Clarke Addresses Cyber
Security on Capitol Hill |
2/13-14. Richard Clarke, Special Advisor to the President
for Cyberspace Security, addressed cyber security issues on
Capitol Hill. He briefed the Senate Judiciary
Committee's Administrative Oversight and the Courts
Subcommittee on February 13. See, opening
statement and excerpts from question and answer session.
He also gave a speech
at a luncheon hosted by Sen. Jay Rockefeller
(D-WV) and Sen. Bill Frist
(R-TN) on February 14.
He explained the origin of the cyber security problem at the
February 14 luncheon. "We see that something remarkable
happened in the course of the 1990s. Something akin to the
industrial revolution occurred. ... What did happen is that
every sector of our economy and government moved the operation
of critical functionality onto network systems. ... everybody
moved all of their operations on to these network systems, and
are now dependent upon them. ... And in doing this migration
of functionality into these network systems, we did not, as a
nation pay enough attention to designing security in. In
effect, we took systems that were designed to do something
very different, and we made them do a great deal. We made them
run our country. That was great for us in terms of
productivity increases. It was great for us in terms of
lowering the cost of doing business. But it was bad for us in
the opening up of vulnerability, because the software, the
hardware, the overall architecture was never designed with the
thought that somebody maliciously would attack it. And so, we
have legacy systems proliferated throughout our economy that
are very vulnerable to attack."
He also addressed what to do about cyber threats. He stated
that "We have to think of it primarily first as a
software and hardware architecture problem, not as a criminal
problem, not as an intelligence problem, not even as a
national security problem, primarily. We have, first, get the
government to serve as an example." He stated that the
President's FY 2003 budget request contains a 64% increase for
government IT security.
He continued that the private sector needs to do the same
thing. He said that "we need a partnership between the
private sector and the government to share information, to get
over the roadblocks of secret and top secret, to share
information, to share the burden for research and development,
and to cooperate in an effort to secure our infrastructures.
And to do all of this, without heinous regulation. Because, if
the government tried to regulate IT security, it would never
achieve it. So, we are going to try to do this in partnership,
and using market forces."
Clarke went into more detail in his longer briefing of the
Senate Judiciary Committee. He was the sole briefer. Sen. Charles Grassley
(R-IA) and Sen. John
Edwards (D-NC) both appeared briefly. Otherwise, the
entire proceeding was conducted by Sen. Charles Schumer
(D-NY). Hence, the proceeding was conducted more like a
deposition than a typical Congressional hearing.
Clarke reviewed the vulnerabilities of networked computer
systems, and the spectrum of threats to them. He stated that
to date terrorist groups, such as "Hamas, Hezbollah, Al
Queda", have used the Internet for propaganda and fund
raising, but not for cyber attacks. However, he added,
"That may be about to change, because, ... there is
evidence that Al Queda was using the Internet to do at least
reconnaissance of American utilities, and American facilities,
by going to publicly available web sites, where all too often
we have too much information about our facilities."
Sen. Schumer asked Clarke why the U.S. has been spared so far
from cyber attacks. Clarke responded, "You don't know
what you don't know. And we clearly do not know whether or not
there have already been successful penetrations of our
networks, that we don't know about. If I were a betting
person, I would bet that many of our key networks have already
been penetrated. The trap doors, or trojan horses, or logic
bombs, may already be in many of our key
infrastructures."
Sen. Schumer asked about the capability of nation states to
conduct cyber attacks. Clarke stated that he could not assess
this. He elaborated that "this is one of the differences
between, say, weapons of mass destruction, and information
warfare weapons. As you well know, when we were looking at
Iraq, to see if they had nuclear weapons, or when we look at
Iran to see if it has biological weapons, there are things
that we can look for, that our satellites can take pictures
of. You can look for, particularly, types of facilities, and
try to estimate, based upon the things like what they are
buying, and what, how far along they are in the process of
weapons development. ... But, on information warfare, there is
nothing for our satellites to take a picture of. And, it is
not possible to take a look at what there procurement records
are, and deduce from that that they have this capability or
that capability. So, it is a little bit tougher to know how
far along they are."
Sen Schumer asked about the U.S. policy regarding retaliation
for cyber attacks. Clarke stated that "I think we have
had a policy that has not been well known. But I think that it
is a fairly well articulated policy, for the last several
years, which is that anyone that engages information warfare
against us, be they a nation state, or a terrorist group, has
to realize that we will respond in whatever way we think is
appropriate. Somehow, people have gotten the idea in some
academic circles that if an information warfare attack is
launched on the United States, the only thing that we can do
is respond with information warfare attacks of our own. That
is not true. If we find a terrorist group or a nation state
that is engaged in information warfare against us, we reserve
the right to respond in any way appropriate -- through covert
action, through military action, any one of the tools
available to the President." |
|
|
|
Administration Supports
Cyber Security Exception to FOIA |
2/13. Richard Clarke, Special Advisor to the President for
Cyberspace Security, stated that the administration supports a
narrowly crafted amendment to the Freedom of Information Act (FOIA)
to provide incentives to the private sector to provide
information to the government regarding cyber security.
Clarke briefed the Senate
Judiciary Committee's Administrative Oversight and the
Courts Subcommittee on February 13. Sen. Charles Grassley
(R-IA), who initiated the discussion, stated that "the
government's vitally important work to protect critical
infrastructure can only be done in partnership with private
industry. For that to happen, I think we all know there has to
be trust. But the private sector can be hesitant to report
information, especially if it's proprietary, and they don't
want their competitors to know about it. Corporations are even
more hesitant to give this type of information to a law
enforcement agency."
Clarke responded, "you are absolutely right, there is a
problem right now. Companies don't tell the government when
they have been hit. The nimda virus in November of last year
attacked many household name companies in the banking
industry, the finance industry, and elsewhere, and yet, we
don't know that officially. And, I can't tell you officially
the names of these banks and companies that were hit because
the only way we know is through the rumor mill."
Clarke continued: "Well, why won't they tell us? The real
block seems to be the Freedom of Information Act. The Freedom
of Information Act, justifiable, or unjustifiably, scares
corporate counsel. And, I have been told by numerous companies
across the country, ``Our lawyers tell us not to share
information with you in the government because it could then
be requested by any citizen through a Freedom of Information
Act request´´. I think that is an inaccurate reading of the
law. I think that information could be exempt under the
existing law. But, what I think isn't what counts. What counts
is what the corporate lawyers are telling the companies. And
so I support, and the President supports, a very narrowly,
very narrowly, crafted amendment to the Freedom of Information
Act that would remove that barrier ..." See, transcript
of Clarke's opening
statement and excerpts from question and answer session.
Sen. Robert Bennett
(R-UT), who is not a member of the Senate Judiciary Committee,
is the sponsor of a bill that would provide such an exemption.
S 1456,
the Critical Infrastructure Information Security Act of 2001,
would provide a FOIA exemption for certain cyber security
information provided to certain federal agencies, including
the NIPC, FCC, Justice
Department, Defense Department, and Commerce Department. The
bill would also provide an antitrust exemption for certain
collaboration on cyber security issues. |
|
|
Administration Opposes
Cyber Security Tax Incentives and Mandates |
2/13. Richard Clarke, Special Advisor to the President for
Cyberspace Security, stated that the administration opposes
both tax incentives and regulatory mandates to incent the
private sector to increase cyber security.
Clarke briefed the Senate
Judiciary Committee's Administrative Oversight and the
Courts Subcommittee on February 13. In response to questions
from Sen. John Edwards
(D-NC), he stated: "Senator, you talk about inducements
and mandates to the private sector. And, we decided not to do
either. We don't think that a tax credit is the way to
go."
Clarke also stated that "We don't think that the
government mandating IT security practices is the way to go.
By the time the government issued a regulation, it would be
out of date, and it would probably be wrong. What we think has
to be done is that the private sector has to realize the
importance of this issue, and they have to organize themselves
to deal with this issue. That means that the average company
needs to ask, ``Why don't I have a secure product? Why was I
have by code red in July? Why was I hacked by nimda in
November?´´ " See, transcript of Clarke's opening
statement and excerpts from question and answer session. |
|
|
|
|
About Tech Law Journal |
Tech Law Journal publishes a free access web site and
subscription e-mail alert. The basic rate for a subscription
to the TLJ Daily E-Mail Alert is $250 per year. However, there
are discounts for entities with multiple subscribers. Free one
month trial subscriptions are available. Also, free
subscriptions are available for law students, journalists,
elected officials, and employees of the Congress, courts, and
executive branch, and state officials. The TLJ web site is
free access. However, copies of the TLJ Daily E-Mail Alert and
news items are not published in the web site until one month
after writing. See, subscription
information page.
Contact: 202-364-8882; E-mail.
P.O. Box 4851, Washington DC, 20008.
Privacy
Policy
Notices
& Disclaimers
Copyright 1998 - 2002 David Carney, dba Tech Law Journal. All
rights reserved. |
|
|
|
Federal Circuit Rules on
Applicable Law in Patent Appeals |
2/15. The U.S.
Court of Appeals (FedCir) issued its opinion in Fiskars
v. Hunt a patent infringement case involving
applicable law in appeals to the Federal Circuit, and motions
for relief from judgment pursuant to FRCP 60(b).
Fiskars owns U.S. Patent No. 5,322,001, which is directed to a
paper trimmer with a rotary blade. Fiskars filed a complaint
in U.S.
District Court (WDWisc) against Hunt Manufacturing
alleging patent infringement. The trial court jury found Hunt
liable for infringement under the doctrine of equivalents and
awarded damages, and the District Court entered judgment. Hunt
filed a motion for relief from judgment pursuant to Federal
Rule of Civil Procedure 60(b), which the District Court
denied.
The Appeals Court first addressed what law to apply in its
review of the denial of the Rule 60 motion -- the law of
the Federal Circuit, or the regional circuit. The Appeals
Court wrote that "When reviewing non-patent issues, our
general practice is to apply the law of the regional
circuit". It further stated that "Because rulings
under Rule 60(b) commonly involve procedural matters unrelated
to patent law issues as such, we often defer to the law of the
regional circuit in reviewing such rulings."
However, the Appeals Court continued that "a procedural
issue that is itself not a substantive patent law issue may be
governed by Federal Circuit law if the issue ``pertain[s] to
patent law, ... bears an essential relationship to
matters committed to our exclusive control by statute, ...
or clearly implicates the jurisprudential responsibilities of
this court in a field within its exclusive jurisdiction.´´
... Consequently, when a district court’s Rule 60(b) ruling
turns on substantive matters that pertain to patent law, we
review the ruling under Federal Circuit law because ``we
perceive a clear need for uniformity and certainty in the way
the district courts treat [the] issue.´´ " (Citations
omitted). The Appeals Court applied Federal Circuit law. The
Court then held that the District Court did not abuse its
discretion in denying the Rule 60 motion. Affirmed. |
|
|
Tuesday, Feb 19 |
The House and Senate are in recess this week.
4:00 PM. Deadline to submit grant applications to the
Department of Labor's Employment and Training Administration
for funds for skills training programs. These grants are
financed by user fees paid by employers in the H-1B visa
program. See, notice
in Federal Register, January 10, 2002. This notice changes a
deadline of February 12 contained in a previous
notice in the Federal Register.
Extended deadline to submit reply comments to the FCC in
response to its Further Notice of Proposed Rulemaking
regarding its cable horizontal and vertical ownership
limits. See, original
notice [PDF] in Federal Register of October 11, 2001, and
extension Order
[PDF] of January 29, 2002. The NCTA requested the extension.
Deadline to submit comments to the FTC
regarding its proposed settlement with Eli Lilly (which
accidentally disclosed the e-mail addresses of 669 subscribers
to a Prozac e-mail list). The proposed settlement requires Eli
Lilly to establish a security program. See, notice
in the Federal Register.
Deadline to submit comments to the FCC in the
matter of Ambient's application for a determination that it is
an exempt telecommunications company. It is an electric power
company that also provides broadband Internet access and
related information services over power lines to electrical
outlets in residences. See, FCC
release [PDF]. |
|
|
Wednesday, Feb 20 |
9:00 AM - 4:30 PM. The FTC and the Antitrust Division of the
Department of Justice will hold the third in a series of joint
hearings on antitrust and intellectual property. There
will be two sessions (9:00 AM - 12:30 PM and 2:00 - 4:30 PM)
titled "Economic Perspectives on Intellectual Property,
Competition and Innovation". The morning speakers will be
Wesley Cohen (Carnegie Mellon Univ.), Robert Evenson (Yale),
Edmund Kitch (Univ. of Virginia), James Langenfeld (LECG), and
Maureen O’Rourke (Boston Univ.). The afternoon speakers will
be Shane Greenstein (Northwestern Univ.), Margaret Calvert
(Economists, Inc.), Joshua Lerner (Harvard Business School),
Stan Liebowitz (Univ. of Texas at Dallas), Philip Nelson
(Economists, Inc.), Janusz Ordover (NYU), Lawrence White
(NYU). Location: Room 432, FTC, 600 Pennsylvania Ave., NW.
8:00 AM - 6:00 PM. The FCBA and Georgetown University
Law Center (GULC) will co-host a CLE program titled
"FCC Speaks". FCC Chairman Michael Powell will speak
on "The Path to the Digital Broadband Migration" at
8:30 AM. FCC Commissioners Abernathy, Copps, and Martin will
participate in a panel discussion at 4:20 PM. The program will
also include panels titled "National Broadband
Policy", "Competition Policy Panel",
"Spectrum Allocation Policy", "Media Ownership
Working Group", "Digital Television Task
Force", and "Homeland Security Council". See, full
schedule. The price to attend is $795, $745 (GULC alumni),
$695 (FCBA members), and $595 (government employees).
Location: GULC, Moot Courtroom, 600 New Jersey Ave., NW. |
|
|
Thursday, Feb 21 |
9:30 AM. The U.S.
Court of Appeals (DCCir) will hear oral argument in Unity
Broadcasting v. FCC, No. 01-1148. Judges Henderson,
Randolph and Rogers will preside. Location: 333 Constitution
Ave. NW.
12:15 PM. The FCBA's
Young Lawyers Committee will hold a brown bag lunch. RSVP to
Yaron Dori at ydori
@hhlaw.com. Location: Hogan
& Hartson, 555 13th Street, NW, Room 13E-407 (use East
Tower elevators). |
|
|
Monday, Feb 25 |
The Senate will reconvene at 12:00 NOON following its
Presidents Day recess. The House will not be in session.
Deadline to submit oppositions and responses to the FCC's Cable Services Bureau
regarding the applications of Hughes Electronics Corporation
and EchoStar Communications Corporation to the FCC requesting
consent to the transfer of control of licenses and
authorizations involved in the EchoStar DirecTV merger. See,
FCC notice
[MS Word]. This is CS Docket No. 01-348.
4:00 PM. Deadline for Members of the House to submit to the House Rules Committee
proposed amendments to HR
1542, the Tauzin Dingell bill. See, Cong. Rec., Feb. 7,
2002, at H217.
6:30 PM. The National Press
Club will host a panel discussion on distance learning.
The topics to be discussed include copyright issues. The
speakers will be Deborah Everhart (Blackboard.com) and Martin
Irvine (Georgetown University). Coffee reception starts at
6:30 PM. The program starts at 7:15 PM, and is scheduled to
finish at 9:00 PM. Location: NPC, 529 14th St. NW, 13th Floor. |
|
|