WHITE HOUSE STRESSES INDUSTRY ROLE IN STEMMING TERRORISM
White House cybersecurity adviser urged telecom and Internet executives Fri. to move quickly to identify network vulnerabilities and fix them before terrorists attacked again. Speaking at first meeting of revamped Network Reliability & Interoperability Council (NRIC), Richard Clarke, cybersecurity adviser to President Bush, urged infrastructure industry not to put off vulnerability fixes because of concerns about cost. “Come up with the vulnerabilities and the cost of fixes and then talk to us about it,” Clarke said. Some costs might be considered eligible for federal reimbursement, he said. “There are severe vulnerabilities in the Internet,” he warned: “Don’t wait for the threat. Don’t say you can’t afford it. Let’s talk.” Stressing value of communications infrastructure to economy, Clarke urged executives to remember “we have enemies, our enemies are smart, they understand our technology and can use it against us.”
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
About 60 NRIC members, many of them CEOs or other high- level corporate or govt. representatives, circled huge table that filled up nearly half of FCC’s meeting room. “This is going to be an interesting year,” said Qwest CEO Joseph Nacchio, this year’s NRIC chmn. While NRIC will continue to deal with traditional interoperability concerns, “the hallmark of this year will be homeland security,” he said. Once wireline group concerned about reliability after AT&T divestiture in 1984, NRIC now includes representatives of wireline, wireless, satellite, Internet and other infrastructure industries.
Group recently adopted new charter that reflected emphasis on homeland security, both prevention of disruptions and restoration in event of attack. NRIC plans to assess vulnerabilities in public networks and Internet and determine how best to deal with them to prevent disruption. It also will survey current disaster recovery mechanisms used by companies, including “mutual aid agreements” and from them develop list of best practices. “Welcome to what might be one of the most important NRICs that ever existed,” FCC Chmn. Powell said: “Our mission is somewhat urgent. This is about making life secure for the American citizen, which makes this mission noble and critical.”
Internet and telecom infrastructure “undergirds our economy,” providing conduit for nearly every industry and govt. unit, said John Tritak, dir. of Critical Infrastructure Assurance Office (CIAO). Importance of infrastructure to govt. security efforts “doesn’t necessarily mean more regulation,” he said. “It means industry taking a role in telling government how to do the job better.” Terrorists “exploit vulnerabilities where they find them” and on Internet “the tools of destruction are widely distributed and potentially more serious,” he warned. Clarke said inherent security risk of Internet is fact that “no one owns the Internet so no one is responsible.” Challenge is to “find a way we can all pay the cost of securing what we're all dependent on,” he said.
One undercurrent of discussion was attendees’ concern about public nature of NRIC’s proceedings. Several indicated they were hesitant to share proprietary information with group because such information would be subject to public release under Freedom of Information Act. NRIC is FCC advisory committee. “We are in the public domain, subject to FOIA and that might seem countersecure,” Nacchio said. Representative of National Communications System said: “We need to determine how we can share and still protect information.”
Powell urged participants to “give us an opportunity to work out this problem.” NRIC has to have information on network vulnerabilities and strengths, he said. He reminded group that industry had similar concerns during Y2K project “but we found a way” to protect information. Rather than refusing to provide data, “let us get an umbrella to make this usable information,” he urged the companies: “There are more ways than you think for sharing information.” Clarke said he believed such information already was exempted from FOIA. If executives are in doubt, they should support legislation on Capitol Hill to deal with information security issue, he said. “You can’t simultaneously tell us you won’t share information [because of FOIA concerns] and then not do something to get protection from the FOIA [such as supporting legislation],” he told executives.
Clarke also suggested that Nacchio, who also is chmn. of National Security Telecom Advisory Committee (NSTAC), consider ways to “mesh” 2 groups so President and FCC’s Powell can get more coordinated advice. Nacchio said he would look into ways to make information flow more efficient. NSTAC, made up of executives of telecom and information technology industries, also makes recommendations to Administration.