Reboot 25: The influencers
Blessed are the influencers for they will make a true difference – through policy, vision, drive, innovation and ideas – in the course of information security. What sets our selection apart is that they've held significant sway on the direction of IT security.
Richard Clarke, chairman, Good Harbor; author; former federal cybersecurity czar
Richard Clarke doesn't pull any punches about what he thinks of the state of cybersecurity today – or the people and institutions charged with handling it. At February's RSA Conference in San Francisco, Clarke took a jab at Edward Snowden (saying Snowden being called a whistleblower makes his blood boil). He also took on National Security Agency (NSA) critics in other countries; called for politicians and officials to up their cybersecurity game (it would be easier if they “learn about information and how it's collected”); and demanded guidance for the NSA (policymakers should clarify “what they want collected and not collected”).
But Clarke does more than use his words. He's widely known as a man of action, putting in 30 years in government as a diplomat in the State Department and in the Pentagon, as well as serving as a security guru to three presidents (Clinton, George W. Bush and Obama) before becoming CEO of Good Harbor Security Risk Management, a Washington, D.C.-based consultancy advising companies and governments on cybersecurity.
His work as a cybersecurity czar and adviser to presidents – his assessment of the latter is detailed in his book Against All Enemies – earned him a slot as an SC Magazine Industry Pioneer back in 2009. His continued efforts to strengthen cybersecurity and work with the Obama administration have clearly evolved Clarke into a widely recognised Influencer.
He drew the public into the debate with his 2010 book Cyber War: The Next Threat to National Security and What to Do About It. And his 300-page “Review Group on Intelligence and Communications Technology,” requested by President Obama, made 46 recommendations for tightening NSA security and improving transparency of U.S. surveillance activity.
James Lewis, senior fellow and director of the strategic technology programme, CSIS; professor, Johns Hopkins University
Admitting to a fascination with computers “back in the stone age” of computing, Lewis used mainframes “as an analytical tool in grad school and realised they had immense potential.” When he joined the State Department in the late 1980s, they were still “an alien presence.” But his programming skills didn't go unnoticed by Dick Clarke, then in the Politico-Military Bureau, who sent him to work at the NSA on an initiative that Lewis thought was “unworkable,” the Clipper chip and encryption policy.
He quickly changed assignments and by the time he left the State Department for another government agency, Commerce, he had two, what turned out to be lucrative, White House working groups in his portfolio – secure public networks and e-commerce.
“I found that policy on network security had advanced two inches in three years and decided to assign one of my deputies to cover it when the Director of Central Intelligence walked into an IWG and said, “I have the solution,'” says Lewis. “He didn't, but he broke the gridlock on thinking about how to secure the internet and I decided to stay. That was 1996.”
And the cybersecurity industry has felt his influence ever since. As a member of the U.S. Foreign Service and Senior Executive Service, he worked, among other things, on internet policy. During his tenure at the bipartisan, nonprofit Centre for Strategic and International Studies (CSIS), Lewis has testified numerous times before Congress on cybersecurity issue and served as the project director for the CSIS Commission on Cybersecurity for the 44th President, penning “Securing Cyberspace for the 44th Presidency,” the best-selling report that has informed U.S. policy and which has been recognised by President Obama.
But Lewis is not finished yet. “CSIS helped put cybersecurity on the map, but the current discussion just repeats things from five years ago,” he says. “I want new ideas on how the U.S. secures infrastructure without economic harm, how countries cooperate in cyberspace, and how countries adjust to the convergence of privacy, internet governance and cybersecurity.” To that end, CSIS is starting a new cyber institute and has projects underway “on the internet of things, information sharing, military use, and governance.”
The internet, Lewis contends, will be very different in five or 10 years. “I want to identify trends, issues, and policies that let us get the full benefit of networked computing – the potential I saw in my TRS-80 three decades ago,” he says.