Capital Business recently interviewed Clarke. What follows are edited excerpts from that conversation:
What’s it like working from the private sector as opposed to within the government?
I’ve had the experience of being inside the government for 30 years — perhaps the last half of that at the senior level — and now had the experience of being outside for about a decade. Outside the government, you’re freed up from the coordination and the bureaucracies and the congressional activity, the budgeting activity that really makes it difficult for people in the government to focus on the substance.
You can be more efficient?
Most people in the government, I think, spend three-quarters of their time on non-substantive activities relating to the budget, relating to the Congress, relating to coordination with other departments. It makes it difficult to think big-picture and to connect the dots on a larger canvas.
In the past decade, have you been able to do more?
I’ve written five books in seven years, I’ve taught five semesters at Harvard, I’ve done consulting around the world.
How do you think the government is doing on cybersecurity?
The Defense Department, for the most part, is doing a good job on cybersecurity. I think other departments are working hard to catch up.
What do you recommend?
Every federal department needs to figure out what its risk profile is, just as every corporation needs to figure out what its risk profile is. How can the problems of cybersecurity hurt you? When I was in the government we started out with the Commerce Department, and frankly I couldn’t imagine that there was anything in the Commerce Department that really was too crucial. It turned out there was: They ran the atomic clock, the atomic clock in turn ran the stock market. You really need to ask department by department what could really go wrong if someone wanted to make trouble.
Will there be a significant cyber event in the years ahead?
People keep asking, well, do we have to have a cyber Pearl Harbor in order for people to do the right thing? Implicit in that question is sort of a hope that that will happen and then maybe we’ll fix everything. I don’t know that there ever will be a cyber Pearl Harbor. What I do know is that we’re suffering the death of a thousand cuts in the little Pearl Harbors that are happening every day, where cyberespionage and cybercrime are having a huge cumulative and negative effect. The theft of research and development information, the theft of intellectual property, the theft even of transactional data is giving huge economic advantage to our competitive opponents in other countries. If we all sit around waiting for the apocalypse to do something appropriate on cybersecurity, it may never happen and we may never solve the problem.