Coordination urged on cyberterror

Calling the Internet and information technology "tools of freedom in the

21st century," Virginia Gov. Jim Gilmore told a House committee Oct. 17

that the nation's cybersecurity efforts to protect those tools need to encompass

all levels of government — local, state and federal — as well as the private

sector.

Gilmore told the House Science Committee that following the Sept. 11

terrorist attacks, officials must assume that terrorists or hostile nations

are capable of severely disrupting the country's critical infrastructures.

Gilmore is chairman of an advisory panel that Congress established in 1999

to assess America's ability to respond to terrorism involving weapons of

mass destruction.

Critical infrastructures — such as banking and finance systems, health

care facilities, the delivery of goods and more — all rely on IT connections

and databases, "and each can be shut down or severely handicapped by a cyberattack,"

he said.

In Virginia, a state that contains information assets at critical sites,

such as the Pentagon, the CIA and a Federal Reserve Bank, state officials

are developing a plan that could be a model for a national cybersecurity

strategy, Gilmore said. The plan involves cataloging current and new critical

information assets, establishing a program to manage each one's unique risk

and coordinating preparations with federal government, state, industry and

public organizations that depend on them, he said.

Gilmore offered several recommendations to the panel on how to manage

cybersecurity:

* Create an independent advisory board to evaluate programs that are

designed to promote cybersecurity and recommend strategies to the president

and Congress. The panel would review federal laws relating to cybersecurity,

study cybersecurity issues and provide new ideas to the director of the

Office of Homeland Security, Tom Ridge.

* Create a nonprofit organization to represent the interests of public

and private stakeholders and hammer out disagreements on the sharing of

intelligence and real-time information between them. The private sector

is concerned about how sharing data could impact customers' privacy, and

companies want to guard their proprietary information, such as earnings,

Gilmore said.

* Create a special "cyber court," similar to the court allowed under

the Foreign Intelligence Surveillance Act, that would enable prosecutors

and investigators, working with judges experienced in cybersecurity issues,

to act quickly while protecting civil liberties.

* Create a publicly funded consortium of nonprofit universities and

think tanks that would enhance cybersecurity research and development efforts

and boost the number of researchers in future generations. The Science Committee

recently held a hearing on the lack of cybersecurity research being done,

and Chairman Sherwood Boehlert (R-N.Y.) said this proposal in particular

"is music to our ears."

* Have all government agencies continue their Year 2000 offices as "cybersecurity

offices."