Panel sets sights on infrastructures

Securing the nation's critical infrastructures - including the national telephone and computer networks - from attack will be the task of a new presidential commission.

The commission, formed last week by executive order, will be staffed mainly with representatives of law enforcement and Defense agencies. It will recommend policy and draft legislation for protecting critical infrastructures from malicious attacks and unplanned mishaps that could black out large, critical systems.

The Defense Department will act as the secretariat for the commission. The president will also name 10 private individuals to serve on an advisory committee that will make recommendations to the commission.

The commission is being formed on the recommendation of a high-level task force led by the Justice Department. The task force, called the Critical Infrastructure Working Group (CIWG), assembled in the wake of the Oklahoma City bombing.

Tasked with forming a preliminary analysis, CIWG determined that "there has been no central mechanism in government responsible for protecting our critical infrastructures from attack," said deputy attorney general Jamie Gorelick, speaking before the Senate Governmental Affairs Committee's Permanent Subcommittee on Investigations.

"There is a whole myriad of agencies, committees, commissions, task forces, working groups and advisory councils with authority over various aspects of the issue but with no one to set direction or take responsibility," Gorelick added.

This conclusion parallels a report issued in June by the minority staff of the Permanent Subcommittee on Investigations, which concluded that the federal government "is in need of a comprehensive strategy that addresses the vulnerability of our information infrastructure."

The subcommittee's report also concluded that the federal government "has been unable to adequately define the scope of the threat posed by computer attacks."

"What we need," Gorelick said at last week's hearing, "is the equivalent of the Manhattan Project for infrastructure protection - a cooperative venture between the government and private sector to put our best minds together. The executive order issued by the president yesterday does just that."

In its first year, the commission must assess the threat of attack to critical infrastructures, recommend a comprehensive national policy and implementation strategy, and propose regulatory changes and draft legislation.

The Electronic Privacy Information Center (EPIC), a Washington, D.C.-based organization, opposed the plan.

"The fact that control of this panel is going to the Defense Department should raise red flags," said David Banisar, a policy analyst for EPIC. "As we've seen in the past, the Defense Department gets overzealous of its control of information."

The order also establishes an interim Infrastructure Protection Task Force at DOJ to help prevent, halt and confine attacks to critical infrastructures. Headed by the FBI, it will include representatives from other agencies, including DOD.

In her testimony, Gorelick mentioned a series of attacks into computer systems, including the following:

* Between 1993 and 1995, a California man uncovered information about federal wiretaps by gaining control of computers running telephone switches. After discovering a criminal wiretap, he publicly disclosed the wiretap's existence.

* In 1992, a hacker gained access to the computer system of the Federal District Court in Seattle and obtained the passwords of the system administrator and a federal judge.

A private individual, appointed by the president, will chair the commission as a full-time employee.