SETTING PRIORITIES to Protect the Nation’s Infrastructure

Heightened attention to security makes re-examining infrastructure protection on a step-by-step basis paramount to all Americans’ safety.

“Structural, cultural, institutional and statutory changes are needed to secure the nation’s infrastructure so that terrorists have less incentive to attack, and the nation can respond quickly if they do.” So says the Working Group on Infrastructure Protection and Internal Security, a panel of experts and government officials with expertise ranging from aviation security to international affairs. The panel has compiled a report outlining the top priorities for protecting the national infrastructure, including six objectives:

• To reorganize by Presidential directive all federal agencies involved in protecting infrastructure;

• To designate the Global Positioning System (GPS) frequencies and network as critical national infrastructure;

• To facilitate communication on infrastructure issues between the Office of Homeland Security and state and local officials;

• To enhance the private sector’s role in infrastructure protection;

• To institute new guidelines to monitor more closely who or what is entering U.S. airports and seaports; and

• To secure all federal networks and information systems.

“The priorities represent new approaches to protecting the nation’s infrastructure,” says Michael Scardaville, who speaks for the Working Group in the report. “If implemented, the priorities will enhance federal, state and local efforts.”

Reorganization

Under President Clinton, critical infrastructure protection was divided into several categories and assigned to different arms of the federal government. The Department of Commerce, for example, was in charge of information and communications, while the Department of Energy handled electric power, gas and oil issues. This system became problematic because functions of infrastructure protection were given to the wrong agency, there was no clear chain of command and there was no oversight mechanism.

Since being elected, President Bush has addressed some of these issues. He appointed Richard A. Clarke as a special advisor for cyber-security, and formed a Critical Infrastructure Protection Board and the National Infrastructure Advisory Council.

While these measures help the government to work as a cohesive unit, the Working Group suggested several more changes. The group’s main proposal is that the Office of Homeland Security serve as an oversight group that can give annual assessments of federal infrastructure protection efforts.

“The development of a national strategy should not be viewed as an end in itself,” said John S. Tritak, director of the Critical Infrastructure Assurance Office, in a statement to the Senate Committee on Governmental Affairs. “It should be part of a dynamic process in which government and industry continue to modify and refine their efforts at critical infrastructure assurance.”

GPS: Embracing the technology

On the day before the Sept. 11 attacks, the Department of Transportation released a report assessing the vulnerability of national transportation infrastructure relating to GPS. The report concluded that GPS is vulnerable to disruption from causes such as atmospheric effects, signal blockage from buildings, interference from other communications equipment and deliberate disruption.

“The DOT will be working to ensure that GPS will fulfill its potential as a key element to the nation’s transportation infrastructure,” says U.S. Transportation Secretary Norman Y. Mineta.

After the attacks, the need to close GPS vulnerabilities is paramount. The Working Group points out several industries that already rely heavily on GPS, including telecommunications, the national electric grid, the financial sector, and of course, the transportation industry.

Working with the private sector

The Working Group suggests antitrust law exemptions to facilitate information sharing and other methods to remove government roadblocks hindering private sector help in critical infrastructure protection.

The Group proposes an exemption to the Freedom of Information Act for federal agencies that deal with information on infrastructure from the private sector. This exemption would protect the secrets of businesses that cooperate in efforts to assess threats to critical infrastructure.

“Many private firms are reluctant to provide extensive information on vulnerability or intrusion because they fear that information could become public,” Scardaville notes. “The release of such information could adversely affect public or shareholder confidence.”

Other suggestions include removing tax penalties that make it difficult for the private sector to invest in security, and government-created risk assessment programs for the private sector.

Watching our transportation hubs

“According to the DOT, 211,000 ships entered U.S. waters in 2000, and air traffic between the U.S. and the rest of the world can exceed 11 million passengers and more than 700,000 ton of freight in any one month,” Scardaville says. “Yet, beyond the consular visa application process, there are few government programs to monitor foreign passenger traffic for potential terrorists. And only 3 percent of shipping containers entering the U.S. are inspected after entering a port.”

How can these problems be addressed? The answer can be seen at every airport in the country. As the arm of infrastructure already proven vulnerable, tighter security at airports has dominated the news since Sept. 11.

Included in the security upgrade: Complete federalization of airport employees; and the ordering of millions of dollars in explosives detection and security equipment.

Seaport security has come along slower, but is progressing. A new Port Security Grants program allotting more than $93 million in funding for security upgrades at seaports was approved in early March.

Cyber security: Our greatest vulnerability?

Clarke, President Bush’s top computer security advisor, says high-tech companies, customers and government agencies are well aware of their own security vulnerabilities but are reluctant to pay to fix them.

Clarke warns that it is just a matter of time before terrorists use those flaws to their advantage — launching an attack on critical infrastructure such as the electricity grid or air traffic control.

“They look for the seams,” Clarke said during a speech at the RSA Conference in San Jose, Calif. “Our infrastructure is fragile.”

The Working Group’s suggestions for increased infrastructure security addresses this issue, pointing out that all federal agencies should focus on network purchasing decision that rely “more on security than on cost.”

“One does not have to be a cyber-terrorist or an information warrior to obtain and use these new weapons of mass destruction,” Tritak says.

Clarke supports a government-only Internet system called GOVNET, which the General Services Administration (GSA) may attempt to implement.