Clinton forms security panel

President Clinton last month signed an executive order to create the National Infrastructure Assurance Council, the final organization to be established as part of an overall structure to protect the critical infrastructure of the United States against cyberterrorism and other attacks.

The council will be made up of 30 people from federal, state and local governments, as well as the private sector. As outlined in the May 1998 Presidential Decision Directive 63, its main purpose is to enhance and continue to develop the partnership between the public and private sector on initiatives already in place. This includes the Information Sharing and Analysis Centers (ISACs) that are being set up across the country to exchange information about vulnerabilities, cyberattacks and intrusions.

The membership will be focused on CEO-level officials from industry and high-level representatives from academia and public interest groups who have a background in infrastructure assurance to ensure that their perspective is included in the federal picture, said a senior official who is helping to create the council.

"It's allowing for a broader policy discussion that doesn't go on right now," the official added.

The establishment of the NIAC rounds out the group of organizations created to provide critical infrastructure protection (CIP). Its sister groups, including the Critical Infrastructure Assurance Office and the National Infrastructure Protection Center, have been in place for more than a year, putting in place a government and industry foundation that the NIAC will build upon.

Although steps already have been taken in this direction by the NIPC, the CIAO and other groups, the formation of the NIAC will make a difference, officials said.

"I think this is an important step in making real the president's vision of a public/private partnership," said John Tritak, the new director of the CIAO.

The timing of the council's creation also is important, Tritak said. The growing immediacy of the Year 2000 problem is forcing people to think about the concept of critical infrastructure in a way that can only help the security side of the issue, he said. "Our view has always been that the Y2K problem is a critical infrastructure problem," he said.

Federal agencies are well on their way to developing and putting in place their CIP plans, and the NIAC's emphasis will be mostly on getting industry and other private-sector groups to cooperate in this effort, according to the executive order Clinton signed.

"The NIAC will meet periodically to...propose and develop ways to encourage private industry to perform periodic risk assessments of critical processes, including information and telecommunications systems," the executive order stated.

Richard Clarke, the national coordinator for Security, Infrastructure Protection and Counter-Terrorism at the National Security Council, will serve as executive director of the NIAC. The council will work with the other organizations to coordinate federal and industry preparation and response planning.

Jeffrey Hunker, the senior director for CIP at the National Security Council, will serve as the NIAC's liaison to the federal agencies. Hunker moved to his position at the National Security Council in June after serving as director of the CIAO since its inception in May 1998.

Clarke and Hunker could not be reached for comment last week, but according to the senior federal official, the NIAC also will rely on both the NIPC's work to lead federal preparation for and response to cyberattacks and the CIAO's coordination of both government and industry to develop a national plan for CIP.

The two groups will be independent from the council, contributing the experience and information they have gathered in the past year and a half, Tritak said.

"We already work closely with [Clarke], and the best way to categorize our role at this point is in a support role," he said.

The council will report regularly to the president through the assistant to the president for national security affairs, who will coordinate any policy decisions and necessary responses with the assistant to the president for economic policy.