IWS - The Information Warfare Site
News Watch Make a donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled
Google Ads




[ PCCIP Home | Main Menu | Report | New Items | Contact Us | Speaker's Bureau ]

Remarks Prepared for Delivery
By Robert T. Marsh

Chairman, President's Commission on Critical Infrastructure Protection

National Press Club

January 30, 1997

I appreciate the opportunity to speak to you this morning. I'm here to ask for your help with an important issue.

Last July 15, President Clinton signed an Executive Order that begins with this sentence: "Certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States."

That order created the President's Commission on Critical Infrastructure Protection, of which I was later designated Chairman.

Chairman Marsh; JPEG 56k
Chairman Marsh at the NPC

The President identified eight critical infrastructure areas for study: Telecommunications, electric power systems, oil and gas transportation, transportation, banking and finance, water supply systems, emergency services (such as medical, police, fire and rescue), and continuity of government services.

These critical infrastructures are the life support systems of the country. They support features of daily life that help give the United States a standard of living that is the envy of the world. In general, Americans are blessed with pure water, safe highways, reliable energy, global communications, and so on.

But we cannot take our infrastructures for granted. That is why the Commission was created.

Today I'd like to share a few thoughts with you about the Commission's work, then take your questions.

Specifically, I want to tell you about:

  • Issues we face

  • How the Commission is addressing them, and

  • The partnership the Commission is building between the private sector and government to address how to better protect our infrastructures

Mission

The Commission's mission is to:

  • assess vulnerabilities and threats to the critical infrastructures

  • identify relevant legal and policy issues, and assess how they should be addressed

  • recommend to the President a national policy and implementation strategy for protecting critical infrastructures

  • and propose any necessary statutory or regulatory changes

Issues

Briefly, why do we have a Commission, and why now?

Basically three reasons:

First, physical terrorism continues -- by physical I mean, for example, attacks involving explosive devices. Their use, as you well know, is regularly reported around the world.

Second, increased reliance on telecommunications and information technology in all infrastructures. By information technology I mean everything from computer hardware and software to the Internet. This reliance is also creating new vulnerabilities, especially to intrusions into automated systems -- the so-called "cyber" attacks.

Third, tools to exploit these vulnerabilities are readily available, and their use is increasing. In some cases, all it takes to penetrate automated systems is a PC, a phone, and skills that many 14-year-olds seem able to master.

As for terrorism

While our critical infrastructures have not been primary targets per se,

America, sadly, is not a stranger to terrorism. The bombings of the World Trade Center and the Oklahoma City Federal building are sobering reminders of the dangers of terrorism and physical attack on our critical infrastructures.

Chairman Marsh and journalists; JPEG 30k
Chairman Marsh and Journalists at the National Press Club

As for increased reliance on telecommunications, it has created new vulnerabilities.

America has pioneered tremendous advances in technology, and reaped extraordinary benefits. What was once unimaginable is now unremarkable. What was once impossible is now expected. Tasks that once took days now take split seconds.

But this capability comes at a price. Our infrastructures have become increasingly reliant on information technology and the telecommunications infrastructure that ties them together. This reliance exposes infrastructures in new ways, and creates new vulnerabilities.

For example, many companies, such as utilities, are very familiar with natural hazards. But today we are facing a new set of manmade hazards.

Technology has created an interconnected world. Each connection, however, creates new exposure and risk. Companies are becoming increasingly vulnerable to vandalism, theft, unscrupulous competitors, malicious hackers, and criminals.

Companies are also increasingly vulnerable to so-called "insiders" - people with legitimate access to the company's systems. Insider "cyber attacks" are increasing, particularly in this age of mergers, consolidation and downsizing.

Furthermore, these interconnected systems are characterized by a highly efficient but sometimes delicate interdependence. If service fails in one area, it can adversely affect several others. Whether caused by an inadvertent keystroke, or an intruder who wants to disrupt operations, the ripple effect can be far-reaching.

Information technology and telecommunications have brought great speed and precision to industrial, governmental, and military operations, but reduced the tolerance of both individual organizations and the economy as a whole to error or delay.

And with interdependence comes complexity. The sheer sophistication of automated systems multiplies the number of potential errors or disruptions, and the potential magnitude of their impact.

In the past, you put a guard at the door, and your assets were protected. Today, there is no door - or too many doors, depending on how you look at it. And you can never be sure who will drop in for a visit via the Internet.

And as for tools to exploit these vulnerabilities:

Even amateurs have access to the technological tools needed to penetrate systems and cause trouble.

Because of the availability of Internet hacker sites, infrastructures may be endangered by persons intent on penetrating or disrupting their operations.

Unlike Willie Sutton, who had to go to the bank to rob it, today's hacker can try to rob it from home using a PC. And he doesn't even have to be in the same city - or country. The information age makes it possible for individuals armed only with computers to gain access to our infrastructures without physically crossing our borders.

Given everything I've just described, a great many people - especially the President - are very interested in doing something to better protect our infrastructures. And the Commission is clearly an effort to get something done. Further, it demonstrates that the President is committed to taking action before a crisis occurs, rather than after-the-fact.

I want to emphasize that we are not here to proclaim the sky is falling, but to talk about investments today to secure a safer tomorrow. Our infrastructures are robust. But there are clearly new challenges before us, and we must address them before they become serious. The Commission represents prudent planning for the future.

I've been asked how this Commission is different from past efforts to address similar issues. The major difference is that there is a widespread recognition that the nature and scope of the threat have changed as the result of advances in technology, particularly information technology and telecommunications. The weight of anecdotal evidence is sufficiently persuasive to warrant a serious collaborative effort to address this problem - to determine how serious it is, how serious it might become, and what to do about it.

Those are some of the issues the Commission is facing. Let me tell you how we're approaching them.

Partnership

The central challenge of the Commission is to forge a partnership between the private sector and government at all levels -- Federal, State and local. Partnership is the core of the Commission.

We are pursuing this partnership through non-stop efforts to carry our message throughout the country.

To build awareness throughout industry, we are conducting an aggressive outreach to companies -- particularly industry leaders -- to discuss our goals and solicit participation. We need their help in developing a strategy and recommendations that are compatible with both increased protection and business' bottom line.

To build public awareness, we will hold a series of public hearings, in cities from Los Angeles to Boston, to ensure everyone will have an opportunity to be heard.

The Commission's philosophy is that the quality of our recommendations to the President can only be as good as the buy-in we foster with the private sector.

Our approach is not "We're government and we're here to help."

Rather, we are vitally interested in what the private sector has to say because it owns and operates the critical infrastructures. Private sector involvement is absolutely essential to an informed process of developing a comprehensive national policy and implementation strategy.

In short, the Commission's job is assuring America's future through this partnership.

We are under no illusions that this Commission can solve every infrastructure problem. Instead, we see the recommendations we will develop as a point of departure for implementation. For that reason, we need the best thinking of the private sector up front.

A question I often hear is, "How can we help?"

As the Commission's work progresses, I would ask two things of the media and the public: Help us build awareness and understanding of the issues, and help encourage participation in our efforts.

Thank you. I'll take any questions now.

[ PCCIP Home | Main Menu | Report | New Items | Contact Us | Speaker's Bureau ]

IWS Mailing Lists






Mailing Lists Overview