8 January 2000
Source: http://www.whitehouse.gov/library/Briefings.cgi?date=0&briefing=0

See Executive Summary of the National Plan for Information Systems Protection: http://cryptome.org/cybersec-plan.htm (109K); Zipped: http://cryptome.org/cybersec-plan.zip (32K)


January 7, 2000

PRESS BRIEFING BY CHIEF OF STAFF JOHN PODESTA, SECRETARY OF COMMERCE BILL DALEY, JAMES MADISON UNIVERSITY PRESIDENT LINWOOD ROSE AND NATIONAL COORDINATOR FOR SECURITY, INFRASTRUCTURE PROTECTION AND COUNTER-TERRORISM DICK CLARKE

10:25 A.M. EST

                              THE WHITE HOUSE

                        Office the Press Secretary


For Immediate Release                          January 7, 2000


                              PRESS BRIEFING
                                    BY
                       CHIEF OF STAFF JOHN PODESTA,
                     SECRETARY OF COMMERCE BILL DALEY,
              JAMES MADISON UNIVERSITY PRESIDENT LINWOOD ROSE
                                    AND
       NATIONAL COORDINATOR FOR SECURITY, INFRASTRUCTURE PROTECTION
                     AND COUNTER-TERRORISM DICK CLARKE


10:25 A.M. EST


     MR.  LEAVY:   Good  morning,  everybody.   As  you know, the President
announced  his  cyber-security  plan  this  morning,  and  to  answer  your
questions  and  talk  a little bit more about that with the Chief of Staff,
John  Podesta, Secretary of Commerce, Bill Daley, President Linwood Rose of
James Madison University, and joining in the questions will be Dick Clarke,
the President's counterterrorims czar.

     Mr. Podesta.

     MR.  PODESTA:   This  is  the first time I've appeared with a czar, so
excuse me if I'm a little bit nervous.  (Laughter.)

     The  President  made  his  announcement this morning, but I would just
note  at  the outset that, again, this morning we had a continuing evidence
of  a  robust  economy.   This  year,  we had, in calendar year 1999, we're
looking  at  an unemployment for the year that's the lowest since 1969, the
lowest Hispanic and African American unemployment rates on record.

     The  economy  continues  to  perform  outstandingly.   And part of the
reason  for that is that is the fact that we have a new economy, an economy
that's  built on information, technology information, infrastructure.  It's
really  beginning  to  move  into all aspects of our economy and the way we
handle goods and services.

     And  just  as in the 1950s when we were building an economy based on a
new  transportation  system,  a  new  interstate  highway system and we put
guardrails  on  that  transportation system, we're here today to talk about
how  we can better protect the information technology and infrastructure of
the  information technology economy -- not only for the government, but for
the  private  sector,  as well.  And that's why I'm pleased to be joined by
Secretary Daley and President Linwood Rose from James Madison; and, as Dave
said, Dick Clarke will join us for questions.

     The  President  made  the  announcement  this  morning.   We have made
substantial  boosts  in the amount of money that the government is spending
on  this  effort  to  protect  our critical infrastructure, and this year's
budget will be no exception.  We are going to request a 17 percent increase
in  funding  over  the  FY  2000  budget, and the proposed spending will be
across  the government.  We will be seeking an increase of approximately $2
billion,  from  $1.7  billion,  with  increases  in  every agency and every
sector.

     One  of  the  greatest boosts, I think, will be -- and Secretary Daley
will  speak  about this -- will be in the area of research and development.
The   R&D   now  represents  32  percent  of  our  critical  infrastructure
protection.   It's  really  important  that we do that, that we produce, in
partnership with the private sector and in partnership with the information
technology  companies  who  are at the forefront of this revolution, on new
technologies that can be rapidly put into the information infrastructure to
begin to provide the kinds of protections that we're here to talk about.

     So the overall increase in the R&D and R&E portion that we're going to
speak  to  as  part  of  the President's overall commitment to increases in
research  and  development which, again, we'll lay out a future point as we
talk about our budget.

     But  with  that,  let me turn it over to Secretary Daley to talk about
the report.

     SECRETARY  DALEY:   Thank  you  very  much,  John.   As  you  said, no
question,  we  have  a new economy and we have an economy that is much more
dependent,  as we enter this next century, on information technologies.  So
our defending of this economy is most important to us, especially at a time
of great economic boom that we're experiencing.

     One  of  the  consequences  of  leading  this e-world is that we, as I
mentioned,  are  more dependent on information technologies in our country,
and therefore we're more subject to new and different kinds of threats.  It
is  true  for  our  services  as  governments,  and it is also true for the
private  sector,  whether  they are large companies or small companies.  In
our  opinion,  businesses  risk  going  out  of  business if their computer
networks are obviously disrupted for any great length of time.

     This  is  the  first  time  in American history that we in the federal
government,  alone,  cannot  protect  our infrastructure.  We can't hire an
army or a police force that's large enough to protect all of America's cell
phones  or  pagers  or  computer  networks  -- not when 95 percent of these
infrastructures are owned and operated by the private sector.

     We just spent, as we all know, about $100 billion as a nation, private
sector and the public sector, in correcting the Y2K problem.  If people had
thought about this 25 years ago, we may not have had the situation where we
would have had to spend so much. Y2K taught us many things.  One is that we
must  be  prepared.   So  the  President and the Vice President asked us to
develop a national plan to defend America's cyberspace.  Twenty-two federal
agencies  have worked on this.  It is the first attempt by any nation to do
something like this.

     Today  we  have  our  first version.  As you can see, it is designated
version  1.0.  (Laughter.)  It focuses on what we in the federal government
can  do  to protect our federal assets.  But for this to be a true national
plan,  later  versions  must  include,  and  will include, what the private
sector, and also the state and local governments, can do.

     Last  month,  I  met  with industry leaders, and we are already in the
process of building a true partnership with them.  Cooperation, rather than
new  regulations,  will  bring  more  resources  to  the table, and we will
therefore  have  the  opportunity  to  produce results faster.  That is the
political  reality, and in our opinion, one of the greatest challenges that
government  faces  in  this  century  is,  how  do we deliver services more
effectively.   In  dealing with the private sector, we can learn a lot from
them.   By  partnering  and  sharing  information,  we  can improve our own
efforts,  and  also  work  with  them to make their systems, and ours, more
secure.

     The  end result is that we will all, therefore -- and our economy will
be  better off.  The American people can read this report on our website by
the  end  of  today,  on  the  White  House's  website, and also on the NSC
website.   And  if any of you would like a copy for your own files, we'd be
happy to supply them for you.

     And  it's  my  pleasure  at  this  point  --  there  are  a  number of
universities   who  are  looking  and  are  forward-leaning.   About  eight
universities  are  developing curriculums in cybersecurity.  One of them is
James  Madison  University, and it is a pleasure to introduce Lin Rose, the
President of James Madison.

     MR.  ROSE:   Thank you.  Good morning.  As president of an institution
that,  several  years  ago,  recognized  the  need for information security
education, I'm particularly encouraged by today's news.  As a nation, we do
face  a  critical  need  for  information  assurance experts.  Our economic
growth  has been fueled by our leadership in information technology, and we
have  become more dependent upon computing and electronic networks than any
other country in the world.

     That  distinction also makes us more vulnerable than any other country
in  the  world. Our information systems, if not carefully protected, may be
accessed  by  those  whose  intentions  are  much  more  serious  than just
mischief.   Dependence  upon electronic data systems is no longer unique to
computing  and  telecommunications  alone.   Power  generation, banking and
finance,  transportation,  water  supply  and  emergency  services  are all
dependent  upon  information  systems  and are susceptible to disruption by
hackers and criminals.

     To  protect  these  systems,  we  must have more information assurance
people  --  people  who  have  the  talent and expertise to evaluate system
vulnerabilities,   who   understand  encryption  methodologies  to  protect
critical  data,  and who are able to design trusted systems and provide for
intruder monitoring and detection.

     Higher  education is the key to providing more of these professionals.
Universities  have  begun to address this work force need, but if we are to
accelerate  the  numbers  of  competent  professionals  at the rate that is
required, federal support for faculty development and student assistance is
essential.

     The standard academic mechanisms and processes are too slow to satisfy
the  current  and projected demand in a reasonable amount of time.  Without
external stimulus and support, we will simply fail to protect our country's
information  infrastructure.   Like most new professional programs, much of
the  activity  and  information  security  has been focused at the graduate
level.

     For  example,  with the support and encouragement of Virginia Senators
Warner  and  Robb,  as  well  as  Congressman  Goodlatte,  at James Madison
University  we  now  offer a master's degree in information security.  That
program,  intended for working professionals, is the only degree program in
the  country provided to students via the Internet.  Approximately one-half
of  the students are from government, while the remaining participants come
from business and industry.  Programs such as this one must be expanded.

     It is imperative, however, that we develop undergraduate programs that
will  prepare  information  security  specialists.  The cyber-service model
advanced  in  the  President's  plan  will  provide  incentives  to attract
students  in  greater  numbers.   The  cyber-service  will also attract the
interest  of  colleges and universities who are wrestling with the numerous
curricular opportunities available to them in technology-related fields.

     In  short,  this  program,  once  fully  implemented, will produce the
desired  results.   Eight institutions, designated by the National Security
Agency  as  centers  of  excellence in information security education, have
been  working  with  the  administration over the last 18 months to examine
methods   for   expanding   informations   security  education.   With  the
announcement  of  this  plan,  others will be certain to join in a national
effort to advance and address this critical work force shortage.

     The  consortium  of  these eight universities, along with the National
Colloquium  for  Information  Systems  Security  Education,  which includes
representatives  from  government, business and education, will continue to
build  the  necessary  curriculum,  promote  awareness  of security issues,
conduct research, establish competency standards and develop an information
clearinghouse,  as well as generally promoting the profession.  The support
provided through this plan will reinforce and enhance the effort.

     By  empowering  higher  education  to  be  part of the solution to the
national  information  security problem, the President has set forth a plan
that  will  provide the nation and its citizens with the assurance that our
businesses,  our  government  and  our  personal  interests  are secure and
protected.  Thank you.

     Q    Mr. Podesta, would you mind going over those figures again, as to
what  the  President  is asking for, and the increase that is, and what the
breakdown is?

     MR. PODESTA:  Dick, you want to join us?

     Q    Gene.Randall didn't get that.  (Laughter.)

     MR.  PODESTA:   There  is  a  17  percent  increase  in funding in the
proposed  FY  2001  budget.   Proposed  spending across the government will
increase to $2.0 billion, from -- the Congress appropriated last year $1.75
billion,  based  on a request from the administration of $1.77 billion.  So
they  actually  did  --  we  were  successful  in achieving most of what we
requested  in  total dollar amounts.  But we're asking now for a 17 percent
increase  in  that  amount to a total of approximately 2.03, I think is the
accurate number.

     Do you want to give a little bit more on the breakdown, Dick?

     MR.  CLARKE:   Sure.   We have these nice color charts to pass out; if
you  haven't  already  received them, we'll get them to you.  As John said,
it's  a  17  percent  increase  that  we're  asking  for  in  2001 over the
appropriated  money  from  2000.   There  was  a  similar  request, similar
increase  last  year.   So  the compounded effect of that over the last two
years is considerable.

     The  largest  increase  in  the  percentage  basis is for research and
development.   The  President,  as  he  said, is proposing an institute for
information infrastructure protection. This is a research organization that
will work closely with the private sector.  It's not a building, it's not a
new  bureaucracy,  it's  a funding mechanism so that the federal government
can  match private sector funds and plug the holes in the R&D requirements.
R&D  will  rise  the  President's  plan from $461 million last year to $621
million in the year 2001.

     Q     Secretary  Daley,  this  cyber-security version of the G.I. Bill
that  the  President  talked about this morning, what would be the required
service,  postgraduate,  and  in  what  agencies  would  these  people find
employment?

     SECRETARY DALEY:  I don't think we've worked out the details as to the
length  of  service that would be required.  We obviously want to work with
the  institutions  and  work  with  the federal agencies as to what sort of
length of service they thought would be appropriate.

     Q     Are  you  talking about two years, three years, four years? It's
four years in the G.I. Bill, isn't it?

     MR.  CLARKE:   Yes.   The  typical  federal  requirement  is a year of
service  for every year -- a year of service for every year of scholarship.
So  if, for example, someone had a four-year undergraduate program at James
Madison or somewhere else, we would expect them to do four years of service
in  the  federal  government,  in  any federal department that wanted them,
helping  that  federal  department to protect its own computer systems.  So
these  are  IT  security  managers  that  would help the federal government
improve security on federal computers.

     Q     Do  you  know  what  the  job  designation would be, in terms of
federal pay scale?

     MR.  CLARKE:   Well,  one  of  the things that the Office of Personnel
Management is looking at --

     Q     For  example,  will  they  make  more money than Mr. Leavy or --
(laughter.)

     MR. CLARKE:  That's not hard.  That's not hard.

     One  of  the  things  that OPM, the Office of Personnel Management, is
looking  at  is whether or not we have to abandon the normal federal grades
--  GS7,  GS8,  GS9.  For example, if you graduate now with a bachelor's of
science  in  computer  information, typically you would become a GS7.  Now,
that's  going  to  earn  somewhere in the area of $28,000 to $30,000.  That
same person, with that same degree, can go out to the Dulles access road or
Silicon  Valley,  and  earn  $90,000  to  $120,000.   So  we  have  to look
seriously,  and  OPM  is  going  to  look seriously, at adjusting the grade
structure.   So  we might not use the normal federal grade structure to pay
IT security workers.

     Q     What's  the  biggest threat that you're trying to guard against?
Is  it  hackers  and  vandalism?   Is  it  criminals?  Or is it domestic or
foreign terrorism?

     MR.  CLARKE:  I think it's all of the above.  There's a spectrum, from
the  teenage  hacker  who  sort of joy rides through cyberspace, up through
industrial espionage, up through fraud and theft.  And up at the far end of
the  spectrum,  to  another  country  using information warfare against our
infrastructure.

     Q     Mr.  Podesta,  or  Secretary Daley, is the catalyst for this the
situation  that  happened  with  the  White  House  computer last year, and
several  infiltration  situations  with  some  of  the  federal  government
computers last year, as well?

     MR. PODESTA:  Well, I wouldn't describe that as the catalyst for this.
I  think  we've  been working on this for some time, and have -- as I think
Dick  noted,  this  has been going on in a kind of serious formulation as a
policy for several years, and precedes the situation, which was resolved --
with  the  hacker  at the White House -- with an arrest, that occurred last
year.

     But  I  think  that,  obviously,  every  agency,  every  department of
government,  but  every  private  sector  institution that's relying on the
information  infrastructure.   It's  not  just computers; it's the electric
power  grid, it's the other things that we learned so much about during our
run-up  to  Y2K.   The  banking,  financial  industry -- increasingly every
single sector of the economy is tied in, linked through e-commerce, through
the  use  of  computer  technology, to this kind of critical infrastructure
which has developed over the course of the '70s, '80s and '90s.

     And  so  I think that it's a high national security priority, to begin
to  protect  all  of  the  infrastructure,  not just the federal government
infrastructure.   And  that's  why we're excited about having a partnership
with the university community and the private sector.

     SECRETARY DALEY:  Let me just add, what the White House experienced, I
would  imagine  every  agency  in the government, we have experienced, from
harmless,  seemingly  harmless  invasions,  to  others  that  gave us great
concern.   So  what  happened here was replicated, I would assume, in every
department.

     Q    A follow-up:  how vulnerable are the systems right now?

     SECRETARY  DALEY:   Well, we believe they're much better.  I speak for
our  agency,  and  obviously  this  program  that we've put out with the 22
agencies,  believe  that  our  federal  program right now in protecting our
systems  and  our  assets,  is much better than obviously we were before we
went through this process.

     Q    Secretary Daley, just to follow up on some of the questions here,
can  you  give us -- what are some credible scenarios for the type of thing
that  you're trying to prevent here?  We all know about the teenage hacker,
or  the  cyber-vandal.   But  can  you  give us some scenarios for the more
elaborate types of problems --

     SECRETARY  DALEY:  Well, remember when there was that -- when was that
lightning strike in Florida that hit the system, that basically knocked out
--

     MR. CLARKE:  Two years ago.

     SECRETARY DALEY:  Two years ago -- knocked out most of the East Coast,
much  of  the  grid  along  the  East  Coast.  That was obviously an act of
nature.   No  one,  at  that point, understood how everything was connected
along  the East Coast, and would be so affected for a couple of hours.  And
that,  I  think,  woke  up  not  only  some of us in government, but surely
affected  the private sector's attitude about a better understanding of the
interconnection and our involvement in trying to address this.  It will not
be solved, though, without partnership.

     Q     Okay,  you mentioned foreign governments.  And to what extent do
foreign  governments  have  the  capability  to  engage  in  this  kind  of
disruption?   And  are  you  looking  at disruptions on the part of foreign
governments to private sector operations, or just the government?

     MR. CLARKE:  We are aware, now, over the course of the last two years,
that  several  other  nations  have developed offensive information warfare
units,  organizations, tactics, doctrine and capability.  Now, that doesn't
mean they're going to use them.  But it means that they're developing them,
they're getting better all the time.

     And  in  a  crisis,  historically,  nations have attacked each other's
infrastructure.   Nations  have gone after, in warfare situations or crisis
situations,   electric   power  grids,  telecommunications,  transportation
networks.   So  it's  not inconceivable to have a scenario in the future in
which  a  future  opponent might think that they could attack our civilian,
privately-owned infrastructure through computer attack.

     Q    Can you say which countries those are?

     Q    And do we have such an offensive capability ourselves?

     MR.  CLARKE:   You'd  have  to  ask the Defense Department about that.
And, no, we're not going to name names of other countries.

     Q    Why not?  I mean, what's the big secret?

     Q    Why shouldn't you tell us?

     Q     The  President  kicked off this initiative almost two years ago.
And  I know that you had a May '99 deadline, or a self-set May '99 deadline
for  putting  out  this  report.  What's taking so long?  And why isn't the
physical  protection  included  in this, because as you have just said, you
can  just  as  easily  take  down  critical  infrastructures  with physical
attacks.

     MR.  CLARKE:  We had a May 1999 self-imposed deadline.  We decided not
to  meet  that  deadline; but, rather, to take the time to get it right; to
take  the  time  to  do the sort of consultation that we have done with the
Congress, and with the private sector.  Secretary Daley mentioned that last
month  he  met  with  94 companies in New York as part of that consultative
process.  As John Podesta said, this is version 1.0.  There are going to be
other  versions  as  the  dialogue continues with the Congress and with the
private sector.

     Q     It's my understanding as well that the NIAC hasn't stood up yet?
You don't have a lead for that?  Is that true?

     MR.  CLARKE:   The President has signed an executive order to create a
National  Infrastructure  Advisory Committee, and we are in the process now
of doing the personnel selection for that advisory committee.

     Q     Gentlemen,  there  is a real revolution in the way computers are
being  used  now.  Fifteen years ago, it was mainly a business application.
Now,  they're in all parts of the home, and the talk is, within a few years
we're  going  to  have  IP  appliances in people's homes.  Shouldn't you be
focusing  more  effort  not just on the private sector but, in fact, on the
general  public?   And why does part of this report still suggest that much
of this information will be precluded from reaching the general public?

     MR. CLARKE:  I don't think the report at all suggests that information
is  going  to  be  denied  to the general public.  What we're looking at in
terms  of  prioritizing  our activities are the things which would have the
greatest  effect on the greatest number of people.  And so, if there were a
computer attack on a power grid, that would have a great effect on millions
of  people.  It's certainly true that individual computers, your PC at home
could  be  hacked,  but  chances  are no one is going to do that.  The real
threat is to the larger infrastructures and not to an individual home.

     Q      John,   if   I   could  ask  you  another  unrelated  question.
Republicans yesterday apparently proposed a package of smaller targeted tax
cuts,  including  the  marriage  penalty.   Is this the kind of tax cut the
administration  could  work with the Republicans on, and do you guys have a
position on the marriage penalty tax?

     MR.  PODESTA:   Well, I'd like to think that the Republican leadership
spent  some  of  the  time  since  the break in November listening to their
constituents,  and have gotten on a program more similar to the President's
which  is  to address the critical needs of the country -- Social Security,
Medicare,  education,  and the other priorities, and come up with a tax cut
that  fits  within an overall framework of fiscal discipline.  They put out
some  numbers  yesterday that were obviously much more consistent with what
the  President  was talking about over the course of the last year than the
risky tax scheme they put forward and was rejected by the President, vetoed
by the President, and rejected by the American people.

     But  I think we need to see the whole plan, and to try to -- hopefully
we  can find some consensus, work together, to do those critical priorities
--  to  address Social Security, to address Medicare, to make the important
investments  that  we've  talked  about.   And,  as  we have said, we think
there's  room  within  the  overall  context  of  the  surplus to find some
targeted  tax cuts that will be aimed at the middle class, that will not be
loaded  up  in  favor  of the wealthiest Americans, but that are spread and
aimed at addressing critical priorities.

     With  respect  to the marriage penalty, I think we've said that within
the  context of tax relief, that we're open to discussions about tax relief
in  that  area.   But  it's  got  to  be  part of an overall program that's
fiscally disciplined, and that aims at our key priorities.  And, obviously,
we  want  to  aim  our  tax  cuts  at the middle class, and the President's
budget,  which  he will put forward in the next month or so, will aim to do
that.

     Q     Dick,  for  those  of  us  who  still  sort  of cling to the old
technology  because  it  never  gives you a fatal exception error, how much
distance  is it in bridging security between hacking a website and actually
getting into the infrastructure and turning things off?

     MR.   CLARKE:    The   same   techniques   that  people  use  to  find
vulnerabilities  or  back-doors  into websites can be used to hack your way
into   computer-controlled  networks.   Things  like  the  power  grid  and
railroads   and   whatnot,   telecommunications,   are  computer-controlled
networks.   And  many of the same principles of finding vulnerabilities and
hacking  your  way  into  a  website are applied in hacking your way into a
computer-controlled network.

     Q    How much extra distance is there?

     MR. CLARKE:  Not much.

     MR. LEAVY:  I'm sorry, last question.

     Q      Oh,   a  question  about  the  Fidnet  portion  that  was  very
controversial  with  civil  liberties groups.  And how big is the Fidnet to
this whole plan?  Is it a central part, or a small piece?

     MR. CLARKE:  We think the federal government has a positive obligation
to  protect  the  privacy  information,  and  other  information on federal
government  computer  systems.   Just as your files, the files about you in
the IRS or elsewhere in the government, are in a file drawer with a lock on
it,  and  there's a burglar alarm protecting that office in physical space,
so we think there should be a burglar alarm and a lock on files the federal
government has in cyberspace.  The federal intrusion detection network that
we  propose  is  just  that.   It's  a  burglar  alarm for federal files in
cyberspace.   It,  in no way, will intrude onto private computer systems --
private  sector computer systems.  It's only a government protection system
for  government  sites.   It's  designed  to  protect  privacy  and enhance
privacy.

                           END                  10:50 A.M. EST


January 7, 2000 FACT SHEET THE WHITE HOUSE Office of the Press Secretary _______________________________________________________________________ For Immediate Release January 7, 2000 FACT SHEET Federal Cyber Services Training and Education Initiative The President announced today a $25 million funding proposal for the Federal Cyber Services (FCS) Training and Education initiative led by OPM. The demand for information technologists and information security specialists has grown faster than the supply. In both the public and the private sector, there is a dearth of qualified new professionals in information security. The National Plan for National Information Infrastructure, which details the FCS initiative, calls for the following five programs to address this challenge. Vigorous implementation of these programs will help address the current shortages of information security personnel. * A study by the Office of Personnel Management to identify and develop competencies for federal information technology (IT) security positions, and the associated training and certification requirements. * The development of Centers of IT Excellence to establish competencies and certify current Federal IT workers and maintain their information security skill levels throughout their careers. * The creation of a Scholarship for Service (SFS) program to recruit and educate the next generation of Federal IT managers by awarding scholarships for the study of information security, in return for a commitment to work for a specified time for the federal government. This program will also support the development of information security faculty. * The development of a high school recruitment and training initiative to identify promising high school students for participation in summer work and internship programs that would lead to certification to Federal IT workforce standards and possible future employment. * The development and implementation of a Federal INFOSEC awareness curriculum aimed at ensuring computer security literacy throughout the entire Federal workforce. # # #
January 7, 2000 FACT SHEET THE WHITE HOUSE Office of the Press Secretary ________________________________________________________ For Immediate Release January 7, 2000 FACT SHEET Institute for Information Infrastructure Protection The President proposed today the creation of the Institute for Information Infrastructure Protection to identify and fund research and technology development to protect America?s cyberspace from attack or other failures. The Institute will fill research and other key technical gaps that neither the private sector nor the government?s national security community would otherwise address, but that are necessary to ensure the robust, reliable operation of the national information infrastructure. The President announced he would propose initial funding of over $50 million for the Institute in his budget to be submitted next month. Funding would be provided through the Commerce Department?s National Institute of Standards and Technology (NIST). The Institute was first proposed by the scientists and corporate officials who served on the President?s Committee of Advisors on Science and Technology, and then supported by leading corporate Chief Technology Officers (CTOs). The Institute will work directly with private sector information technology suppliers and consumers to define research priorities and engage the country?s finest technical experts to address the priorities identified. Research work will be performed at existing institutions including private corporations, universities, and non-profit research institutes. The Institute will also make provisions for private sector funding for some research activities. # # #
From: "Alexander, Brad" <Brad.Alexander@mail.house.gov> To: "Alexander, Brad" <Brad.Alexander@mail.house.gov> Subject: Barr Letter to Clinton on Cyberterrorism Date: Fri, 7 Jan 2000 14:14:03 -0500 January 7, 2000 The Honorable William J. Clinton President of the United States The White House 1600 Pennsylvania Avenue NW Washington, D.C.  20500-0003 IN RE: Electronic Infrastructure Protection Dear Mr. President: I read with interest reports your 2001 budget proposal will contain a request for $2 billion in funding to combat possible "cyber-terrorism."  I share your concern about the need to protect American lives and property from terrorist attack.  However, I cannot support such a large funding request without guarantees that it is truly necessary and will not result in a system that threatens the privacy of American citizens. Our nation faces numerous threats from foreign nations, terrorist groups, and weapons of mass destruction.  While the specter of "cyber-terrorism" makes for interesting news articles and novels, I am dubious the real threat posed by malicious hackers is as high as that posed by conventional, biological, chemical, and nuclear weapons.  I do think we should take steps to protect our nation's computer infrastructure, but I hope the novelty and media interest surrounding electronic terrorism will not spur us to neglect other threats.  For this reason, I encourage you to submit information to Congress accurately assessing the electronic threat we face, and comparing it to other threats. Also, based on the significant privacy threats created by last year's Federal Intrusion Detection Network (FIDNet) proposal, I hope you will make protecting the privacy of American computer users a foundational part of any future proposals, including this one.  Under no circumstances will I support the creation of a nationwide computer security system that functions by monitoring and the profiling the online activities of millions of Americans. I, and other members, will not support a $2 billion blank check without detailed information on the threat we face and statutory safeguards protecting the privacy of American citizens.  I urge you to provide this information and work with us to create such safeguards. With kind regards, I am, very truly yours, BOB BARR Member of Congress BB:ba