THE WHITE HOUSE
Office of the Press Secretary
PRESIDENT CLINTON AND VICE PRESIDENT GORE: PROMOTING CYBER SECURITY FOR THE 21ST CENTURY January 7, 2000
Today, President Clinton launches the National Plan for Information Systems Protection and announces new budget proposals for initiatives to strengthen America's defenses against the emerging threats posed to our critical infrastructure, computer systems, and networks.
The United States has benefited form the most advanced information technology (IT) infrastructure in the world. This same IT infrastructure, however, makes us particularly vulnerable to cyber attack. The most vital sectors of our economy -- power generation, telecommunications, banking and finance, transportation and emergency services -- are potentially susceptible to disruptions from hackers, terrorists, criminals or nation states. President Clinton has increased funding on critical infrastructure substantially over the past three years, including a 16% increase in the FY2001 budget proposal to $2.03 billion. He has also developed and funded new initiatives to defend the nation's computer systems from cyber attack. To jumpstart the FY01 program initiatives, the President will also propose a $9 million supplemental this spring.
In the 18 months since the President signed Presidential Decision Directive 63, we have made significant progress in protecting our critical infrastructures. Last year the President called for the development of a National Plan to serve as a blueprint for establishing a critical infrastructure protection (CIP) capability. Version One, the "National Plan for Information Systems Protection," was released today. It is called Version One and invites a national dialogue leading to future editions. This plan lays out two broad goals: the establishment of the U.S. government as a model of information security, and the development of a public-private partnership to defend our national infrastructures.
The Federal Government as a Model of Information Security. The Clinton
has developed and provided full or pilot funding for the following key
initiatives designed to protect the federal government's computer systems:
- Working to Recruit, Train and Retain Federal IT Experts. We have
developed and provided FY2001 funding for a Federal Cyber
ServicesTraining and Education initiative led by OPM and NSF which calls
for two programs: the first is an ROTC-like program where we pay for IT
education (B.S. or M.S.) in exchange for federal service; and the second
is a program to establish competencies and certifyour existing IT
workforce. ($25 million)
- Conducting federal agency vulnerability analyses and developing agency CIP plans. Federal agencies have all developed CIP plans, and these have been reviewed by a newly created "Expert Review Team" (ERT) of federal computer security experts. We have also established the ERT as a permanent team (at the Commerce Department's NIST), with funding lines in FY2000 and 2001. ($5 million)
- Designing a Federal Intrusion Detection Network (FIDNET). To protect vital systems in Federal civilian agencies, we are providing funding for development of a cyber "burglar alarm" which alerts the federal government to cyber attacks, provides recommended defenses, establishes information security readiness levels, and ensures the rapid implementation of system "patches" for known software defects. ($10 million)
- Piloting Public Key Infrastructure Models. The Clinton Administration is funding seven PKI pilot programs in FY2001 at different federal agencies. ($7 million) - Developing Federal R&D Efforts. In addition to the Institute, we have worked to ensure that R&D investments in computer security will grow more then 35% in the FY2001 budget. ($621 million)
Building the Public-Private Partnership. The President is committed to
building partnerships with the private sector to protect our computer
networks through the following initiatives:
- Institute for Information Infrastructure Protection. Building on a
Science Advisory Panel, we are proposing to create an Information
Infrastructure Institute which would combine federal and private sector
energies to fill the gaps in critical infrastructure R&D that are not
now being meet in the private sector or the Department of Defense. It
would also provide demonstration and development support in key areas
like benchmarks and standards, and curriculum development. ($50m)
- Partnership for Critical Infrastructure Security. This alliance of
more than ninety Fortune 500 companies is spearheaded by Secretary Daley
and had a successful kickoff in New York on December 8th. We will build
on this partnership to provide public education and cooperation with the
private sector on a wide variety of information security issues
- Information Sharing and Analysis Centers (ISACs). Two of the
proposed six private sector computer security centers have been
established (banking and finance and telecommunications). We
are working with the other four sectors to get their proposed ISACs
operational in 2000.
- National Infrastructure Assurance Council. The President signed an Executive Order creating this advisory Council, last year. Its members are now being recruited from senior ranks of the IT industry, key sectors of the corporate economy, and academia.