Download Locations

• U.S. Department of State

Summary

The nation's health, wealth, and security rely on the supply and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures (e.g. electricity, the power plants that generate it, and the electric grid upon which it is distributed or financial capital, the institutions that manage it, and the record- keeping and communications that move it from one institution to another). Computers and communications, themselves critical infrastructures, are increasingly tying these infrastructures together. There is concern that this reliance on computers and computer networks makes the nation's critical infrastructures vulnerable to "cyber" attacks. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive sets up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and calls for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect the nation's critical infrastructures by the year 2003. PDD-63 identified 12 areas critical to the functioning of the country: information and communications; banking and finance; water supply; transportation; emergency law enforcement; emergency fire service; emergency medicine; electric power, oil, and gas supply and distribution; law enforcement and internal security; intelligence; foreign affairs; and national defense. The Directive assigned a lead agency to each sector to coordinate efforts at protecting the infrastructure upon which each of these areas depend. Where private operators are involved, the lead agency is responsible for identifying private sector coordinators with whom to work to develop a National Plan (on January 7, 2000 the Clinton Administration released Version 1.0 of this National Plan which pertains primarily to the government sector). The Directive ultimately envisions a national early warning and response capability, where cyber attacks can be detected, warnings issued, and responses coordinated. It calls for the private sector to set up Information Sharing and Analysis Centers that would allow them to participate in this national effort. In its FY2001 budget, the Clinton Administration estimated that they requested $2.03 billion for activities related to critical infrastructure protection. While much of this funding is buried within ongoing operating and equipment accounts, making it difficult to track during the appropriations process, there were a few high visibility initiatives. These included $25 million to set up a Federal Cyber Services Training and Education program, $10 million to begin a pilot Federal Intrusion Detection Network, and $50 million to establish an Institute for Information Infrastructure Protection. Congress provided mixed support for these initiatives. PDD-63 and its implementation raise a number of issues. Among them is the ability and willingness of the private sector to cooperate with the federal government in sharing information. To what extent will the federal government get involved in the monitoring of privately o perated infrastructures and what are the privacy implications? Costs are also unknown. And, it is unclear at this time whether the Bush Administration will reaffirm PDD-63 or pursue a different strategy.

XML