Protecting U.S. Critical Computer Infrastructure


Protecting U.S. Critical Computer Infrastructure 

10 June 1998
By Jim Garamone
American Forces Press Service

        WASHINGTON -- In 1986, the book "Softwar" detailed how the Warsaw 
Pact countries would cripple the West by launching attacks against 
U.S. and NATO military and financial computer systems.
        Then, the threat was mildly interesting. Personal computers were 
just coming onto the market. Modems used an actual phone to transmit 
data, and it took forever. Few people had ever heard of Bill Gates. 
The Soviets might attack, but did they really have the technology to 
infect U.S. systems?
        Today the threat is real. While the Warsaw Pact is now history, 
any determined hacker with off-the-shelf equipment and good 
communications lines can wreak havoc. Add to this the well-publicized 
news accounts of hackers accessing unclassified DoD computer systems. 
Since no enemy can match the United States militarily today, cyberwar 
becomes a plausible alternative. 
        The threat is considered so real, President Clinton decided to 
protect the nation's critical computer infrastructure, by creating a 
program to oversee America's defense against cyberattack.
        In charge of the program are two staff members of the National 
Security Council: Richard Clarke is the national coordinator for 
Security, Infrastructure Protection and Counterterrorism; Jeffrey 
Hunker is the director of the Critical Infrastructure Assurance 
Office. 
        Clarke said during a recent briefing that President Clinton 
called for the creation of a national protection plan. Clarke said the 
plan must include private and public partnerships because many of the 
targets for cyberattack are in private hands: electric power and 
telecommunications grids, and financial and transportation systems, 
for example. What's more, with every connection in the infrastructure, 
each system becomes more vulnerable to direct attacks and to the 
effects of attacks on other systems.
        Recent DoD evaluations have pointed to inadequate cybersecurity 
both within the department and in critical telecommunications nodes. 
DoD depends on these private-sector telecommunications systems for its 
mission.
        "[Private-sector companies] will know far better than the 
government when they are being attacked, when they are being probed 
[and] what their vulnerabilities are," Clarke said. "And so what we're 
really trying to do is establish a system whereby [private-sector 
companies] are willing to share with the government what might be 
proprietary information, what might be information that's protected by 
privacy rights.
        "We understand those sensitivities, but we also know that unless 
there's a partnership between government and the private sector, 
[private-sector companies] might not be able to develop and design a 
defense system to protect themselves against critical infrastructure 
cyberattack."



##end##