Förderverein Informationstechnik und Gesellschaft
8 January 2000. Thanks to Will Rodger.
Source: Digital file in .DOC format released by The White House,
January 7, 2000, 33 pages hardcopy.
This file is available Zipped: http://cryptome.org/cybersec-plan.zip (32K)
See related White House press briefing: http://cryptome.org/cybersec-wh.htm (38K)
NATIONAL PLAN FOR
INFORMATION SYSTEMS PROTECTION
TABLE OF CONTENTS
Message from the President
Message from the National Coordinator
Program 1: Identify Critical Infrastructure Assets and Shared Interdependencies and Address Vulnerabilities 7 Program 2: Detect Attacks and Unauthorized Intrusions 14 Program 3: Develop Robust Intelligence and Law Enforcement Capabilities to Protect Critical Information Systems, Consistent with Law 17 Program 4: Share Attack Warnings and Information in a Timely Manner 18 Program 5: Create Capabilities for Response, Reconstitution, and Recovery 23 Program 6: Enhance Research and Development in Support of Programs 1-5 25 Program 7: Train and Employ Adequate Numbers of Information Security Specialists 28 Program 8: Conduct Outreach to Make Americans Aware of the Need for Improved Cyber-Security 30 Program 9: Adopt Legislation and Appropriations in Support of Programs 1-8 31 Program 10: In Every Step and Component of the Plan, Ensure the Full Protection of American Citizens' Civil Liberties, Their Rights to Privacy, and Their Rights to the Protection of Proprietary Data 32
THE WHITE HOUSE
In less than one generation, the information revolution and the introduction of the computer into virtually every dimension of our society has changed how our economy works, how we provide for our national security, and how we structure our everyday lives. Whether we are simply turning on the lights in our homes, boarding a plane, or summoning help when a loved one falls ill, we are relying on one or more elaborate computer- driven systems. Similarly, many of our most sophisticated defense systems rely on commercial power, communications, and transportation, which are also computer-controlled. In the future, computer-related technologies will continue to open new vistas of opportunity for the American people.
Yet this new age of promise carries within it peril. All computer-driven systems are vulnerable to intrusion and destruction. A concerted attack on the computers of any one of our key economic sectors or governmental agencies could have catastrophic affects.
We know that the threat is real. Where once our opponents relied exclusively on bombs and bullets, hostile powers and terrorists can now turn a laptop computer into a potent weapon capable of doing enormous damage. If we are to continue to enjoy the benefits of the Information Age, preserve our security, and safeguard our economic well-being, we must protect our critical computer-controlled systems from attack.
That is a major reason why, after reviewing the report of the President's Commission on Critical Infrastructure Protection, I issued Presidential Decision Directive 63 in May 1998. This directive requires that the Executive Branch assess the cyber vulnerabilities of the Nation's critical infrastructures -- information and communications, energy, banking and finance, transportation, water supply, emergency services, and public health, as well as those authorities responsible for the continuity of federal, state, and local governments. The directive places special emphasis on protection of the government's own critical assets from cyber attack and the need to remedy deficiencies in order to become a model of information security. The directive also calls for the Federal Government to produce a detailed Plan to protect and defend America against cyber disruptions.
The National Plan for Information Systems Protection is the first major element of a more comprehensive effort. The Plan for cyber defense will evolve and be updated as we deepen our knowledge of our vulnerabilities and the emerging threats. It presents a comprehensive vision creating the necessary safeguards to protect the critical sectors of our economy, national security, public health, and safety.
For this Plan to succeed, government and the private sector must work together in a partnership unlike any we have seen before. This effort will only succeed if our Nation as a whole rises to this challenge. Therefore, I have asked the members of my Cabinet to work closely with representatives of the private sector industries and public services that operate our critical infrastructures. We cannot mandate our goals through Government regulation. Each sector must decide for itself what practices, procedures, and standards are necessary for it to protect its key systems. As part of this partnership, the Federal Government stands ready to help.
The Federal Government does, however, have an important role to play itself. This includes research and development efforts in the field of computer security, educating a corps of young computer scientists to help defend our federal cyber systems, and assisting the private sector as it creates defensive measures for its information technoloqies.
As we move forward in this effort, all Americans should know that increasing our computer defenses cannot and will not come at the expense of our civil liberties. We must never undermine the very freedoms we are seeking to protect.
The milestones I have established in the Plan are ambitious. Achieving them will require the continuing commitment of our national leadership, intense public-private cooperation, and the legislation and appropriations necessary to bring them to realization. However, it is an essential undertaking that we must begin now, so that we can continue to enjoy the extraordinary opportunities of the Information Age and create the security we require for our prosperity and growth in the next century.
[Signature Bill Clinton]