Clinton: $1.4B to fight cyberterror

President Clinton last week said his fiscal 2000 budget request will include $1.4 billion for protection of the banking, electric and other critical systems and for computer security - a 40 percent increase in the two budget years since the president created the Critical Infrastructure Protection Commission.

The funding will include $500 million for a new critical infrastructure applied-research initiative. A portion of these funds will be spent on new initiatives to safeguard federal computer networks. Agencies also will use the funds to create linked computer intrusion networks for civilian federal agencies to notify computer systems administrators when a federal system is attacked [FCW, Nov. 2, 1998].

The president's budget also will call for the creation of Information Sharing and Analysis centers, in which the federal government will provide private industry with information about threats to industry computer systems without compromising privacy, civil liberties or proprietary data. The proposal also will call for a new government "cybercorps," composed of newly recruited experts, to respond to attacks on federal agency computer networks.

"For too long the problem has been that not enough has been done to recognize the threat and deal with it," Clinton said Jan. 22 during an address at the National Academy of Sciences. "And we in government, frankly, weren't as well-organized as we should have been for too long. But because of the speed with which change is occurring in our society...we have got to do everything we can to make sure that we close the gap between offense and defense to nothing."

Jeffrey Hunker, director of the Critical Infrastructure Assurance Office (CIAO), which the president created last year to coordinate the government's work to protect the systems that support the banking, electric, transportation and other critical industries, said the threat of cyberterrorism figures just as prominently as the threat of weapons of mass destruction in Clinton's proposal. That signals "the seriousness by which we take the threat," he said.

Hunker said the research initiative will include funds to develop artificial-intelligence capabilities that will be designed to detect anomalies on federal agency systems - such as hackers stealing passwords - and then notify the systems' administrators of the attack.

Research efforts also will include designing automated techniques to identify "trap doors" or other security hazards that may be inserted into the software code used by federal agencies.

Barry Collin, director of the Los Angeles-based Center for Technology and Terrorism Studies, said the initial government efforts to fight physical terrorist attacks, such as bombings, were hampered by overlapping efforts in agencies and the absence of a coordinated effort.

However, the president's announcement, coupled with the work of the CIAO, has ensured that the same problems will not occur in the government's fight against cyberterrorism, he said.

"We're doing it the right way in the cyberworld," Collin said. "The attempt to coordinate these activities on an inter-agency basis...is what I think is most significant in the move toward this coordinated process. This is a reasonable start, and I'm sure it will grow over time. We don't want it to turn into a frenzy.

"It should be a controlled and coordinated growth effort of research and deployment," he said.