Panel Urges Federal Government to Step Up Efforts Against Computer Terrorism
Washington Post Staff Writer
Tuesday, Oct. 21, 1997; Page A15
A presidential commission has warned that the nation's communications and electrical networks are increasingly vulnerable to attack by terrorists using computers and recommends that the U.S. government double its current spending on research aimed at countering the threat.
The President's Commission on Critical Infrastructure Protection -- established a year ago, following a Justice Department review of the nation's vulnerability to terrorism in the wake of the Oklahoma City bombing -- delivered a classified, 269-page report to the White House yesterday.
An unclassified version is to be released publicly later this month.
Following a White House staff review of the material, President Clinton will make legislative recommendations within 100 days, an administration official said.
Among the proposals the commission made, according to administration officials, is to establish a new directorate within the White House National Security Council to coordinate different agencies' actions to counter the new threat. Also, the commission recommends establishing a new "information and warning" office designed to identify and assess promptly threats to computer networks in both the government and private sector.
Earlier drafts of the commission's work would have placed the new office within the Commerce Department, but the final report did not specify where it should go, according to an administration official familiar with the document. In either case, the office would collect and trade information between the government and the private sector, with the aim being to make early judgments about the possible threat when untoward things happen with computer networks.
The commission also concluded that more government money is needed. Government agencies spend about $250 million annually on research and development of new equipment and techniques for combating threats in cyberspace. The commission recommends doubling that for fiscal year 1999, then increasing the figure by $100 million annually so that $1 billion a year is dedicated to the problem by 2004.
The money, an administration official said, would be directed to universities and private firms to come up with more sophisticated "intrusion detection devices." The researchers would also work to figure out how to perform more reliable "vulnerability assessments" of computer networks, how to establish better "firewall techniques" to contain damage if a network is violated and how to give the administrators of computer networks more immediate "real-time control" of systems.
The commission also found a dearth of public understanding about the problem. Accordingly, it recommended a White House conference on the subject and appealed for increased public school instruction about computer security.
For those higher up on the educational ladder, the commission recommends the National Science Foundation award grants of $10 million annually to graduate students studying ways to increase computer security.
The commission, according to administration officials familiar with its report, sounds an alarming note about the threat of computer terrorism, warning in one passage that a skilled criminal could disable an electrical power station using the Internet just as effectively as an old-fashioned terrorist could using a satchel of dynamite. The difference would be that the high-tech intruder would be harder to identify and apprehend.
Already, computer intruders have crippled 911 systems by using redial functions to flood operators with calls. In general, however, the commission's report focused on imminent or incipient problems that probably are not cause for alarm in the near future, an administration official said.
In one passage that is certain to rile computer privacy advocates, the commission endorsed the administration's position that encryption technology should be regulated, allowing law enforcement agencies, with a court order, to decode encrypted communications while investigating suspected crimes.
"This is not intended to scare America," the official said. "What we're saying is we really need to attend to this, and it's going to take time."
In general, however, the commission's report emphasizes that the government cannot be the sole guarantor of computer safety, and calls for cooperative efforts with academia and corporations that use networks.
"The federal government cannot do it all," the official said. "It should be a model. . . . It should work with the private sector."
© Copyright 1997 The Washington Post Company
Go to Federal Page | Go to Government | Go to Politics Section