CHERDAV44
TEXT OF "NATIONAL STRATEGY TO SECURE CYBERSPACE"
Wed Sep 25 18:00:59 2002
208.152.73.66

TEXT OF "NATIONAL STRATEGY TO SECURE CYBERSPACE" ----
Be sure to read between the lines...that's where all the REAL material has been stuffed!
www.whitehouse.gov/pcipb/cyberstrategy-draft.pdf

===========================================
Feds Seek Comment on Cybersecurity Strategy

By Mike Fitzgerald

At a highly orchestrated event at Stanford University yesterday attended by executives,
government officials and military brass, the President's Critical Infrastructure Protection
Board (CIPB) unveiled a watered down draft of its much-anticipated "National Strategy to
Secure Cyberspace."
Instead of making a grandiose call to arms to secure the nation's digital frontier, the
government opted instead to release the plan for additional public comment and review.
In two months, the CIPB will again take up the plan and fine-tune it based on public and
industry reaction.
"The great thing about throwing it open is anybody can say anything. If the operating
system is an issue for you, you can say it," said CIPB chairman Richard Clarke.
Comments will be accepted through http://www.securecyberspace.gov through Nov. 18.
In previewing the strategy over the summer, Clarke had outlined a sweeping set of
recommendations for improving security in five areas: software development, wireless
LANs, broadband connectivity, the Internet's underpinnings and government purchasing.
But many potential recommendations, such as banning government use of insecure
wireless LANs, were removed or downplayed in the wake of intense industry lobbying.
Instead, CIPB offered 70 recommendations in five areas loosely grouped by usage: Home
users/small businesses, large enterprises, government and education, national priorities,
and global resources.
Clarke defended the shift, saying "what we got before was 10 months of public comment
telling us something. We didn't have 70 proposals before, and now we can get specific
comments on them."
Industry officials argued that additional public comment will improve the plan. But it's
hard to imagine that dramatic changes will take place.
"These things are like a stake," said Rob Clyde, CTO of Symantec. "Once it's in the
ground, it doesn't tend to move very much."
Even as a document for comment, many of the executives in attendance said they
appreciated the government's open approach to developing the strategy.

"It's meaningful to me as a CIO at a bank, because now I can make comments," said
Dave Cullinane, chief information security officer at Washington Mutual. Cullinane already
had input, in his role as president of the Information Systems Security Association.

======================================================
April 2001

THREATS OF MASS DISRUPTION

A cyber Pearl Harbor is not a question of if, but when.

BY NEWT GINGRICH

After three years of studying the United States' security needs in the coming quarter
century, the Commission on National Security/21st Century reached some alarming
conclusions--particularly in regard to the Internet-borne weapons and attacks of
mass disruption.

The 14-member bipartisan commission, chartered by former President Clinton and
myself, unanimously agreed that the United States faces new and serious
cyber-space-based threats. Our adversaries are becoming more sophisticated in
developing new methods for disrupting our normal progression--socially and
economically. From breaking down communications systems to initiating electrical
blackouts to infiltrating and disrupting our financial systems, there are a number of
major disruptions that could unravel our economy, diminish our quality of life and
generally destabilize the nation.

In some cases, such as an attack on the national air traffic control systems, these
disruptions could result in widespread damage to property and infrastructure, and
serious loss of life. Imagine the chaos if a terrorist group hijacked the
communications channels between O'Hare International Airport and the planes flying
in the busy Midwest corridor. Airline safety could be seriously compromised if air
traffic computers were hijacked by by cyberterrorists.

Our commission concluded that the threat of cyberattacks is compounded by the
relative ease of hacking. By comparison, developing nuclear weapons is a massively
complex and expensive undertaking that few nations can afford. A similarly significant
investment is required for the development of chemical and biological weapons.
Conversely, one relatively smart hacker can cause a major economic disruption,
potentially bringing some nations and markets to their knees. Look at the damage
caused by the "Love Bug" virus creator--he caused billions of dollars in lost
productivity and recovery costs by unleashing a single piece of malicious code.

The reality of small efforts leading to enormous consequences creates a new and
previously inconceivable national defense problem. The threats now facing the United
States are much broader in scope than we have ever faced in our history.

A lone fanatic, a criminal organization, a small terrorist group, a state-sponsored
terrorist group or an aggressive foreign adversary could manipulate world markets or
engage in high-tech blackmail. The diverse nature of these threats makes our
traditional means of deterrence and response unworkable.

Deterrence works if there's an identifiable person, group or country that can be
retaliated against for illegal and unacceptable behavior. However, if the opponent is a
terrorist, a state-sponsored group, a criminal element or a lone individual, then
conventional legal prosecutions, diplomatic sanctions, economic embargoes and
military strikes are not entirely effective.

Additionally, there's a real danger that a powerful nation will believe it can create the
cyberspace equivalent of a Pearl Harbor sneak attack. It's conceivable in the next 25
years that a sophisticated adversary (such as a small country with cyberwarfare
resources) will decide that it can blackmail the United States into accepting its
demands by paralyzing our communications and financial systems.

This is not science fiction. This is the natural consequence of the emerging
technologies that have been, to date, making our lives and nation better. Our
slowness in recognizing and responding to these security threats comes from three
basic realities.

1. Preoccupation with conventional military threats. Our national defense
systems are more focused on weapons of mass destruction than on intangible means
of mass disruption. Our military officer corps isn't as sensitive to the threats emerging
in cyberspace as it is to geopolitical tensions between nation states. The amount of
energy and manpower being directed toward this problem is far less than that
devoted to artillery, airpower, tanks or a dozen other traditional military priorities.

2. High-tech myopia. Those who know the most about the opportunities and
challenges of cyberspace are unlikely to spend a lot of time worrying about national
security. These people are so busy thinking about new technologies, business
opportunities and jobs that they simply don't think about the potential perils they're
creating. Silicon Valley and its comparable centers of intellectual capital around the
country are areas in which national defense has had a relatively small role.

Part of the problem might be that the high-tech generation has no frame of reference
for any serious threat to national security or sovereignty. The World War II
generation, now twice removed from the present baby faces of corporate America,
was confronted by Nazi Germany and Imperial Japan. Their children fought in Korea
and Vietnam, in surrogate Cold War conflicts with the former Soviet Union and its
satellite communist states. Both of these generations knew the world was a far more
dangerous place than the idyllic world painted by Norman Rockwell.

Yet, for those who came of age in the late 1980s, the world seems safe and benign.
The Soviet Union is gone. The United States stands alone as the world's only
superpower. In this climate, it's very difficult to convince the best technology
experts to divert their time and effort away from making money and advancing
technologically to focus on what seem to them to be obscure and theoretical
national security issues.

3. Lack of public-private cooperation. The government cannot solve this problem
in the way it met the challenge of World War II and the Cold War.

In those crises, the federal government was the center of science and innovation
(partially a byproduct of the military-industrial complex). The ability of bureaucracies
to amass and organize resources created opportunities to counter the challenges
presented by our adversaries. The potential crises of cyberspace-based attacks
require entrepreneurial energy and creativity that overwhelmingly reside in the
private sector. We, as a nation, need an entirely new public-private partnership to
meet the challenges of cybersecurity.

We have never seen a cyberattack of national proportions resulting in mass
disruption of our society and our lives, but such a scenario is not unprecedented. As
early as 1904, British physicists theorized that nuclear weapons were scientifically
plausible. In 1938 Germany, Otto Hahn and Fritz Strassman proved experimentally
that nuclear fission was possible. By 1941, Albert Einstein, the most famous scientist
of his day, wrote President Roosevelt to warn him that Germany might build an
atomic bomb--and it would be wise if the United States tried to build one first.

Imagine a world in which Nazi Germany or Stalin's Soviet Union was first to harness
the destructive power of the atom. Imagine a world in which freely elected leaders
had less imagination and a greater reluctance to gamble on untested technology than
their tyrannical adversaries. The result would have been horrible, and possibly fatal,
to our freedom and way of life.

We owe it to our children and grandchildren, as well as our forefathers, to take
information security seriously. We need to undertake the effort to make cyberspace
more secure for our people, economy and our national interests. That is our duty, for
our generation and our posterity, as we continue to evolve in the digital age.

• CRITICAL ALERT!! FBI scheme to police Internet — CHERDAV44, Wed Sep 25 18:14