Background
Presidential
Decision Directive (PDD) 63, May 1998, calls for a national effort
to assure the security of the nation's critical infrastructures.
Critical infrastructures are those physical and cyber-based systems essential
to the minimum operations of the economy and Government and include, but
are not limited to, telecommunications, banking and finance, energy, transportation,
and essential Government services. Based on a proposal from Russell
Rau, FAEC Chair, the PCIE/ECIE working group on critical infrastructure
assurance was established and a PCIE-wide review of critical infrastructure
assurance was initiated.
Roles/Responsibilities
Our goal is the broadest possible participation within the OIG community.
The PCIE/ECIE Working Group will have overall responsibility for developing
the review guides; coordinating the efforts of participating OIG’s; preparing
and issuing consolidated reports for the PCIE that summarize the results
of individual agency reviews and make Government-wide recommendations,
as appropriate; and conducting follow-up work regarding recommendations
made in the consolidated reports. Participating OIG’s will be responsible
for "scoping" their reviews, performing review work at their respective
agencies, and providing the PCIE/ECIE Working Group with summaries of the
review results. Participants will issue reports to their respective
agencies.
Review Objectives
Participating OIG's will review the adequacy of critical infrastructure
protection programs at Federal agencies, and the PCIE will issue an overall
report summarizing national policy issues identified during the review.
The review will consist of four phases:
Phase I: Planning and assessment activities for protecting critical, cyber-based infrastructure, including the adequacy of agency plans, asset identification efforts, and initial vulnerability assessments.Milestones:Phase II: Implementation activities for protecting critical, cyber-based infrastructure, including the adequacy of risk mitigation; emergency management; interagency coordination; resource and organizational requirements; and recruitment, education, and awareness.
Phase III: Planning and assessment activities for protecting critical physical infrastructure, including the adequacy of agency plans, asset identification efforts, and vulnerability assessments.
Phase IV: Implementation activities for protecting critical physical infrastructure, including risk mitigation; emergency management; interagency coordination; resource and organizational requirements; and recruitment, education, and awareness.
Meetings and Points of Contact
The initiative is headed by the National Aeronautics and Space Administration
(NASA) OIG. Call or e-mail David
Gandrud at (650) 604-2672, or
Roger
Flann at (818) 354-9755 for additional information. Click
here for PCIE/ECIE PDD 63 Points of Contact.
A “kickoff” meeting was held on November 17, 1999, and included presentations from the General Accounting Office, the Critical Infrastructure Assurance Office and the National Infrastructure Protection Center. Click here for minutes.
Links to Related Information
National
Plan for Defending America's Cyberspace: On January 7, 2000,
President Clinton announced new steps to protect America's computer systems
from hackers and viruses, in the National Plan for Defending America's
Cyberspace. This plan presents a comprehensive vision creating the
necessary safeguards to protect the critical sectors of our economy, national
security, public health, and safety.
On February 1, 2000, the Senate Judiciary Subcommittee on Technology, Terrorism and Government Information held a hearing on the National Protection Plan and its Privacy Implications. The report of the hearing can be accessed from the U.S. General Services Administration Legislation and Regulations web page.
The Critical Infrastructure Assurance Office has issued Practices for Security Critical Information Assets (January 2000) to provide initial guidance to Federal agencies in developing and implementing information security policy
White House Facts Sheets
Strengthening
Cyber Security through Public-Private Partnership. On February
15, 2000, President Clinton met with leaders of Internet and e-commerce
companies, civil liberties organizations, and security experts to jointly
announce actions strengthening Internet and computer network security.
Cyber Security Budget Initiatives. On February 15, 2000, the Clinton Administration announced its ongoing, aggressive support for protecting critical infrastructures through the budget process. Funding on critical infrastructure has substantially increased over the past three years including funding for new initiatives to defend the nation's computer systems from malicious cyber activity.
Action by Federal Agencies to Safeguard Against Internet Attacks. On March 3, 2000, President Clinton requested that each Agency renew their efforts to safeguard their computer systems against denial-of-service attacks on the Internet. The Chief of Staff will coordinate a review of Federal Government vulnerabilities in this regard and issue a report by April 1.
Related Legislation
S.1993. "Government Information Security Act of
1999." A bill to reform Government information security by strengthening
information security practices throughout the Federal Government was introduced
in the Senate by Senator Fred Thompson (R - TN) on November 19, 1999.