29 January 2002
Source:
http://usinfo.state.gov/cgi-bin/washfile/display.pl?p=/products/washfile/latest&f=02012801.glt&t=/products/washfile/newsitem.shtml
US Department of State
International Information Programs
Washington File
_________________________________
28 January 2002
(Private sector must make key contributions, Bush advisor says) (640) By Charlene Porter Washington File Staff Writer Washington -- The Bush administration aims to develop a new strategy for security of information systems by June, according to Paul Kurtz, the White House senior national security director and director of Critical Infrastructure Protection. Kurtz sought support and collaboration from the private sector January 25 when he outlined the administration's goals before an audience of about 500 specialists in business intelligence software. "The good ideas come from you," Kurtz said in the keynote speech at a two-day conference focused on cyber security, homeland defense and the protection of information infrastructure. The Washington-based business intelligence company MicroStrategy sponsored the meeting. In May 2001, President Bush began a review of homeland security, Kurtz said, placing special emphasis on protection of the information infrastructures that support the pillars of a technologically advanced nation -- business, finance, government, energy, transportation and communications. The September 11 terrorist attacks made the project more imperative, he said, and underscored that the nation must prepare itself for a wholly different form of hostile action than what defense planners had focused on during the last half of the 20th century. "This isn't a missile over the (North) Pole," Kurtz said. The nation must now focus on "attacks that can be launched anywhere on the planet, perhaps by a small group of people." The objective in drawing a new protective strategy for information infrastructure will be to "get in front of attacks" such as those the nation experienced on September 11. Asked if the industry representatives on hand for the meeting endorsed the Bush administration's push for stronger cyber security, MicroStrategy spokesman Marc Brailov said, "No question. The industry is on the front lines. We're part of the solution, and we're a target." Kurtz said the private sector owns 80 percent of the U.S. information infrastructure, so the administration is devoted to winning cooperation and support from industry in development of the new strategy. He hopes that the strategy drawn over the next several months will be "largely authored" by the private sector. As currently envisioned by the Bush administration, Kurtz said the new strategy will avoid excessive government regulation and break down existing barriers to sharing information between private and public institutions. The proposition of sharing information could violate some traditional corporate precepts of maintaining confidentiality in order to gain an edge over competitors, but Brailov said in an interview after Kurtz's speech that "the issue transcends competition" in the post-September 11 environment. Kurtz said another component of the cyber security plan would be to develop fail-safe protections for critical government systems. He said the administration is attempting to construct secure and reliable networks for public safety agencies, such as the Federal Aviation Administration, the Secret Service, the Federal Emergency Management Agency and others. Information technologies have evolved at a rapid pace. The threats to those systems can evolve and mutate just as rapidly, Kurtz warns, so government and business must work together to develop a warning system that uses common reference points to detect an attack on information infrastructure. Kurtz advised the business executives to take a variety of steps to protect their own organizations. He suggested they identify critical information systems essential to maintaining operations, and determine the vulnerabilities of those systems. Security procedures should be in place, and employees should be educated in their importance. Kurtz said companies should constantly review their security measures, and run drills on how to respond to attacks. "The worst case can happen," Kurtz cautioned. "You need to build it into your business plans." (The Washington File is a product of the Office of International Information Programs, U.S. Department of State. Web site: http://www.usinfo.state.gov)