STATE AND LOCAL GOVTS., CEOs SAID TO FOCUS MORE ON NETWORK SECURITY
Upcoming national homeland security strategy to be unveiled this summer will be broader than similar 2-year-old strategy released under Clinton Administration, John Tritak, dir.-Critical Infrastructure Assurance Office (CIAO), said in interview Fri. with our affiliated Washington Internet Daily. Overarching strategy will include private sector and state and local govts., where Clinton strategy focused mainly on federal programs and agencies, he said. In fact, 2 state organizations -- National Governors Assn. (NGA) and National Assn. of State Chief Information Officers (NASCIO) -- have been tapped to help CIAO create state-level network security strategy to be included in upcoming national strategy, he said. “It’s the Bush strategy version 1.0, not version 2.0 of the old strategy,” Tritak said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Corporate CEOs are becoming more aware of potential harm from cyberattacks, Tritak said. As dir. of CIAO, his job in essence is to sell importance of critical infrastructure protection to industry and, in some cases, govt. “We break the issues down to elements that are understandable by business,” he said. “It is now clear that industry and the private sector are on the front line of attack.” In wake of Sept. 11, CEOs are beginning to see that homeland security is business concern and have “greater appreciation” of security threat, he said. Terrorists pose greatest threat of physical attack, Tritak said, but hackers and others who would conduct cyberattacks could unleash great damage themselves.
CIAO is policy and planning side of federal critical infrastructure assurance efforts (where National Infrastructure Protection Center (NIPC) is “operational side,") Tritak said. Even term “protection” isn’t fully accurate for center’s mission, he said, as policies and procedures to ensure delivery of services infrastructure provides after potential disruption are part of focus, he said. “A good way to ensure the service is to protect the structure,” he said. Tritak said he spoke almost daily with NIPC Dir. Ronald Dick. CIAO has seat on President’s Critical Infrastructure Protection Board, established by Presidential order in Oct. CIAO facilitates Partnership for Critical Infrastructure Security, industry forum that examines critical infrastructure issues that cut across sectors. Many sectors -- including telecom, information technology, energy and financial services -- also have Information Sharing and Analysis Centers (ISACs), with which CIAO also interacts, he said. Tritak said he tried to raise awareness of ISACs -- which focus on industry-specific points of vulnerabilities for attacks and in some ISACs physical vulnerabilities as well -- when communicating with industry officials.
State and local govts. are getting good deal of attention from CIAO in its outreach efforts. CIAO co- sponsored forum in Feb. that drew wide range of state officers -- from legislators to first responders -- to Austin to share best practices and experiences. Three more such forums are planned for other locations. Their purpose isn’t just to communicate with state and locals, but also to learn from them, and Tritak said compendium of best practices was likely to emerge from Austin conference. CIAO is directing its attention toward civilian side of state and local govts., and he said state and local govts. already had proved they were well managed in infrastructure assurance from response to Sept. 11 attacks. State and local govt. officials already have emergency plans in place, he said, but many of them may not take into account potential that homeland can become “battlefield.” “State and locals need to look at what they're doing and take these new developments into account,” Tritak said. “And they are.” Also, state and local govts. are owners of many utilities and shoulder responsibility for assurance of service delivery, he said.
In addition to national strategy, CIAO is coordinating Project Matrix to map functions of federal govt. agencies, Tritak said, to determine where to focus resources for critical infrastructure protection. Agencies must identify their critical services and all functions and services that support them. Through that map, govt. officials know where to direct infrastructure assurance efforts, he said, but project doesn’t assess vulnerabilities. In fact, some of those services already have substantive protection, but systems that services rely on may not have such security, including information technology services. Tritak likened problem to one allies faced in World War II when trying to destroy German aircraft manufacturing ability. Despite bombing factories and other infrastructure deemed essential to aircraft manufacturing, Germany still was able to produce aircraft, sometimes from makeshift production lines in fields, he said. It wasn’t until Allies bombed only ball- bearing manufacturing plant in Germany that aircraft production was halted, Tritak said. While security may be sufficient in some places, he said, such “down-the-line” vulnerabilities could take a toll, and those vulnerabilities can include network attacks.