The Federal Government, in coordination with state and local authorities, will respond rapidly and decisively to any terrorist incident in the United States involving WMD. Increased preparedness at home is critical to defending against, and responding to, such unconventional threats. The Administration developed a Five-Year Interagency Counterterrorism and Technology Crime Plan to address these issues.
Established in 1998, a standing Weapons of Mass Destruction Preparedness Interagency Working Group, chaired by the National Coordinator, addresses current and future requirements of local, state, and federal authorities that are directly responsible for the WMD crisis and consequence management efforts. In coordinating the interagency process and cooperation between these three levels of government, several initiatives are now in place to better prepare the United States against a WMD incident. These initiatives include equipping and training first responders in the 157 largest metropolitan areas across the nation to prepare for, and defend against, chemical, biological, or nuclear weapons of mass destruction attacks; renovating the public health surveillance system; and establishing civilian medical stockpiles of vaccines and antibiotics.
Critical Infrastructure Protection
An extraordinarily sophisticated information technology (IT) infrastructure fuels America’s economy and national security. Critical infrastructures, including telecommunications, energy, finance, transportation, water, and emergency services, form a bedrock upon which the success of all our endeavors — economic, social, and military — depend. These infrastructures are highly interconnected, both physically and by the manner in which they rely upon information technology and the national information infrastructure. This trend toward increasing interdependence has accelerated in recent years with the advent of the Information Age.
At the same time that the IT revolution has led to substantially more interconnected infrastructures with generally greater centralized control, the advent of “just in time” business practices has reduced margins for error for infrastructure owners and operators. In addition, the trend toward deregulation and growth of competition in key infrastructures has understandably eroded the willingness of owners and operators to pay for spare capacity that traditionally served a useful “shock absorber’ role in cushioning key infrastructures from failures. Finally, the increase in the number of mergers among infrastructure providers has increased the pressure for further reductions in spare capacity as managers seek to reduce overhead and wring “excess” costs out of merged companies.
As with the 1993 World Trade Center bombing, ongoing hostile hacker attacks, and cyber conflicts between China and Taiwan have shown, asymmetric warfare against the United States will likely grow. We must understand the vulnerabilities and interdependencies of our infrastructures, accept that such attacks know no international boundaries, and work to mitigate potential problems.
In January 2000, the President launched the National Plan for Information Systems Protection and announced new budget proposals for critical infrastructure protection. Specific new proposals included the Federal Cyber Systems Training and Education program to offer IT education in exchange for federal service; an intrusion detection network for the Department of Defense and for federal civilian agencies; and the Institute for Information Infrastructure Protection, an innovative public/private partnership to fill key gaps in critical infrastructure protection R&D. The Institute represented part of a 32% increase that were proposed for computer security research and development efforts for the FY 2001 budget.
Implementing the proposals of the National Plan, as well as other future projects, will contribute to our economic competitiveness, military strength, and general public health and safety. These proposals will also protect the ability of state and local governments to maintain order and deliver minimum essential public services while also working with the private sector to ensure the orderly functioning of the economy and the delivery of vital services.
The National Infrastructure Protection Center (NIPC), founded in 1998 under Presidential Decision Directive 63, is the national focal point for warning, analysis, and response regarding threats to the infrastructures. Over the past two years it has provided warnings to the private sector, federal, state, and local governments regarding infrastructure threats. It has also coordinated numerous investigations of destructive computer viruses, computer intrusions against United States Government and private IT systems, and denial of service attacks both in the United States and overseas.
Some aspects of our critical infrastructure, such as the various transportation systems, are not commonly associated with the trends of globalization and technological change, but nonetheless are being dramatically affected by them. For example, the Marine Transportation System, which consists of waterways, ports, and their intermodal connections, vessels, vehicles and system users, provides American businesses with critical competitive access to suppliers and markets that will be key to maintaining our nation’s role as a global power. Threats to this and other transportation systems will drive new security imperatives that we must continue to balance with the need for speed and efficiency. In any case, ensuring the long-term health of these traditional aspects of our critical infrastructure must remain a priority even as we look to new technologies to improve other aspects of our infrastructures and provide other competitive advantages.
Most importantly, the Federal Government cannot protect critical infrastructures alone. The private sector owns and operates the vast majority of these infrastructures. Protecting critical infrastructure, therefore, requires the Federal Government to build partnerships with the private sector in all areas — from business and higher education, to law enforcement, to R&D. The Secretary of Commerce and industry leaders — mostly from Fortune 500 companies — are leading the Partnership for Critical Infrastructure Security. The Attorney General has teamed up with the Information Technology Association of America to promote industry-government cooperation against cyber crime through the Cyber Citizen project. The NIPC, meanwhile, is establishing cooperative relationships between industry and law enforcement through its InfraGard initiative.
Some segments of our critical infrastructures have not historically devoted significant resources to protection from threats other than those caused by natural means. As a result, we are building a strong foundation for continued protection of our critical infrastructures. The public and private sectors must work together to conduct R&D in infrastructure protection and interdependencies, increase investment in training and educating cyber-security practitioners (to include building an adequate base of researchers in this new discipline), and find innovative technical, policy, and legal solutions that protect our infrastructures and preserve our civil rights.
National Security Emergency Preparedness
U.S. Continuity of Government and Continuity of Operations programs remain a top national security priority into the 21st century. They preserve the capability to govern, lead, and perform essential functions and services to meet essential defense and civilian needs. Together with other security, critical infrastructure protection, and counterterrorism programs, Continuity of Government and Continuity of Operations programs remain an important hedge against current and emerging threats, and future uncertainties.