WASHINGTON-The Clinton administration’s long-overdue plan for protecting wireless systems and other computer-dependent industrial sectors against cyber attacks was criticized on Capitol Hill last week for being ill-conceived and possibly in violation of wiretap laws.
“Our enemies don’t need to risk confronting our powerful military if they can attack vulnerabilities in our critical information infrastructure,” said Sen. Jon Kyl (R-Ariz.), chairman of the Senate Judiciary subcommittee on technology, terrorism and government information, at last Tuesday’s hearing. More hearings are planned this year before lawmakers decide whether legislation is necessary.
Just as they have struggled with digital wiretap, encryption and other digital policies, government policy-makers, law enforcement and industry are challenged with balancing privacy and national security in fashioning a plan to guard against cyber terrorism.
Besides being angry about the administration being more than a year late with its Jan. 7 cyber defense plan, Kyl said his early criticism of the administration’s draft plan was not addressed in the final National Plan for Information Systems Protection. Kyl penned an amendment to the 1996 Defense Authorization Act that mandated the national cyber defense plan.
In particular, Kyl said the Pentagon’s role should be elevated. Kyl said that, according to the National Security Agency, more than 100 countries are working on information warfare tactics.
Among those is China, which, according to the Chinese Liberation Army Daily (the official newspaper for the Chinese People’s Liberation Army), believes the integration of Web warfare into conventional combat will be key to success in conflicts of the future.
Sen. Robert Bennett (R-Utah), chairman of the Senate Special Committee on the Year 2000 Technology Problem, was even more critical than Kyl. “The plan is flawed.”
Among Bennett’s criticisms are the plan: (1) does not clearly lay out the roles of NSA and the Defense Department; (2) puts too much emphasis on cyber attacks by hackers and not enough on threats by hostile nation states; (3) does not address reconstitution and recovery; and (4) will be difficult to oversee in light of multiple-committee jurisdiction and the prospect for splintered funding.
In written testimony, the General Accounting Office said the plan should de-emphasize intrusion detection capability and stress giving federal agencies necessary tools and incentives to implement management controls to assure comprehensive computer security programs.
President Clinton’s 2001 budget proposal will include $2 billion (a $160 million, or 15 percent, increase from fiscal year 2000 funding) for critical infrastructure. The administration has developed and funded other initiatives to defend against cyber attacks as well.
John Tritak, director of the Critical Infrastructure Assurance Office, said the national cyber plan is essential to national security and economic security. “We’re invaded every day,” said Tritak.
But Tritak stumbled badly in defending the legality of at least one provision that the Justice Department and a leading privacy advocate say likely violates the wiretap statute.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the White House’s intention to create a federal agency with an open-ended authority to monitor and track communications across all government networks violates the wiretap law.
