Home National
Communications System Meeting the Challenge of the Information Age Prepared Remarks of Dr. Condoleezza Rice, National Security Advisor to President George W. Bush, before the Executive Session of the President’s National Security Telecommunications Advisory Committee (NSTAC), Washington, D.C., June 6, 2001. Thank you Dan (Daniel P. Burnham, NSTAC Chair and Chairman, President and Chief Executive Officer of Raytheon Company), for that kind introduction. I want to thank you for your leadership in chairing NSTAC. I also want to thank members of the Industry Executive Subcommittee – IES – for their service. Finally, let me thank [Lieutenant] General [Harry D.] Raduege for his leadership of the Defense Information Security Agency and as Director of the National Communications System. I know this morning Dick [Richard Clarke the National Security Council (NSC) National Coordinator for Security, Infrastructure Protection and Counter-terrorism] led you through a series of briefings and discussions on some key issues facing us today -- everything from large-scale denial of service attacks to information sharing. I know you’ll hear about our efforts to develop a National Plan in partnership with the private sector. This afternoon, I would like to offer a preview of how the Administration is seeking to organize the U.S. Government’s critical infrastructure protection efforts -- and how NSTAC fits into our overall strategy. The President has been on record for some time now as stating that infrastructure protection will be a priority for this Administration. Today, this simple statement sounds very matter-of-fact. A sense of, “of course it will be a priority – it has to be.” But just a few years ago, it would have elicited a response more along the lines of, “what are you talking about?” Certainly, the “Internet” and “cyber security” were not terms that were thrown around a lot in the graduate seminars I took studying international relations, or even during my first stint at the NSC 10 years ago. Today, of course, information technology is simply ubiquitous throughout our lives and our economy. Government has always had a responsibility for protecting critical infrastructure, such as dams and power plants. Today, that circle of protection must include critical information infrastructures as well. But I don’t mind being frank with you today in saying that efforts by the U.S. Government to protect this infrastructure have not kept pace with the Government and the private sector’s increased dependence upon it. I join those who note that the Government could not possibly keep pace with the rapid technological advances of the private sector -- where computing power has doubled every 14 months and communications now occur literally at light speed. But this does not relieve the Government from its obligation to create a framework for addressing critical infrastructure protection. Like any revolution, we don’t know and can’t know where the IT [information technology] revolution is taking us. But we do know that protecting critical infrastructure is a challenge that is “here and now” – a fact driven home every time a new virus sweeps the country and every time a new report comes out telling us how many hundreds of millions of dollars U.S. corporations are losing from electronic break-ins. As we think about how to organize the Government’s efforts to protect our information infrastructure, I think it’s useful to break the issue down into three parts. First, we should think about the trends inherent to the IT revolution. Second, we should think about what’s inherent to efforts to protect critical infrastructure. And finally, what should our key objectives be? Oddly, the first set of issues might be the easiest. We may not have a good handle on where IT revolution is ultimately leading, but in a sense, we do know what we need to know. We know that the revolution is ongoing and dynamic. We know we can expect significant technological advances – in computing, in communications, in networking. We know these advances will come sooner than we think. We know that Government, industry, and individuals will become even more dependent on IT and more connected. And we know that the IT revolution is both hidden and obvious. We hear cell phones ring, modems connect, and see people use laptops and PDAs [Personal Digital Assistants]. But we don’t necessarily see or think about the IT infrastructure below the surface. Virtually every vital service -- from water supply to public health -- relies on IT infrastructure, giving our whole existence a certain Disneyland quality: above ground all the rides and characters are in place and the music is on cue; back behind the wall or underground, however, are the critical operations and systems that we never think about. What do we know about protecting those critical operations and systems? We know, for starters, that it’s a big and complicated business. It is not just key sectors of our economy that we have worry about, it is also our national security institutions and Federal civilian agencies. And each of these constituencies face problems that are different and related at the same time. DOD and Treasury both rely on telecommunications, but they also have concerns that are uniquely theirs. So no one economic sector or corner of the Government can handle the problem or be absolved from responsibility. That is why there is no single “silver bullet” -- technical or otherwise -- that is going to solve all our problems. It’s not just firewalls and passwords. It’s not just system reliability, information security, physical security, best practices or the ability to reconstitute critical operations quickly. It’s all these things, a combination of the right technology, the right policies, the right training, and the right personnel. It is clear to anyone who gives it just a little bit of thought that meeting this challenge is not something that government can do alone. This makes it very unlike traditional national security issues. You are the owners and operators of over 80 percent of our critical infrastructure. Government can only address this issue in partnership with you and others in private sector. Moreover, our collaboration needs to encompass efforts at both the Federal and state levels and efforts within and among various sectors of the economy. What we are talking about is a collaborative partnership between the public and private sectors that is unprecedented in our history. It is a unique problem and it is going to require a unique solution. In forging that solution, I think our fundamental objectives are straightforward. If we face a significant breakdown or attack we need to ensure that critical, minimal national security, economic, and state and local operations can go forward. In general, we need to ensure that any disruptions are short in duration and limited in scale. And if we fail in preventing a major breakdown, we need to make sure we have the ability to reconstitute and restore critical services. In some ways, protecting our critical infrastructure is a classic national security problem. We want to deter attacks against us through preventive measures. But deterrence may not always work in cyberspace. And we have to be prepared for that day. Today’s adversaries may be almost undetectable, attacking us through a series of hop points, including neutral countries or from within the United States. We also have to remember that the same technology that empowers us, empowers them. Let me offer a few ideas about how we should structure our solution. For starters, we don’t believe an infrastructure protection czar would work. It would absolve agencies from responsibility -- something we cannot afford. Likewise, we cannot hand-off all responsibilities to an existing Government agency or create a new one to handle the problem. We also do not think that regulation is the answer. We learned in addressing the Y2K problem that there is a lot that Government and industry can accomplish if we work together, build partnerships, and encourage best practices. We should apply those lessons here. We think that the best approach has to be one that is aware of and somehow brings in the protection activities going on across all the constituencies – in national security agencies, civilian agencies, state and local agencies, and the private sector. We think the best way to realize such an approach is through a corporate board structure. All key Government agencies would be represented on the board. Key private sector entities -- such as NSTAC -- would also be represented. And the board’s chair would ensure proper coordination among agencies and with the private sector. A series of subcommittees chaired by appropriate agencies would handle particular concerns and constituencies. DOD, for example, would chair the committee addressing national security issues. Commerce would head up private sector outreach efforts. We believe that such a board structure offers the best way to build a flexible, inclusive framework. It would keep each agency on the hook for securing its own systems. But it would also provide a vehicle for coordinating across agencies and between the public and private sectors. I see NSTAC having an important role in such a new structure. You are uniquely positioned to help our Nation meet this challenge. You are the owners and operators of key telecommunications and IT companies. Your membership in many ways is the engine of the IT revolution you helped to start. You provide the networks, hardware, and software that link us together. We need NSTAC. We need your advice, your ideas, and the hard work we know you do for free. When our new structure is up and running, you will have a place at the table. Dean Acheson wrote in his memoirs of being “present
at the creation” of the strategy and structures that guided our
efforts to meet the challenges of what was then called the “Atomic
Age.” All of us here today will be able to speak of being “present
at the creation” of the strategy and structures that guide our
efforts to meet the challenge of the Information Age. Armed with a clear
vision, good judgment, and a willingness to work hard, I trust that
we will be able to conclude the narrative in a fashion that is equally
satisfactory. Thank you very much. Published for internal information use by the National Communications System. Parenthetical entries are speaker/author notes; bracketed entries are editorial notes. This material is in the public domain and may be reprinted without permission.
Questions or comments concerning this site? Please contact the webmaster. Reviewed December 07, 2006 |
               
|
