"We don't want to create the Federal Internet Security Regulatory Agency," said [Richard Clarke]. Clarke wants businesses and government agencies to work together voluntarily on tougher network security standards to protect their computer systems from small-time criminals and international terrorists alike.
Clarke said it would be very difficult to fairly assess the liability of computer companies in a security breakdown. "To date there's not been a successful case of anybody bringing a legal liability case," he said in an interview before last night's town meeting. "I'm told by the lawyers that liability law doesn't cover that kind of thing, has never covered that kind of thing." Clarke added that the [Bush] administration doesn't support the idea of drafting such a liability law.
Instead, Clarke wants computer experts in particular industries, such as banking and health care, to work together on security standards and systems that are compatible with the way computers are used in those industries. Clarke said the banking industry and several others already have formed such working groups, called Information Sharing and Assessment Centers, or ISACs. Each ISAC will be able to establish a set of "best practices" for computer security. Companies that fail to meet those standards could suffer a loss of business, as clients seek out those with better data security.