Bush weighs future of computer security office

The Bush administration is reviewing whether to continue the operations of the government office that coordinates critical infrastructure policy, according to the head of the office, which is slated for termination this fall. John Tritak, director of the Critical Infrastructure Assurance Office (CIAO), said in an interview Monday that the office's responsibilities should be continued in some form. He said President Clinton's directive that would sunset the office by the end of fiscal year 2001 is "not binding in any way on President Bush." If Bush chooses to issue his own presidential directive, it would override the previous one by Clinton. The new administration is beginning to review the issue and is expected to consider a range of options before deciding how to proceed, Tritak said. If Bush does not act by the deadline, the office simply will close. Tritak stressed, however, that the risks of cyber terrorism "are not going to go away." "The government relies on critical infrastructure," Tritak said. "It is going to be increasingly at risk as we move more into the information age." He added that because much critical infrastructure work has been placed in the private sector, a new level of public-private cooperation is needed to ensure continued security. "This is the first time we have a national security problem the federal government can't solve on its own." In most security issues, the Department of Defense, the FBI or the Federal Emergency Management Administration can handle the situation, Tritak said. But "this is different from protecting air space from a bomber." Clinton's original 1998 directive creating CIAO saw cooperation as a core assumption, Tritak said. Now the indications are that the Bush administration also will make the issue a policy priority, both to continue to protect government services and the national economy. Tritak said CIAO has played a unique role in coordinating the government's widespread efforts on critical infrastructure. He recommended that there be a senior official responsible for coordinating overall critical infrastructure policy, functioning as a single point of contact on the issue. "If we don't have it, we would have to invent it," Tritak said.