Don't wait for Congress to act on the president's recommendations for critical infrastructure protection, federal officials urge
Agencies need to move quickly to secure their critical networks even without
the immediate backing of Congress and the president, federal officials urged.
It will take time before Congress can act on the president's recommendations
for critical infrastructure protection (CIP) within the National Plan for
Information Systems Protection, said Jeffery Hunker, senior director for
infrastructure protection at the National Security Council, at the CIP 2000 Conference.
There is no greater sin then recognizing a threat and doing nothing about
it, he said. "You should not be waiting, you should not be using the Congress
as an excuse for doing nothing," Hunker said.
Sen. Robert Bennet (R-Utah) said it might take some time for Congress to
be able to respond appropriately to security threats. "We are organized
to deal with Industrial Age problems," he said. "The "love bug' cut across
all these jurisdictions instantaneously, and Congress is not set up to deal
with issues that cut across jurisdictions."
Hunker outlined six elements from the president's plan that the administration
is asking Congress to fund but agencies can act upon on their own:
* Building a trained organization.
* Developing and using best practices and standards.
* Performing and using vulnerability assessments.
* Sharing security information.
* Working with warning response and recovery organizations.
* Developing systems for obtaining resources and assigning accountability.
"Even if it is a tiny step forward, all of us can move the ball forward
in our own organizations," Hunker said.
NEXT STORY: The real benefit of XML