Administration Releases Critical Infrastructure Protection
Plan
(January 10, 2000) The Clinton administration released the first version of its plan for protecting the nation's critical infrastructure against attacks from cyber terrorists, criminal cartels, hackers, and others.
Related Documents |
National Plan for Information Systems Protection, 1/7/00. (40 page PDF copy in Commerce Dept. web site.) |
White House Press Office releases, 1/7/00. |
Transcript of press briefing by Clarke, Daley, Rose, and Podesta, 1/7/00. |
The report is titled "National Plan for Information Systems Protection, Version 1.0, An Invitation to a Dialogue." This "National Plan" is self-described as "the first attempt by any nation to develop a plan to defend its cyberspace."
Richard Clarke, the National Coordinator for Security, Infrastructure Protection, and Counter-Terrorism, is heading up the administration's effort to redesign the architecture of the national information infrastructure. He presented the first draft of the plan at a press briefing in Washington on Friday morning, January 7. He was joined by Secretary of Commerce, William Daley, James Madison University President, Linwood Rose, and Clinton's Chief of Staff, John Podesta.
The National Plan summarizes the threat as follows:
"We know of foreign governments creating offensive attack capabilities against America’s cyber networks.
America is vulnerable to such attacks because it has quickly become dependent upon computer networks for many essential services. It has become dependent while paying little attention to protecting those networks. Water, electricity, gas, communications (voice and data), rail, aviation, and other critical functions are directed by computer controls over vast information systems networks.
The threat is that in a future crisis a criminal cartel, terrorist group, or hostile nation will seek to inflict economic damage, disruption and death, and degradation of our defense response by attacking those critical networks." [See, Plan, page 2 of Executive Summary, page 9 of PDF copy.]
Clarke stated at the press briefing that "We are aware, now, over the course of the last two years, that several other nations have developed offensive information warfare units, organizations, tactics, doctrine and capability."
He added that, "historically, nations have attacked each other's infrastructure. Nations have gone after, in warfare situations or crisis situations, electric power grids, telecommunications, transportation networks. So it's not inconceivable to have a scenario in the future in which a future opponent might think that they could attack our civilian, privately-owned infrastructure through computer attack."
However, when he was asked which countries those are, he responded that "we're not going to name names of other countries."
The plan would raise the level of federal funding to just over $2 Billion in FY 2000, up from the $1.75 Billion.
Richard Clarke stated that the administration is asking for a "17 percent increase that we're asking for in 2001 over the appropriated money from 2000. ... The largest increase in the percentage basis is for research and development."
"This is a research organization that will work closely with the private sector. It's not a building, it's not a new bureaucracy, it's a funding mechanism so that the federal government can match private sector funds and plug the holes in the R&D requirements. R&D will rise the President's plan from $461 million last year to $621 million in the year 2001," said Clarke.
William Daley |
Secretary William Daley of the Commerce Department compared this operation to the effort to remedy Y2K problems. "We just spent, as we all know, about $100 billion as a nation, private sector and the public sector, in correcting the Y2K problem. If people had thought about this 25 years ago, we may not have had the situation where we would have had to spend so much. Y2K taught us many things. One is that we must be prepared. So the President and the Vice President asked us to develop a national plan to defend America's cyberspace. Twenty-two federal agencies have worked on this."
Excerpt from the National Plan for Information Systems Protection
MESSAGE FROM THE NATIONAL COORDINATOR
The accompanying National Plan is the first attempt by any national government to design a way to protect its cyberspace.
A New American Dependence … A New Threat to America
More than any other nation, America is dependent upon its cyberspace. Attacks upon our
cyberspace could crash electrical power grids, telephone networks, transportation systems, and financial institutions. All of those sectors depend upon control networks involving computer systems.In the next war, the target could be America’s infrastructure and the new weapon could be a computer-generated attack on our critical networks and systems. We know other governments are developing that capability.
We need, therefore, to redesign the architecture of our national information infrastructure. Over the last decade we built it quickly and without adequate concern for security, without thought that a sophisticated enemy might attack it. Now we must fix it, to protect, guard against, or reduce the existing vulnerabilities.
The President has directed that a Plan for defending our cyberspace be initially in effect by December 2000 and be fully operational by May 2003. To reach those deadlines, we must move quickly, for there is much to do.
A Real Public-Private Partnership … Not Dictated Solutions
The President has ordered that the Federal Government will be a model of computer system security. Today it is not. The Defense Department is well on its way to creating secure systems, but civilian Agencies are also critical and they are generally still insufficiently protected from computer system attack. This Plan proposes additional steps to be taken by DoD and by the rest of the Federal Government.
The private sector infrastructure is, however, at least as likely to be the target for computer system attack. Throughout the modern era, critical industries and utilities have been targets for destruction in conflicts. America’s strength rests on its privately owned and operated critical infrastructures and industries.
Already, privately owned computer networks are being surveyed, penetrated, and in some cases made the subject of vandalism, theft, espionage, and disruption. While the President and Congress can order Federal networks to be secured, they cannot and should not dictate solutions for private sector systems.
Thus, the Plan, at this stage, does not lay out in great detail what will be done to secure and defend private sector networks, but suggests a common framework for action. Already some private sector groups have decided to unite to defend their computer networks. As they commit to this activity, the Federal Government can and will help them, in the spirit of a true public-private partnership. The Government will not dictate solutions and will eschew regulation. Nor will the Government infringe on civil liberties, privacy rights, or proprietary information.
This is Version 1.0 of the Plan. We earnestly seek and solicit views about its improvement. As private sector entities make more decisions and plans to reduce their vulnerabilities and improve their protections, future versions of the Plan will reflect that progress.
Elements of the Solution...and above all, Trained People
As you will see in the text, the Plan will build a defense of our cyberspace relying on new security standards, multi-layered defensive technologies, new research, and trained people. Of all of these, the most urgently needed, the hardest to acquire, and the sine qua non for all else that we will do, is a cadre of trained computer science/information technology (IT) specialists.
When America quickly wired itself for electricity a century ago, it quickly trained electricians and electrical engineers for that new economy. So far, America is failing to train the IT specialists it needs to operate, improve, and secure its new IT-based economy. The Plan proposes steps to stimulate the higher education market to produce what America urgently needs in this area.
We will follow up our plan for cyber defense with a second plan focusing on how Government can work with the Nation’s infrastructure sectors to help assure the reliability and physical security of essential services from major disruptions. This forthcoming plan will rely heavily on input from the companies and organizations that comprise the complex networks that provide for economic well being, health, safety, and security of the American people.
The People and the Congress
This Plan is the result of the extensive work of many, throughout the Federal
Government. In their name, we offer it to the American People and their elected
representatives in the hope that together this country can improve upon the
Plan, take the necessary steps, and defend America’s cyberspace and all of our
strength and people who now depend upon it.
Richard A. Clarke
National Coordinator for Security, Infrastructure Protection, and
Counter-Terrorism