Senators call for larger DoD role in cyber-security

In Congress's first examination of the Clinton administration's cyberterrorism plan, a Senate subcommittee cautioned Tuesday that the Defense Department and other national security agencies are not given a big enough role under the White House's proposal.

During a hearing before the Senate Judiciary Committee's Technology and Terrorism Subcommittee, Sens. Jon Kyl, R-Ariz., chairman of the panel, and Robert Bennett, R-Utah, head of the Senate's Y2K committee, questioned why the FBI is playing the lead role in coordinating the administration's cyberterrorism activities when the Defense Department and National Security Agency have more experience in dealing with the issue.

The White House released its plan earlier this month, which includes a request for a 15 percent increase in funding for critical infrastructure protection to $2 billion for fiscal year 2001. It also calls on the government and private sector to identify its critical systems and how they interrelate as they work to prevent attacks; proposes the installation of multi-layered protection systems; and creates an initiative to ensure there is a skilled workforce to deal with the issue.

Given the FBI's role, "the architecture of the plan is flawed," Bennett said.

John Tritak, director of the Critical Infrastructure Assurance Office, did not have an answer for Bennett and Kyl's concerns about the Pentagon's role in the plan.

Bennett also said the plan focuses too heavily on the threat of hackers instead of attacks from terrorist groups or hostile countries; does not provide a plan for recovery and reconstructing information lost in a cyberattack; and spreads funding across too many agencies, making it "almost impossible" for Congress to monitor how it is spent.

Kyl and Sen. Dianne Feinstein, D-CA, raised several questions about the plan's proposal to create a "burglar alarm," known as the Federal Intrusion Detection Network (FIDNet), for monitoring intrusions into the government's civilian critical computer systems and sharing attack information across agencies. Kyl noted that privacy advocates say that FIDNet violates "the spirit" of the nation's wiretap law. Tritak said that the system would not impact private computer systems and deals only with electronic traffic such as e-mail, and not voice communications. "There are several tiers to protect privacy," Tritak said.

In testimony released by the subcommittee, Jack Brock, director of government wide and defense information systems at the General Accounting Office, said the plan relies on current law, policies and practices stemming from the Computer Security Act of 1987, a measure that is "outmoded and inadequate, a well as poorly implemented." He also said the plan focuses too much on individual system security, rather than taking an organization-wide approach.