Protecting U.S. Critical Computer Infrastructure
By Jim Garamone
American Forces Press Service
WASHINGTON, June 10, 1998 In 1986, the book "Softwar" detailed how the Warsaw Pact countries would cripple the West by launching attacks against U.S. and NATO military and financial computer systems.
Then, the threat was mildly interesting. Personal computers were just coming onto the market. Modems used an actual phone to transmit data, and it took forever. Few people had ever heard of Bill Gates. The Soviets might attack, but did they really have the technology to infect U.S. systems?
Today the threat is real. While the Warsaw Pact is now history, any determined hacker with off-the-shelf equipment and good communications lines can wreak havoc. Add to this the well-publicized news accounts of hackers accessing unclassified DoD computer systems. Since no enemy can match the United States militarily today, cyberwar becomes a plausible alternative.
The threat is considered so real, President Clinton decided to protect the nation's critical computer infrastructure, by creating a program to oversee America's defense against cyberattack.
In charge of the program are two staff members of the National Security Council: Richard Clarke is the national coordinator for Security, Infrastructure Protection and Counterterrorism; Jeffrey Hunker is the director of the Critical Infrastructure Assurance Office.
Clarke said during a recent briefing that President Clinton called for the creation of a national protection plan. Clarke said the plan must include private and public partnerships because many of the targets for cyberattack are in private hands: electric power and telecommunications grids, and financial and transportation systems, for example. What's more, with every connection in the infrastructure, each system becomes more vulnerable to direct attacks and to the effects of attacks on other systems.
Recent DoD evaluations have pointed to inadequate cybersecurity both within the department and in critical telecommunications nodes. DoD depends on these private-sector telecommunications systems for its mission.
"[Private-sector companies] will know far better than the government when they are being attacked, when they are being probed [and] what their vulnerabilities are," Clarke said. "And so what we're really trying to do is establish a system whereby [private-sector companies] are willing to share with the government what might be proprietary information, what might be information that's protected by privacy rights.
"We understand those sensitivities, but we also know that unless there's a partnership between government and the private sector, [private-sector companies] might not be able to develop and design a defense system to protect themselves against critical infrastructure cyberattack."