Center for Strategic Assessment and forecasts

Autonomous non-profit organization

Home / Defence and security / / Articles
Plans and redevelopment
Material posted: -Publication date: 18-08-2001

Back in 1996, during the reign of the Clinton administration, was formed the Presidential Commission on critical infrastructure protection (President's Commission for Critical Infrastructure Protection). The report of this Commission revealed the vulnerability of US national security in the information sphere, and the result of its work became the presidential Directive # 63, signed in June 1998 (PDD-63). It formed the basis of government policy of ensuring information security of critical infrastructure.

THE APPROACH OF THE CLINTON ADMINISTRATION

Pursuant to the instructions of the President outlined in this Directive, was developed by the national plan for the protection of information systems of the United States, signed by the President January 7, 2000 Under this plan, the Clinton administration immediately announced that he was going to ask of 2.03 billion. from the Federal budget in the next fiscal year to perform work for the protection of critical infrastructure. Among the major programs outlined in the plan, the most significant are the following.

A plan for the formation of the Federal service of computer training (the required amount of funding - $ 25 million.). It includes a variety of activities. One of them is payment by the Federal government through the national science Foundation two-year undergraduate or postgraduate education in the field of information security in exchange for the signing of a contract for government service in the departments of information security. Training is conducted in educational institutions with relevant programs and includes a summer internship in government institutions, visits of thematic scientifically-practical conferences.

The second program involves establishing a Centre of excellence in the field of information technology (CIET) to provide retraining of administrators working in Federal information systems and information security specialists.

The third program is designed to prepare students in secondary schools, their teachers, and the General public on matters of information security.

Fourth, the program should promote understanding of the issues of information security among Federal employees.

At the insistence of the White house have any permanent group of expert control (the required amount of funding - $ 5 million.). According to representatives of the Clinton administration, the presence of such a group would give the opportunity to constantly monitor the progress of the information security agencies, studies on the vulnerability analysis, etc. Group must have support from the National Institute of standards and technology.

Appeared Federal network intrusion detection (FIDNET, the required amount of funding - $ 10 million.) for civil government agencies. The Ministry of defence and the national security Agency (NSA) have their own network intrusion detection. Together, they will be linked with the National center of infrastructure protection FBI.

When Clinton began forming a management infrastructure open keys of cryptographic protection of information (7 million dollars). This infrastructure (PKI) allows you to establish a two-way confidential connection with authentication over public communication channels. It is very important for e-Commerce systems, as well as government agencies, since it allows to simplify the process of sharing information with contractors and clients. This initiative involves the implementation of 7 pilot programs in various Federal agencies.

In addition, $ 50 million. the Institute was intended to protect the information infrastructure. It was assumed that these funds will become the Foundation Fund research and development used by the National Institute of standards and technology (NIST) to support research that otherwise could not be conducted by Federal agencies or by private enterprises. Currently, almost all of the current information studies in information security are the agencies ensuring national security.

Funding over the past four years in the field of ensuring information security of the critical infrastructure of the United States during the administration of President Clinton was as follows (see table, data are shown in millions of dollars source U.S. Congressional Research Service).

 

THE FIRST STEPS OF THE BUSH ADMINISTRATION

Now the Bush administration is reviewing approaches to improve work in the field of coordination and guidance for the protection of critical infrastructure. Apparently, in this direction there are two probable solutions.

The first is that the national security Council undergoes significant restructuring. All groups included in it will be removed and then formed again, under the new structure. To what extent the SNB will maintain leadership for the coordination of works in the field of critical infrastructure protection, is unclear.

Debate continues on the merits of the introduction in all government departments of the Institute of authorized representatives for Informatization, whose duties should be included the protection of all Federal non-national security computer systems, and coordination of activities for the protection of the computer systems of the private sector.

According to available information, currently there are many proposals to change the existing organizational structure and functional responsibilities of some heads and their subordinate structures, identified in PDD-63. According to some proposals, the main monitoring and coordinating work in the field of critical infrastructure protection will take on directly the White house as part of a wider functions of countering terrorist acts in the country.

Another approach was put forward by the Commission on national security in the twenty-first century (Commission of the HART-Rudmena), whose members proposed the formation of a new National security Agency of the country (National Homeland Security Agency) on the basis of Federal Agency of emergency management (FEMA), adding a coast guard, border and customs, some other departments. NHSA would also include the management, responsible for the protection of critical infrastructure.

It is assumed that the existence of safety Management of critical infrastructure (Critical Infrastructure Assurance Office, CIAO) will cease at the end of the current fiscal year, although it occupied a key place in politics for the protection of critical infrastructure the Clinton administration.

In this connection it is interesting to know what role to play in the Bush administration's national center for infrastructure protection (National Infrastructure Protection Center, NIPC).

NIPC, under the control of the FBI, recently was criticised for what his staff are focused on research and litigation, having structures and equipment for synthesis and analysis of information from various sources, and also because of the unwillingness to impart information obtained from its own sources, although this function is prescribed to the Center of PDD-63. That there were certain problems with the functioning of the NIPC, the evidence put forward in the summer of 2000 a proposal to form a Group to coordinate computing infrastructure at the national security Council of two departments: the working group on the analysis of computer incidents and the steering group of analysis of incidents.

NIPC will be under the guidance of the working group, which includes the head of the joint working group security of computer networks of the Ministry of defence, the chief of information operations from the national security Agency, Director of FedCIRC and the representative of the Minister of justice. This group considers any significant incidents related to computer technology, to determine coming from a "threat" to American economic and / or military security, but also to plan the response to these actions. The functions of this group largely mirror those that assigned to NIPC according to PDD-63. However, with the advent of the new administration group, like all others in the national security Council, was disbanded and to date there is no information about whether it is restored.

The extent to which the Bush administration will perceive some other initiatives of the Clinton administration for the protection of critical infrastructure, like the Federal training program, the creation of FIDNET and FedCIRC, as well as programs for research and development, is not yet known.

 

INSIGHTS

Thus, the approaches and attitudes of the new administration in the sphere of ensuring information security of critical infrastructure are significantly different from those of its predecessor. In this regard, in the near future, along with changes in the national security concept, military doctrine and the U.S. foreign policy should expect serious changes in the structure and functions of forces and means, formed to meet the requirements of PDD-63.

Analysis of available statistics relating to the dynamics of computer incidents, allows to speak about the fact that currently available in USA structure is ineffective. This relates primarily to the organization to counter the so-called distributed attacks denial of service (distributed denial of service attacks): the current system of information distribution between government and private entities is not always possible to quickly form a strategy to counter such attacks.

This should take into account that today the issues of ensuring U.S. national security in the information sphere takes about 40 government agencies, but to date there is no any reliable system of security of national information systems.

The results of the work of our American colleagues can serve as a good example of the complexity of the problems that arise when trying to solve the issues of information security of the state, its information potential, but also to determine the nature of the threats emanating from cyberspace.

Source: http://nvo.ng.ru/spforces/2001-08-17/7_plans.html

Tags: USA , security , threat


RELATED MATERIALS: Defence and security