White House, lawmakers battle over computer security

As part of the Clinton Administration's developing strategy to bolster the nation's defenses against cyberterrorism, the White House has outlined a draft plan for the government to monitor all federal networks and guard against possible intruder attacks, the White House confirmed Wednesday.

Capitol Hill lawmakers, citing privacy risks, blasted the Clinton Administration proposal.

The plan, which is scheduled to be released officially in the fall, also calls for private industry to work on a self-regulatory model to monitor its critical computer networks, such as the telecommunications, banking, financial, energy and transportation industries.

The White House stressed that the FBI would not monitor private networks. Mike Hammer, National Security Council spokesman, said the private sector would be welcome to borrow technology from the government, but in no way would the government mandate what actions companies should take.

According to The New York Times story published Wednesday, the draft plan calls for the creation of a Federal Intrusion Detection Network, or Fidnet, to collect data on computer networks to help government security experts to track patterns that would enable them to detect hackers and intrusions into networks. The paper also said that potentially would mean the government would have access to e-mail and other documents, raising the ire of civil liberty groups and privacy activists.

The monitoring is likely to be operated by the General Services Administration, according to Hammer.

The White House said the plan would not be mandatory for the private sector, and insisted that privacy issues were carefully considered as part of the proposal.

"It's extremely important to the American people that their IRS information, that the ability to run an air-traffic control system, that the Social Security system, that all of these computer systems be safe and secure," said national security adviser Sandy Berger. "I would say, on the privacy side, that we're very sensitive to the privacy issues. The President has appointed a privacy advocate who is at OMB to, for a number of purposes but in particular is working with a team that is working on this initiative to make sure that the appropriate safeguards are taken to protect individual privacy."

Administration security officials have been working since 1998, when Clinton issued a directive ordering agencies to cooperate with one another and to work with private industry on a plan to ensure the security of critical networks and essential government services, which he saw as vulnerable to attack.

Two agencies have been working on the national plan. One is the Critical Infrastructure Assurance Office (CIAO), which is the engine driving the creation of policy by coordinating private sector cooperation with the government and within agencies, and falls under the jurisdiction of the National Security Council. The second is the National Infrastructure Protection Center (NIPC).

Besides the monitoring of networks, the strategy also calls for the creation of Information Sharing and Analysis Centers (ISACs), which will serve as a place where companies can get government intelligence information about possible cyber-attacks and for the private sector to share with the government how it solved attacks to its infrastructure. Citicorp is currently working with other banks to create the first ISAC.

Rep. Duke Cunningham, R-Calif., fired off a letter to Clinton decrying the proposal.

"Neither Congress nor the American people will stand for a frightening 'Big Brother' assault on private life, private communications, and private commerce," the letter said. "I am shocked that you and Vice President Gore could be part of such a thing. Take the lead and stop this madness."

"I have great concerns about any federal monitoring system that does not have the confidence of the American people," said House Majority Leader Richard Armey, R-Texas, in a statement. "Before implementing any such system, I urge the Administration to educate Congress and the public about its plans."

Clinton proposed a $1.46 billion initiative to combat cyberterrorism in his 2000 budget. Of this amount, about $240 million will go toward civilian programs and $1.2 billion for defense, Administration officials said in February. Congress is currently considering that request.