IEEE



 

PP Home

Update Sign-up

IEEE-USA

Eye on Washington
Contact Us

 


October - November 2001

 

Protecting and Defending Our Critical Infrastructure

It's hard for the average citizen to rally to the cause of protecting "the critical infrastructure." The patriots who banded together in Massachusetts in 1775 had a visible enemy and orders from a foreign power to do certain things. Now the enemy is a network of terrorists, and the countries and institutions that keep them in business.

Several congressional committees have examined the infrastructure protection topic since 11 September. Closed hearings on energy infrastructure security were held on 26 September by the Senate Energy Committee, and the Senate Governmental Affairs Committee convened on 4 October to discuss critical infrastructure protection. Additional hearings by several congressional bodies will continue through October.

The infrastructure requiring protection consists of:

  • Information and communications
  • Electric power generation, transmission and distribution
  • Oil and gas production and distribution
  • Banking and finance
  • Transportation
  • Water supply
  • Emergency government services

Threats to this interlocking system fall into two categories: physical attacks against the "real property" components and cyber attacks against the information or communications components that control them.

The previous Administration allocated the responsibilities for infrastructure protection under Presidential Directive 63, which established a protection center at the FBI and an interagency office in the Commerce Department to coordinate agency responses.

The FBI's new unit is the National Infrastructure Protection Center. This unit is both an information-gathering center and the group that coordinates the government's response to an "incident." Over the past three years, it has trained 4,500 participants from federal, state, local and foreign law enforcement and security agencies.

The Commerce Department shares responsibility for infrastructure protection with other federal agencies. John S. Tritak, director of the Commerce Department's Critical Infrastructure Assurance Office,
has stated that the government should encourage appropriate information sharing within and among the infrastructure sectors and between the sectors and the government. He says the federal government and the private sector must share the job of protection  because, among other reasons, "the government cannot post soldiers or police officers at the perimeters of the telecommunications facilities or electric power plants…There are not boundaries or borders in cyberspace. The vast majority of the nation's infrastructure are privately owned and operated; government action alone cannot secure them. Only an unprecedented partnership between private industry and government will work."

Tritak said that the tools needed "to cause significant disruption" are readily available. "Those who can use these tools and techniques range from the recreational hacker to the terrorist to the nation state intent on obtaining strategic advantage."

In the private sector, more than 70 companies and organizations have banded together to form a "Partnership for Critical Infrastructure Security." According to partnership president Kenneth C. Watson, responsibility for protecting infrastructure is distributed among companies and government organizations. This distribution is "safer than centralization and builds resilience into the architecture." In testifying before the Senate Governmental Affairs Committee on 4 October, Watson said the Administration faces the challenges of streamlining its organization "to become an effective partner to industry. The current mix of lead agencies, sector liaisons and uncoordinated budgets makes synchronized action difficult."

He recommended the following actions:

  • Support Administration initiatives to streamline coordination within the federal government
  • Support initiatives to secure the next generation of networks as well as the "patches and fixes" that we apply today
  • Encourage government organizations, businesses and individuals to practice sound information security

 

Edith T. Carper is a special correspondent to IEEE-USA Policy Perspectives.

 
PP2

Feb_PP_bottom.jpg (11265 bytes)

 PP3