[IWAR] US IWAR effort, press conference

From: 7Pillars Partners (partnersat_private)
Date: Sat May 23 1998 - 12:24:21 PDT

  • Next message: lcs Mixmaster Remailer: "[IWAR] CLINTON/BROWN Ron Brown crash due to bad charts"

    The White House Briefing Room
    
    
    
    May 22, 1998
    
    PRESS BRIEFING BY RICHARD CLARKE, NATIONAL COORDINATOR FOR
    SECURITY, INFRASTRUCTURE PROTECTION, AND COUNTER-TERRORISM; AND
    JEFFREY HUNKER, DIRECTOR OF THE CRITICAL INFRASTRUCTURE
    ASSURANCE OFFICE 
    
    
    
    
    
                               THE WHITE HOUSE
    
                        Office of the Press Secretary
    ________________________________________________________________
    For Immediate Release                               May 22, 1998     
    
                              PRESS BRIEFING BY
                               RICHARD CLARKE,
                  NATIONAL COORDINATOR FOR
         SECURITY, INFRASTRUCTURE PROTECTION, AND COUNTER-TERRORISM;
                             AND JEFFREY HUNKER,
          DIRECTOR OF THE CRITICAL INFRASTRUCTURE ASSURANCE OFFICE 
    
                              The Briefing Room
    
    
    3:50 P.M. EDT
    
    
                 MR. RUBIN:  This is a briefing on the initiatives the 
    President announced earlier today in Annapolis.  The briefers will be 
    Richard Clarke, the National Coordinator for Security, Infrastructure 
    Protection and Counter-terrorism; and Jeffrey Hunker, Director of the 
    Critical Infrastructure Assurance Office.  Thanks.
    
                 MR. CLARKE:  Thank you.  I'll keep this brief.  You 
    heard the President's speech in Annapolis, and you've seen the text.  
    The announcements are based on two national security directives that 
    he signed yesterday, and you have fact sheets on those.  Let me just 
    run through quickly the three components that come out of those two 
    directives.
    
                 One, created the system of program management for 
    security issues and counter-terrorism issues.  Program management 
    that focuses on lead agencies, lead agencies being clearly 
    identified, what agency has the responsibility for the federal 
    government to lead the interagency process on each issue relevant to 
    security and counter-terrorism.  The lead agency should in turn then 
    identify a program plan with goals and specific milestones.
    
                 The second element, and the subject of PDD 63, is 
    critical infrastructure protection, or cyber-security.  For the first 
    time, a President said that critical infrastructure protection, 
    cyber-security, was a national security issue.  He called for the 
    creation of a national protection plan over the course of the next 
    three years to raise our defenses against cyber-attack.  And he 
    called for a unique, and in his words, genuine private-public 
    partnership, because the critical infrastructure which could be 
    attacked, the electrical power grids, the telecommunications grids, 
    are privately owned and operated.  And therefore the government 
    cannot unilaterally create a defensive structure for critical 
    infrastructure.
    
                 Moreover, the government doesn't have the solution.  The 
    government, under the President's directive, will work cooperatively 
    with the private sector to develop the National Protection Plan.  
    We're not saying we have the answers; we're looking forward to a 
    genuine partnership with the private sector to develop the answers.
                 
                 The third element of the two directives was an 
    initiative on weapons of mass destruction consequence management, 
    particularly biological weapons.  And there are four elements to 
    that.
                 
    
                 First, the improvement of a national surveillance system 
    based on the public health system around the country to detect and 
    diagnose not only emerging infectious diseases but also a possible 
    biological weapons use.
                 
    
                 Secondly, a response capability to give local 
    authorities the equipment, the training necessary to deal with an 
    emergency involving biological weapons or chemical weapons.
                 
                 Thirdly, a program for the first time to procure 
    stockpile around the country for the civilian population -- 
    vaccinations and specialized medicines to protect against biological 
    weapons.
                 
                 And the fourth element, a research and development 
    program focusing on genome mapping of pathogens so that we'll be able 
    to use the new techniques in bioengineering and genetic engineering 
    to develop better medicines and better vaccinations to protect 
    against the new advances in biological warfare that can occur using 
    genetic engineering.
                 
                 So those are the three elements of the program.  We have 
    issued fact sheets on all of them, but we'll be glad to take any 
    questions you might have.
                 
                 Q    What kinds of vaccines and special medicines are 
    going to be stockpiled?
                 
                 MR. CLARK:  The President has asked the Secretary of 
    Health and Human Services to come back with an answer to those 
    questions in the very near future.  In the discussions to date, HHS 
    -- which really is the expert on this, and I would refer you to -- 
    but HHS has focused on medicines designed to deal with anthrax and 
    with smallpox.
                 
                 Q    Anthrax and smallpox?
                 
                 MR. CLARK:  Primarily.
                 
                 Q    Could you say what companies have agreed -- private 
    companies have agreed to take part?
                 
                 MR. CLARK:  There have been no discussions today with 
    private companies.  The government is right now sizing the 
    requirement, developing a specific requirement level and a multi-year 
    program plan.  And it would be inappropriate at this point to have 
    discussions with any companies.
                 
                 Q    Have you got any kind of cost figure for this?
                 
                 MR. CLARK:  That's part of what the President has asked 
    HHS to develop, and the Office of Management and Budget is working 
    with them to develop, in the very near future, a multi-year phased 
    plan that would perhaps begin with funds this year but certainly 
    would stretch out over the course of several years.
                 
                 Q    Will the infrastructure -- the government-based 
    infrastructure groups have information that is not available to the 
    public, and how will they decide what people in the private sector 
    are entitled to this information and which Americans aren't entitled 
    to this information?
                 
                 MR. CLARK:  I think it's actually more the other way 
    around.  The private sector is going to have information that the 
    government doesn't have.  Let me explain why I say that.  The private 
    sector is where the critical infrastructure is -- the telephone nets, 
    the electric power grids.  They will know far better than the 
    government when they're being attacked, when they're being probed, 
    what their vulnerabilities are.  And so what we're really trying to 
    do is establish a system whereby they are willing to share with the 
    government what might be proprietary information, what might be 
    information that's protected by privacy rights.  We understand those 
    sensitivities, but we also know that unless there's a partnership 
    between the government and the private sector, they may not be able 
    to develop and design a defense system to protect themselves against 
    critical infrastructure cyber-attack.
    
                 So there's going to have to be a sharing; we're going to 
    have to work it out.  But the information will at least be flowing in 
    two directions -- I think primarily from the private sector to the 
    government. 
                 
                 Q    Was there a secret drill a few months ago about how 
    to respond to a chemical weapons attack?  Can you talk about that for 
    a little bit?
                 
                 MR. CLARK:  There was an exercise -- a tabletop as we 
    call it -- which means nothing happened in the real world; everyone 
    involved was around the table -- there was a tabletop exercise last 
    month to examine what might happen in a biological weapons incident.  
    
                 And the purpose of those kind of exercises -- we've had 
    them now for the last four or five years; in fact last year's was on 
    cyber-attack; this year's was on biological weapons -- they're 
    designed primarily to identify roles and missions.  You say to a 
    group from 12 or 13 agencies, if this happened who would do what? And 
    you start getting very interesting answers and identify possible 
    conflicts in roles and missions, or in some cases you identify that 
    it's not clear that anybody thinks it's their responsibility.
    
                 That was the thrust of the exercise.  It was very 
    useful.  As a result of it, the Attorney General has tasked some 
    studies.  The Defense Department is doing some.  It's the kind of 
    thing that we do routinely, but they're very productive. 
    
                 Q    The President said today that intentional attacks 
    against our critical systems already are underway.  He was talking 
    about cyber-systems there I think.  Is he just talking about hackers 
    who are mischievous, perhaps malicious, or is he talking about actual 
    terrorists who are already doing that kind of thing?
    
                 MR. CLARKE:  When there is an attempt to crack into a 
    computer system, it's very difficult to know where it's originating.  
    The point of origin that shows up on the incoming message may not in 
    fact be the actual point of origin.  It's possible to spoof the 
    computer so that it thinks it's coming from one place, in fact it's 
    coming from somewhere else.  There is also a technique where you can 
    bounce through several computers.  It can originate in one, bounce to 
    another, bounce to another, bounce to another, and then do the 
    attack.
    
                 So we know that every day in the United States there are 
    hundreds of attempts to do nonauthorized intrusions.  Are they for 
    purposes of vandalism?  Are they for purposes of industrial 
    espionage?  Or are they for purposes of doing reconnaissance of 
    systems for a possible future attack?  It's very difficult to know.  
    And one of the things that the President's initiative hopes to create 
    is a system whereby we can find out what is the baseline on a 
    day-to-day basis, who is doing the attacking, and for what purpose.
    
                 MR. HUNKER:  One of the key conclusions of the 
    President's commission that laid the intellectual framework for the 
    President's announcement today was that while we certainly have a 
    history of some real attacks, some very serious, to our cyber- 
    infrastructure, the real threat lay in the future.  And we can't say 
    whether that's tomorrow or years hence.  But we've been very 
    successful as a country and as an economy in wiring together our 
    critical infrastructures.  This is a development that's taken place 
    really over the last 10 or 15 years -- the Internet, most obviously, 
    but electric power, transportation systems, our banking and financial 
    systems.
    
    
                 And as we get increased connectivity, each of these 
    systems becomes increasingly vulnerable not only to attacks directly 
    against it, but also to the secondary effects of attacks that might 
    affect a system elsewhere -- very similar to what we saw with the 
    kind of cascading collapse of electric power in the West last year.  
    We could see that also on the electronic basis as well.  So we 
    certainly have threats and a history of threats that's out there, but 
    the real challenge and the real concern is for the future. 
    
                 Q    Do you have any evidence that the Chinese 
    government might have been behind the recent hacker attack, 
    penetration of the Pentagon? 
    
                 MR. CLARKE:  I think any particular hacker attack is 
    best discussed either with the Pentagon or the Justice Department.  
    One thing that we should make clear is that the White House 
    involvement in critical infrastructure is at the policy level; It is 
    not at the operational level.  And it's not just inappropriate for us 
    to answer questions about specific attacks, we really often don't 
    know.
    
                 Q    Is there going to be legislation proposed in 
    connection with these directives, or does the President have all the 
    authority he needs just on an executive basis?
    
                 MR. CLARKE:  As I said, the President has asked the 
    Office of Management and Budget to work with the Department of Health 
    and Human Services to look at a multi-year program on the biological 
    weapons protection front, and that will undoubtedly result in some 
    appropriations.  In terms of new authorities, the Attorney General 
    has asked her staff to look at the biological weapons issue to see if 
    there are new authorities -- legislative authorities needed.  And 
    part of the work that Jeffrey's office will be doing with the Justice 
    Department on the cyber side is trying to see whether or not new 
    legislative authority is needed to do cyber-protection.
    
                 Q    Is there any way to protect against the satellite 
    failure that we had a couple of days ago?
    
                 MR. CLARKE:  Well, we don't really know yet what 
    happened.  At least I don't know what happened.  And until we do, 
    it's going to be a little difficult to say how you could protect 
    against that.  I think we're best waiting to see what happened.  
    That's a clear case of the private sector being critical to our 
    national infrastructure.  A satellite owned and operated entirely by 
    a private company, and nonetheless having an enormous effect 
    nationwide as a single point of failure.  It's a very good example of 
    how there are single points of failure that we don't even know about 
    because of the growth of our infrastructure, the rapid growth of our 
    infrastructure, and the fact that, frankly, we haven't been thinking 
    as a nation about the critical infrastructure, the vulnerability of 
    it, the fragility of it, the interdependence that has been generated 
    over the course of the last five or 10 years. 
    
                 Q    When I was asking you about private industry 
    cooperation, I was talking about in terms of infrastructure 
    protection.  I thought that Dell and some other companies, Bell 
    South, IBM, you had had discussions with them.  Is that not true?
    
                 MR. CLARKE:  In the course of the President's commission 
    work last year, the President's commission had discussions with 
    hundreds of private companies, in the telecommunications area, the 
    electric power area, the computer area.  Yes, absolutely.  And what 
    we're hoping to do now is to continue that dialogue to find out from 
    them what they think their vulnerabilities are, to help them assess 
    what their vulnerabilities are, and to find if there isn't a way for 
    us together, government and private sector, to coordinate our efforts 
    
    
    in research and development, to coordinate our efforts in information 
    sharing, so that we can raise higher the barriers of defense for 
    critical infrastructure and cyber-security nationwide. 
    
                 Q    But you don't consider that as part of this effort.  
    It's not going on now.
    
                 MR. CLARKE:  It was underway throughout the work of the 
    President's commission.  Now that the President has issued this 
    national security directive calling for a public-private partnership, 
    it will be underway again.
                 
                 MR. HUNKER:  Let me add to that.  Critical 
    infrastructure is unique in that we have interest from the Defense 
    Department and the defense community, the intelligence and the law 
    enforcement community, but this is also an economic agenda as well.  
    The safe, efficient, secure functioning of electronic and information 
    technologies is a prime foundation, is a critical foundation, for the 
    economic growth that we've had.  There are statistics that suggest 
    over the last five years that 25 or more percent of the economic 
    growth we've seen has come out of information technologies.
    
                 So, when we talk in terms of critical infrastructure 
    protection and cyber-protection, we're talking first and foremost 
    about good business practices for the companies and the industries 
    that are providing jobs through information technologies.  We're also 
    similarly talking about the fact that it is, in most cases, those 
    very same private infrastructures that are providing the basis for 
    much of our national defense.  I've seen the statistic -- I don't 
    know where it came from -- that suggests that 95 percent of all the 
    Defense Department telecommunications requirements are coming off of 
    private networks.  This gives you a sense in terms of the real unity 
    between our national security interests, traditionally defined, and 
    our economic security interests, and the real melding of the two.
                 
                 Q    There seems to be something of an interface between 
    what you're talking about and what Treasury has been talking about 
    regarding the way that the markets operate today and the tremendous 
    amount of money that's moving back and forth.  I was wondering if 
    these kinds of problems entered into your considerations -- you 
    mentioned the connection between economics and national security -- 
    and how you viewed that situation, how to protect against attacks on 
    the U.S. financial system?
                 
                 MR. CLARKE:  Well, Jeffrey is probably better situated 
    to answer that question, but I'll joint point out, as it says in the 
    fact sheet, in the President's directive, what he calls for is a 
    public-private partnership sector by sector throughout the economy.  
    And he identifies specific sectors.  One of them is banking and 
    finance.  And he designates the Treasury Department to be the federal 
    lead in organizing the U.S. government effort to talk to the banking 
    and financing sector and work out mutually a way of improving their 
    cyber-defenses.
                 
                 Thank you.
    
                 END                          4:05 P.M. EDT
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:03 PDT