Clinton to outline cyberthreat policy
In a commencement speech at the U.S. Naval Academy tomorrow, President Clinton is expected to outline plans for dealing with cyberthreats.
Clinton also is expected to outline two new security directives, one aimed at traditional terrorism and the other at cyberthreats. The cyberthreats directive follows last year's report from the Presidential Commission on Critical Infrastructure Protection.
But controversy has emerged
over the policy and how much
authority it would give the FBI and Justice Department vs. a broader public-private sector effort that the presidential commission had urged.
"Clinton will announce a new policy for cyberterrorism based on the recommendations of the commission, stressing the fact that we need private-sector help to solve this problem, since the private sector owns 80 to 90 percent of the nation's infrastructure," said P. Dennis LeNard Jr., deputy public affairs officer at PCCIP. Under the new policy, that agency will become the Critical Infrastructure Assurance Office, or CIAO.
Clinton also is expected to order federal agencies to come up with a plan within three to five years that identifies vulnerabilities of the nation's infrastructure and responses to attacks as well as creating a plan to reconstitute the U.S. defense system and economy if a cyberattack succeeds, said a former White House staffer familiar with Clinton's speech.
But James Adams, chief executive of United Press International (UPI), blasted the plan in a speech earlier this week, saying the prominent roles given the FBI and Justice Department would prove unworkable and could threaten civil liberties.
"We have two of the most inert bureaucracies trying to control and constrain probably the most energetic and dynamic sector of the private economy," Adams said in an interview today. "This simply doesn't make sense. You actually need the private sector to say, 'We hear what you say, and here's how it should work.'"
LeNard said the president has multiple options and may not select such a strong role for law enforcement on the issue.
However, Attorney General Janet Reno in February outlined plans for an FBI-run National Infrastructure Protection Center to counter hackers, crackers, and others who commit computer crimes.
Clinton also may name National Security Council staffer Richard Clarke, a former assistant secretary of state, as the White House-based coordinator of both the cyberthreat initiative and a broader antiterrorist effort, which also is part of Clinton's commencement address, according to reports today in the Baltimore Sun and the Los Angeles Times.
The former White House staffer said political infighting may mean Clarke will not be appointed tomorrow and emphasized that Clarke would be a coordinator, not a cyberthreat "czar."
"He will work with Cabinet-level people to assure that agencies find their own vulnerabilities," said the official, who asked not to be identified.
The same official outlined the essentials of Clinton's policy--subject to the last-minute changes for which the president is famous.
Reno's NIPC, which would include intelligence and military agencies, would work with local law enforcement to monitor classified and public information on vulnerabilities and threats.
A separate center for information-sharing and analysis would be developed with the business community to look at vulnerabilities in the privately owned infrastructure--satellite systems, power grids, telecommunications, water systems, and the like. It also would include a broad public education campaign.
How to share information between private industry on one side and law enforcement and intelligence agencies on the other remains a sticky issue.
"The Department of Justice is not keen on sharing information that could lead to criminal prosecutions," the official said. "The private sector does not trust the FBI, and the FBI doesn't want to give out secrets. They're afraid that if they share information, they may someday have to testify in court."