9 May 1998


[Willis Ware is Chairman of the Computer System Security and Privacy Board]

To: jya@pipeline.com
Subject: DOCUMENT ON NATIONAL INFORMATION INFRASTRUCTURE
Date: Fri, 08 May 98 10:18:11 PDT
From: "Willis H. Ware" <willis@rand.org>

John:

In view of your recent message that contained commentary about germ attacks
and anticipated government reaction to the infrastructure issue, may I call
your attention to the following new document.

Under a RAND contract with OSTP (via NSF) that supports a project known as
the Critical Technologies Institute, I completed early in the year and have
just published (via RAND) a short (35 page) discussion entitled:

    The Cyber-Posture of the National Information Infrastructure

It sets forth my views on the critical infrastructure issue, and does not
challenge or conflict with the Commission report but rather supplements it
with new constructs and points of view.  Among other things, I included an
overview of the history of infosec R&D as the basis for thinking about the
R&D needs of the infrastructure.  There is also a set of seven
getting-started understand-the-issue actions that the government could
undertake promptly.

This will be available in hard copy in the coming week, but meanwhile its
full text is at:

    http://www.rand.org/publications/MR/MR976/mr976.pdf

    [HTML version: http://jya.com/mr976.htm]

Comments on my piece are welcome because the topic is going to stay on my
mind.
======================
FYI - in case you would want to reference these sources or use them.

There is quite a collection of documents (on many topics) at the RAND
external web page at:

	http://www.rand.org/PUBS/index.html
and     http://www.rand.org/publications/electronic/

plus some classics at:
	http://www.rand.org/publications/classics/

Included in the last URL is the complete set of Paul Baran's documents from
the mid-60s that layout (what we now know as) packet-switching.


			Willis H. Ware
			RAND   Santa Monica, CA