1996 Congressional Hearings
Intelligence and Security

TABLE OF CONTENTS

I. THE INFORMATION INFRASTRUCTURE 3

A. Defining the National Information Infrastructure 3
B. Our Dependency on the NII 4

II. VULNERABILITIES 7

A. Weaknesses in Hardware & Software 11
B. Human Factor 16
C. Lack of Security Culture 18
D. Examples of Vulnerabilities 21

III. THE THREAT 25

A. Lack of Intelligence Collection 26
B. Lack of Detection and Reporting 32

1. Government 32
2. Private Sector 33

C. The Potential Attackers 38

IV. EFFORTS TO PROMOTE INFORMATION SECURITY 42

A. Creation of a National Policy 43
B. Current Law Enforcement Response 45
C. Private Sector Response 48
D. Computer Emergency Response Team (CERT) 50
E. Encryption and the NII 53
F. NIST and NSTAC 55

1. National Institute of Standards and Technology (NIST) 55
2. National Security Telecommunications Advisory Committee (NSTAC) . 56

G. International Efforts to Promote Information Security 57

V. STAFF RECOMMENDATIONS 60

APPENDIX 64

• APPENDIX A Computer Terms and Definitions

• APPENDIX B THE CASE STUDY: ROME LABORATORY, GRIFFISS AIR FORCE BASE, NY INTRUSION

• APPENDIX C FEMA Abstract on PDD-39

• APPENDIX D SAMPLE COMPUTER LOGON BANNER