Agencies urged to secure networks

Agencies need to move quickly to secure their critical networks even without

the immediate backing of Congress and the president, federal officials urged.

It will take time before Congress can act on the president's recommendations

for critical infrastructure protection (CIP) within the National Plan for

Information Systems Protection, said Jeffery Hunker, senior director for

infrastructure protection at the National Security Council, at the CIP 2000 Conference.

There is no greater sin then recognizing a threat and doing nothing about

it, he said. "You should not be waiting, you should not be using the Congress

as an excuse for doing nothing," Hunker said.

Sen. Robert Bennet (R-Utah) said it might take some time for Congress to

be able to respond appropriately to security threats. "We are organized

to deal with Industrial Age problems," he said. "The "love bug' cut across

all these jurisdictions instantaneously, and Congress is not set up to deal

with issues that cut across jurisdictions."

Hunker outlined six elements from the president's plan that the administration

is asking Congress to fund but agencies can act upon on their own:

* Building a trained organization.

* Developing and using best practices and standards.

* Performing and using vulnerability assessments.

* Sharing security information.

* Working with warning response and recovery organizations.

* Developing systems for obtaining resources and assigning accountability.

"Even if it is a tiny step forward, all of us can move the ball forward

in our own organizations," Hunker said.