Vowing to fight terrorists and new forms of cyberattacks, President Clinton today outlined a government initiative to protect the nation's electronic infrastructure both from deliberate sabotage and from accidents such as the satellite outage that silenced pagers across the nation this week.
"These adversaries may attempt cyberattacks against our critical military systems and our economic base," the president warned. "We will launch a comprehensive plan to detect, deter, and defend against attacks on our critical infrastructures."
But Clinton urged support for privacy rights and other constitutional protections alongside "extremely aggressive" efforts to battle terrorism and cyberattacks.
"We do not ever undermine freedom in the name of freedom," he added.
Calling for a national effort to secure the infrastructure, Clinton ordered federal action to assess risks and reduce exposure to attacks. The order also stressed cooperation between government and the private sector by linking specific agencies with private sector representatives.
But even before Clinton's speech today, controversy had emerged over the policy and how much authority it would give the FBI and Justice Department vs. a broader public-private sector effort that a presidential commission had urged.
James Adams, chief executive of United Press International (UPI), blasted the plan in a speech earlier this week, saying the prominent roles given the FBI and Justice Department would prove unworkable and could threaten civil liberties.
"We have two of the most inert bureaucracies trying to control and constrain probably the most energetic and dynamic sector of the private economy," Adams said in an interview yesterday. "This simply doesn't make sense. You actually need the private sector to say, 'We hear what you say, and here's how it should work.'"
The cyberthreat order identifies the vulnerable infrastructure to include telecommunications, banking and finance, energy, transportation, computer networks, and government services such as power systems, water supplies, air traffic control, and police, fire, and medical services.
The president also established a new office called the National Coordinator for Security, Infrastructure Protection, and Counter-Terrorism, which will be responsible for a broad range of policies and programs.
The cyberthreats directive follows last year's report from the Presidential Commission on Critical Infrastructure Protection.
Under the new policy, that agency will become the Critical Infrastructure Assurance Office, or CIAO, which today released a white paper on Clinton's directive. The white paper indicated that by the year 2000, federal agencies must have initial procedures in place to protect the nation's infrastructure with full-scale protections in place within five years.
The order designates which agencies will have specific responsibilities in developing a plan that identifies vulnerabilities, responds to attacks, and reconstitutes the U.S. defense system and economy if a cyberattack succeeds.
Attorney General Janet Reno in February outlined plans for an FBI-run National Infrastructure Protection Center (NIPC) to counter hackers, crackers, and others who commit computer crimes.
Clinton also may name National Security Council staffer Richard Clarke, a former assistant secretary of state, as the White House-based coordinator of both the cyberthreat initiative and a broader antiterrorist effort, which also is part of Clinton's commencement address, according to reports yesterday in the Baltimore Sun and the Los Angeles Times.
Gordy Bendick, deputy director of external affairs for the newly reconstituted CIAO agency, emphasized that the appointee would be a coordinator, not a cyberthreat "czar."
"He will work with Cabinet-level people to assure that agencies find their own vulnerabilities," said Bendick.
Earlier, an administration official who asked not to be identified had outlined the essentials of Clinton's policy.
Reno's NIPC, which would include intelligence and military agencies, would work with local law enforcement to monitor classified and public information on vulnerabilities and threats.
A separate center for information-sharing and analysis would be developed with the business community to look at vulnerabilities in the privately owned infrastructure--satellite systems, power grids, telecommunications, water systems, and the like. It also would include a broad public education campaign.
How to share information between private industry on one side and law enforcement and intelligence agencies on the other remains a sticky issue.
"The Department of Justice is not keen on sharing information that could lead to criminal prosecutions," the official said. "The private sector does not trust the FBI, and the FBI doesn't want to give out secrets. They're afraid that if they share information, they may someday have to testify in court."