Three White House Press Office releases.
Re: plan for critical infrastructure protection.
Date: January 7, 2000.
Source: White House Office of the Press Secretary.

PRESIDENT CLINTON AND VICE PRESIDENT GORE:
PROMOTING CYBER SECURITY FOR THE 21ST CENTURY

January 7, 2000

Today, President Clinton launches the National Plan for Information Systems Protection and announces new budget proposals for initiatives to strengthen America's defenses against the emerging threats posed to our critical infrastructure, computer systems, and networks. The United States has benefited form the most advanced information technology (IT) infrastructure in the world. This same IT infrastructure, however, makes us particularly vulnerable to cyber attack. The most vital sectors of our economy -- power generation, telecommunications, banking and finance, transportation and emergency services -- are potentially susceptible to disruptions from hackers, terrorists, criminals or nation states. President Clinton has increased funding on critical infrastructure substantially over the past three years, including a 16% increase in the FY2001 budget proposal to $2.03 billion. He has also developed and funded new initiatives to defend the nation's computer systems from cyber attack. To jumpstart the FY01 program initiatives, the President will also propose a $9 million supplemental this spring.

In the 18 months since the President signed Presidential Decision Directive 63, we have made significant progress in protecting our critical infrastructures. Last year the President called for the development of a National Plan to serve as a blueprint for establishing a critical infrastructure protection (CIP) capability. Version One, the "National Plan for Information Systems Protection," was released today. It is called Version One and invites a national dialogue leading to future editions. This plan lays out two broad goals: the establishment of the U.S. government as a model of information security, and the development of a public-private partnership to defend our national infrastructures. The Federal Government as a Model of Information Security. The Clinton has developed and provided full or pilot funding for the following key initiatives designed to protect the federal government's computer systems:

• Working to Recruit, Train and Retain Federal IT Experts. We have developed and provided FY2001 funding for a Federal Cyber Services Training and Education initiative led by OPM and NSF which calls for two programs: the first is an ROTC-like program where we pay for IT education (B.S. or M.S.) in exchange for federal service; and the second is a program to establish competencies and certify our existing IT workforce. ($25 million)
  
• Conducting federal agency vulnerability analyses and developing agency CIP plans. Federal agencies have all developed CIP plans, and these have been reviewed by a newly created "Expert Review Team" (ERT) of federal computer security experts. We have also established the ERT as a permanent team (at the Commerce Department's NIST), with funding lines in FY2000 and 2001. ($5 million)
  
• Designing a Federal Intrusion Detection Network (FIDNET). To protect vital systems in Federal civilian agencies, we are providing funding for development of a cyber "burglar alarm" which alerts the federal government to cyber attacks, provides recommended defenses, establishes information security readiness levels, and ensures the rapid implementation of system "patches" for known software defects. ($10 million)
  
• Piloting Public Key Infrastructure Models. The Clinton Administration is funding seven PKI pilot programs in FY2001 at different federal agencies. ($7 million)
  
• Developing Federal R&D Efforts. In addition to the Institute, we have worked to ensure that R&D investments in computer security will grow more then 35% in the FY2001 budget. ($621 million) Building the Public-Private Partnership. The President is committed to building partnerships with the private sector to protect our computer networks through the following initiatives:
  
• Institute for Information Infrastructure Protection. Building on a Science Advisory Panel, we are proposing to create an Information Infrastructure Institute which would combine federal and private sector energies to fill the gaps in critical infrastructure R&D that are not now being meet in the private sector or the Department of Defense. It would also provide demonstration and development support in key areas like benchmarks and standards, and curriculum development. ($50m)
  
• Partnership for Critical Infrastructure Security. This alliance of more than ninety Fortune 500 companies is spearheaded by Secretary Daley and had a successful kickoff in New York on December 8th. We will build on this partnership to provide public education and cooperation with the private sector on a wide variety of information security issues
  
• Information Sharing and Analysis Centers (ISACs). Two of the proposed six private sector computer security centers have been established (banking and finance and telecommunications). We are working with the other four sectors to get their proposed ISACs operational in 2000.
  
• National Infrastructure Assurance Council. The President signed an Executive Order creating this advisory Council, last year. Its members are now being recruited from senior ranks of the IT industry, key sectors of the corporate economy, and academia.

THE WHITE HOUSE
Office of the Press Secretary

FACT SHEET

Institute for Information Infrastructure Protection

The President proposed today the creation of the Institute for Information Infrastructure Protection to identify and fund research and technology development to protect America's cyberspace from attack or other failures.

The Institute will fill research and other key technical gaps that neither the private sector nor the government's national security community would otherwise address, but that are necessary to ensure the robust, reliable operation of the national information infrastructure.

The President announced he would propose initial funding of over $50 million for the Institute in his budget to be submitted next month. Funding would be provided through the Commerce Department's National Institute of Standards and Technology (NIST).

The Institute was first proposed by the scientists and corporate officials who served on the President's Committee of Advisors on Science and Technology, and then supported by leading corporate Chief Technology Officers (CTOs).

The Institute will work directly with private sector information technology suppliers and consumers to define research priorities and engage the country's finest technical experts to address the priorities identified. Research work will be performed at existing institutions including private corporations, universities, and non-profit research institutes. The Institute will also make provisions for private sector funding for some research activities.

THE WHITE HOUSE
Office of the Press Secretary

FACT SHEET

Federal Cyber Services Training and Education Initiative

The President announced today a $25 million funding proposal for the Federal Cyber Services (FCS) Training and Education initiative led by OPM. The demand for information technologists and information security specialists has grown faster than the supply. In both the public and the private sector, there is a dearth of qualified new professionals in information security. The National Plan for National Information Infrastructure, which details the FCS initiative, calls for the following five programs to address this challenge. Vigorous implementation of these programs will help address the current shortages of information security personnel.

• A study by the Office of Personnel Management to identify and develop competencies for federal information technology (IT) security positions, and the associated training and certification requirements.
  
• The development of Centers of IT Excellence to establish competencies and certify current Federal IT workers and maintain their information security skill levels throughout their careers.
  
• The creation of a Scholarship for Service (SFS) program to recruit and educate the next generation of Federal IT managers by awarding scholarships for the study of information security, in return for a commitment to work for a specified time for the federal government. This program will also support the development of information security faculty.
  
• The development of a high school recruitment and training initiative to identify promising high school students for participation in summer work and internship programs that would lead to certification to Federal IT workforce standards and possible future employment.
  
• The development and implementation of a Federal INFOSEC awareness curriculum aimed at ensuring computer security literacy throughout the entire Federal workforce.