Clarke praises IU for IT programs

INDIANAPOLIS -- Former presidential adviser Richard A. Clarke praised IU Friday as the leader in U.S. higher education in protecting vast stores of information in its computer networks from hackers.\nClarke, who has drawn widespread attention this month for criticizing the Bush administration's anti-terrorism efforts, was the keynote speaker at the first Indiana Higher Education Cybersecurity Summit.\nClarke said universities have an obligation to safeguard information such as Social Security numbers, dates of birth and even credit card numbers belonging to students, employees and alumni.\n"Universities around the country have enormous computing power, and that computing power is at many of those universities being hijacked ... to attack other networks, flooding cyberspace with enormous amounts of information, bogus information, that causes networks to collapse and be unable to communicate," Clarke said.\nHis conference appearance at IU-Purdue University-Indianapolis followed his testimony Wednesday in Washington, D.C., before a commission investigating the Sept. 11 terrorist attacks.\nIn Friday's speech, Clarke did not address his testimony. In a subsequent meeting with reporters, Clarke refused to discuss his accusation that the Bush administration scaled back the campaign against Osama bin Laden before the Sept. 11 attacks and undermined the fight against terrorism by invading Iraq -- allegations he also raised in a book published this week.\nClarke, an adviser on counterterrorism and cybersecurity for three presidents, said there was more identity theft on the Internet last year than ever before.\n"The really bad news is 2004 is going to be worse," he said. "What that says is there is chaos in cyberspace.\n"We've seen that happen a lot, but never in the time of crisis. It could be, nonetheless, that an enemy, be it a terrorist group or a nation-state, could in the future utilize University networks the way hackers are on a regular basis now to jam the Internet and prevent it from being available to the government and first-responders."\nHe said the University of California at San Diego this week had to notify tens of thousands of students, parents, faculty and alumni that their privacy information had been compromised by hackers.\n"That's probably happening a lot more often than most universities know," he said.\nClarke said IU, however, has "set the gold standard" for cybersecurity.\n"I'm glad to see that one university in this country, IU, is taking that seriously, and working with IU and other universities, we hope to be able to establish the sorts of practices that are now here at IU at other major colleges and universities," Clarke said.\nHe would not say what Indiana is doing that other universities are not.\n"One of the great things about cybersecurity is you don't reveal all your tricks," Clarke said. "You don't reveal all the ways that you're defending your network because that makes it too easy for the hacker to get around them. Let me just tell you ... I was mightily impressed. I've never found another university in this country that's doing anything near as well as IU is."\nIn general, he said, universities should educate their own students, faculty and administration in cybersecurity and in writing more secure software.\n"The reason we're having these problems in cyberspace is we've turned out a generation of people with degrees in computer science and no understanding of cybersecurity," he said.