The Army, Air Force and Navy won't be protecting the nation's newest frontier. Instead, industry will shield the nation's rapidly expanding frontier in cyberspace from hostile computer hackers, according to Clinton administration officials preparing a national cyberspace defense plan.
The plan, contained in a draft presidential decision directive, will require Cabinet agencies to jawbone companies to adopt a variety of anti-hacker safeguards, some of which are being developed by government contractors. The effort would be coordinated by a new Infrastructure Protection Center, most likely headed by Richard Clarke, special assistant to the President for national security affairs and senior director of global issues for the National Security Council.
Sen. Jon L. Kyl, R-Ariz., chairman of the Judiciary Committee's Terrorism, Technology and Government Information Subcommittee, has scheduled hearings on the directive when it's completed. The first, set for March 17, will examine the Administration's strategy for defending the nation's critical computer networks from foreign or terrorist attacks, said Michelle K. Van Cleave, the committee's staff director and chief counsel.
Government officials say a cyberspace defense plan is needed because computer hackers--perhaps funded by terrorist groups or foreign states--could disrupt the computers that control the nation's power grid, banking system, telephone networks and gas and oil pipelines, as well as the air-traffic control system.
"There is going to be some sort of electronic attack in the future, whether it is as dramatic as Pearl Harbor or something else," said Linton Wells, the policy support deputy to the Pentagon's undersecretary for policy, Walter B. Slocombe.
Indeed, the Pentagon revealed on Feb. 25 that its unclassified computer networks had been subjected to cyber-attacks in recent weeks. No classified information was compromised, the Pentagon said.
Defense Department officials have pushed for a national cyber-defense policy for at least two years, even though they acknowledge the Pentagon will play only a small role. "It is the private sector that owns and operates these critical infrastructure elements, and therefore, the solution has to be that the private sector takes the initiative," said Robert T. Marsh, a former U.S. Air Force general who was appointed by President Clinton to chair the President's Commission on Critical Infrastructure Protection.
The multi-agency commission was established last June to sketch out a national anti-hacker defense plan. After discussions with government security officials, civil technology experts and industry executives, the commission sent a package of recommendations to the White House in October, some of which are included in the draft directive.
Disagreements among law enforcement agencies, national security agencies, the Commerce Department and industry associations have slowed the effort.
For example, the Justice Department wants companies to provide enough detailed, on-the-record information to charge hackers in industrial espionage cases, while Pentagon officials want companies to quietly share information about suspicious computer crashes that could be early indications of large-scale hacker attacks by foreign states.
But companies are loath to share such data, because they're worried their reputations and stock prices would tumble if the government released the information in a court case or in response to a Freedom of Information Act request, said Jamie S. Gorelick, a former deputy attorney general and now vice chair of the Washington-based Fannie Mae, a government-backed home mortgage corporation. Gorelick and former Sen. Sam Nunn, D-Ga., co-chaired a committee of industry executives that advised Marsh's commission.
Moreover, government rules will hamper the development of anti-hacker technology being developed by companies vying to sell goods and services via the Internet, said John S. Wilson, vice president of technology policy for the Washington-based Information Technology Industry Council. The association represents information technology companies, including IBM Corp. and Hewlett-Packard Co.
Government officials have largely accepted the industry's argument, albeit with reservations. By completing the directive, said William A. Reinsch, undersecretary of Commerce for the Bureau of Export Administration, "we are trying to create structures and principles that will create confidence," allowing easier cooperation and information-sharing between civil agencies and companies."
The industry's efforts "will go a very long way toward strengthening the [computer] systems against a terrorist attack or even a nation-state," said Marsh. All the same, government officials may subsequently consider extra measures, such as tax incentives, to spur companies' investment in anti-hacker technology, he said.
In the short term, agencies will educate companies under their purview about the threat of hacker attacks, said government officials. For instance, Treasury Department officials will deal with banks, while the Transportation Department will deal with airlines and railways.
Also, the President's 1999 budget asks for $34 million to support anti-hacker efforts by the Justice Department and estimates that the Defense Department will spend $1.6 billion on new anti-hacker technology over the next seven years.
NEXT STORY: What Makes a Lake Great?