HTML> DefenseLINK News: DSWA Annual International Conference on Controlling Arms
News

TRANSCRIPT

DoD News Briefing

DSWA Annual International Conference on Controlling Arms
Edited Remarks as Delivered by
Deputy Secretary of Defense John J. Hamre
Thursday, June 11, 1998

................

Q: With regard to continental defense, what will be the coordinating mechanism between DTRA and the National Infrastructure Protection Center in Department of Justice and the Critical Infrastructure Protection office in Commerce?

A: Let me say at this point that we view these as somewhat separate problems and they are organizationally separate. The Department's response to the cyber issues and the infrastructure protection issues are really going to be coordinated through a different mechanism. It's going to be through the Assistant Secretary for Command, Control and Intelligence on the one hand. We will also be establishing a new military organization to deal with cyber defense. That is going to be resolved in the next six weeks or so, separate from the DTRA. DTRA has its hands full right now. And frankly, it is a somewhat different problem.

Now, let me describe to you the relationship of the department to the NIPC and then, I forget the name of the other one. ...CIAO (Critical Infrastructure Assurance Office) ...that's right, CIAO organization.

Infrastructure protection is a very interesting problem. The Department of Defense is not responsible for any infrastructure inside the United States with the exception of locks and dams. And we do that because the Corps of Engineers has the responsibility. Other than that, we don't have any responsibilities for infrastructure. It's deeply rooted in American Constitutional democracy that's evolved over the last hundred years, 125 years. The Department of Defense only deals with threats outside of the borders of the United States. If it's inside of the borders of the United States, it is a law enforcement problem.

I believe that's an artificial distinction. Cyberspace doesn't know geographical boundaries. We're looking at a future where frankly, DoD doesn't have any primary responsibility or jurisdiction, but almost inevitably will be pulled in very early in any cyber protection role. We are spending considerable resources right now dealing with the problems that we revealed to ourselves last year through an exercise called Eligible Receiver. The Lessons of Eligible Receiver reconfirmed in February when we were under attack by some hackers.

We really are substantially down the road in dealing with that problem now. We have committed ourselves and are supporting the National Infrastructure Protection Center. We provide the deputy and we'll provide, I believe, three of the five heads of the directorates. Because of our Constitutional orientation and our history, the Department of Defense is not going to be the lead in anything, but we will be backbone of everything when you get down to it. We are actively partnering with the Department of Justice and the FBI. I meet on a monthly basis with the Attorney General and with the director of the FBI as we are laying out our plans on the NIPC. We are, also creating a computer forensics capability on behalf of both DoD and the Justice Depatment. So we're very deeply involved with the NIPC.

Now as to the CIAO organization, that's just been created. It's slightly ambiguous because, I think, some people's visions are grander than what can really be done by the organization. I mean you can't really take the responsibilities away from the organizations. So this organization is more responsible for coordination policy coordination.