recommendations for preventing and responding to Internet-based disruptions.

The document, which is expected to be published next month, has drawn controversy from all sides over the extent of Clarke’s recommendations but he described the battle plan as “essential to the health of the nation’s economy and the security of the country.”

Meanwhile, Clarke’s decision to step aside has set tongues wagging in government circles about his likely replacement, with sources hinting that former chief of security at Microsoft Howard Schmidt is the frontrunner to land the gig.

Schmidt, who raised eyebrows when he said the “Slammer” worm only caused “collateral damage” to the nation’s most important electronic systems, also absolved Microsoft of blame for the attacks even though many security sources argue that the patches Microsoft issued for the buggy SQL were “self-contradictory and impossible to apply.”

If Schmidt lands the job, it is sure to be viewed as a coup for the Redmond, Wash.-based software giant, which has struggled though a public relations nightmare over security of its products.

However, some insiders caution that the Department of Homeland Security (DHS) might not even fill the vacancy and instead distribute Clarke’s chores among existing staff. “Dont be surprised if [Clarke’s responsibilities] become farmed out to DHS staff,” one source said.

Other names being floated for the job include Steve Cooper, who now serves as CIO at the Office of Homeland Security (OHS) and a special assistant to President Bush, and Jim Llyzik, the OHS advisor on IT issues.

Cooper is former CIO at Corning and Llyzik served a stint as chief information officer at the Treasury Department and is highly thought of within the administration.

Patrick Schambach, former ATF assistant director; Ronald Miller, who helped the creation of the Homeland Security Department; and Lee Holcomb, the former chief information officer at NASA are also being mentioned as possible replacements for Clarke.