Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

October 20, 1997, Section: News & Analysis

Commission To Outline Security Strategies -- Report raises awareness of threat to nation's data infrastructure

By Rutrell Yasin

So far, the nation's infrastructure has not been brought to its knees by a cyber attack. But now that criminals have a whole new arsenal of "weapons of mass disruption"-such as viruses and E-mail attacks that can be used to deny communications service or steal valuable data-the government and businesses must come up with a plan to thwart threats.

That's the message the President's Commission on Critical Infrastructure Protection (PCCIP) will convey to the White House this week when it delivers a newly completed report outlining steps for securing the United States' critical infrastructures.

Fifteen months in the making, the classified report contains 34 recommendations for protecting telecommunications, electric power, transportation, oil and gas, banking and finance, water supply systems, emergency services, and government services.

The recommendations include doubling federal research on computer security to $500 million next year and increasing it by 20 percent in each subsequent year; increased sharing of information about computer-security breaches between industry and government; government compliance with security standards to be set by the National Institute of Standards and Technology and the National Security Agency; and the formation of a "national infrastructure advisory council," composed of CEOs of banks and utilities, which will meet regularly with U.S. cabinet officers.

The commission, which was established by the Clinton administration in July 1996, worked hard to get private-sector input for the report, according to Nancy Wong, a PCCIP commissioner. Wong is on leave from the Pacific Gas & Electric Co., where she is manager of the department of information assets and risk management.

Cyber Awareness

"The protection of valuable assets is a shared responsibility between private industry and government," Wong said. "The government can lead by example by shoring up [security] on its own systems." But it can also define what needs to be protected and can learn from the experience of private industry, she said.

Security company executives said they are counting on the report to raise general awareness of the need for security policies and comprehensive tool sets.

"The report is a good start in addressing [the nation's] security needs. The increase in attacks is driven by the growth of the Internet," said Christopher Klaus, president and CEO of Internet Security Systems (www.iss.net), a supplier of network-assessment and intrusion-detection tools. "A few years ago, it required skill [to break into a network]. Now, there are more GUI-driven attacks."