FAS Intro: The following memorandum represents the latest official attempt to address the perceived threat to the U.S. information infrastructure. It was first reported by Neil Munro in Washington Technology on April 25, 1996.
March 14, 1996 FOR OFFICIAL USE ONLY Memorandum FOR: Robert E. Rubin, Secretary of the Treasury Ronald H. Brown, Secretary of Commerce Frederico Pena, Secretary of Transportation Hazel R. O'Leary, Secretary of Energy John M. Deutch, Director of Central Intelligence John P. White, Deputy Secretary of Defense Samuel R. Berger, Deputy Assistant to the President for National Security Affairs Louis J. Freeh, Director, Federal Bureau of Investigation Leon Fuerth, Assistant to the Vice President for National Security Affairs Sally Katzen, Administrator, Information and Regulatory Affairs, Office of Management and Budget W. Bowman Cutter, Deputy Assistant to the President, National Economic Council John H. Gibbons, Director, Office of Science and Technology Policy James Lee Witt, Director, Federal Emergency Management Agency FROM: Janet Reno, Attorney General SUBJECT: Critical Infrastructure Security
Purpose
I have the responsibility, under Presidential Decision Directive (PDD) 39, which concerns Counterterrorism Policy, to "chair a Cabinet Committee to review the vulnerability to terrorism of... critical national infrastructure and make recommendations to [the President] and the appropriate Cabinet member or Agency head." The purpose of this memorandum is to brief you on the work done to date and to invite you to participate in the Cabinet Committee.
After consultations with the Director of Central Intelligence, the Deputy Secretary of Defense, the Deputy Attorney General, the Deputy Assistant to the President for National Security Affairs, the Vice President's National Security Advisor, and the Director of the FBI, it was decided that, in light of the breadth of critical infrastructures and the multiplicity of sources and forms of attack, the Cabinet Committee should consider not only terrorist threats to the infrastructures, but also threats from other sources. The Committee needs to address both traditional "physical" attacks (e.g. bombings) and electronic, "cyber" attacks on the infrastructures (e.g., an attack on a computer or communications system).
To facilitate the work of the Cabinet Committee, a small working group has reviewed options for: (1) a full-time group that would consider how the government should address threats to critical infrastructures over the long term; and (2) an emergency response capability to address physical and/or cyber threats in the interim, while the full-time group was conducting its study. The report of the working group is attached, along with a summary of its recommendations.
Having reviewed the options presented by the working group, we make the following proposals:
Preliminary Recommendation 1: Follow-on Study Group
We propose the creation of a full-time Task Force in the Executive Office of the President to study infrastructure assurance issues and recommend national policy (as outlined more fully in the CIWG). The Task Force would be headed by a presidential appointee from the private sector and comprise full- time representatives from the affected agencies. It would include an advisory committee from the private sector, and could also draw on existing advisory groups for assistance. The Task Force would report to the President through a Principals Committee of affected agencies. The work of the Task Force would be overseen by a Steering Committee consisting of the Deputy Attorney General, the Deputy Secretary of Defense, and a representative of one of the agencies reflecting civil concerns. The Task Force would have a nominal duration of 12 months. An important issue that remains to be addressed is how the Task Force would be funded.
Preliminary Recommendation 2: Interim Operational Response
We also propose establishing a single interagency coordinating group within the Department of Justice, chaired by the FBI, to handle the interim infrastructure assurance mission with regard to both physical and cyber threats and to coordinate the work of the government in this area. This group would facilitate rapid access to existing physical and cyber security efforts and expertise within the government. It would also act as a form of "yellow pages" to facilitate access to resources and expertise in the private sector, particularly with regard to cyber threats. Individuals agencies would continue to carry out their existing programs. In particular, DoD and JCS would continue to perform an emergency response function for their own assets and responsibilities. Nevertheless, their expertise might be called upon to assist in the event of a threat or attack to infrastructures outside of DoD.
Conclusion
I look forward to meeting with you (or, if you prefer, your Deputy) to discuss this subject and to decide on final recommendations to the President.
Attachments
FOR OFFICIAL USE ONLY
Return to the EPIC Computer Security Page