line1

line2line3

line4

-- Dave Mueller (dmueller@bellatlantic.net), February 28, 2001

Answers

March 1, 2001

Chairmen Seek Budget Hikes

By Lauren W. Whittington and Paul Kane

Following the first major turnover of committee gavels since Republicans regained control of the House, GOP chairmen are requesting a dramatic increase in panel funding levels for the 107th Congress.

Overall, chairmen are asking for approximately $224 million in funding, an increase of about 24 percent over what they received last Congress. The House Administration Committee meets today to begin consideration of the budget requests.

The marked increase in funds requested by most committees can in part be attributed to a change in jurisdiction involving two panels and technology upgrades that are planned for some committee rooms.

The highest funding increase request was made by Financial Services Chairman Mike Oxley (R-Ohio), who is seeking a 62 percent raise in funding over what the former Banking and Financial Services Committee received last year.

Although he had not had a chance to look at specific numbers yet, House Administration Chairman Bob Ney (R-Ohio) said there was one thing all committee budgets had in common: "People are asking for increases - I know that."

The requests come on the heels of President Bush's call for restrained federal spending during an address to the nation Tuesday night, when he pledged to vigilantly control the growth rate of government expenditures. Citing an 8 percent increase in overall federal spending last year, Bush proposed that funding levels be held to 4 percent this year.

Armed Services and Rules are the only two committees requesting funding increases of less than 10 percent. By far, Oxley's panel is asking for the sharpest increase.

"The entire portfolio of securities and insurance jurisdiction has been transferred to this committee, and so obviously we're going to have to meet those responsibilities," Oxley spokeswoman Peggy Peterson said.

Meanwhile, Energy and Commerce Chairman Billy Tauzin (R-La.) said the jurisdictional change did not impact his budget this year, although some of his panel's turf has been given to Financial Services.

Nonetheless, Tauzin is seeking a 23 percent increase, primarily to improve technology in the committee's hearing room. He said the panel is currently a "high-tech committee" with a "low-tech committee room."

When asked about committee funding, Speaker Dennis Hastert (R-Ill.) said he hasn't yet reviewed the requests, but signaled that he would support spending increases for Energy and Commerce and the Science panel for facility upgrades.

Jeff Lungren, spokesman for Judiciary Chairman James Sensenbrenner (R-Wis.), said the 27 percent increase in funding requested by his boss was driven largely by technology improvements planned for the panel's committee room.

Committee room renovations include audio-visual enhancements such as the installation of state-of-the-art sound systems and teleconference capabilities.

Coming in second and third behind Oxley's request are Education and the Workforce Chairman John Boehner (R-Ohio) and Select Intelligence Chairman Porter Goss (R-Fla.), who are requesting increases of 46 and 45 percent, respectively.

Ways and Means Chairman Bill Thomas (R-Calif.) said his $16 million request, a 35 percent increase, hinges on the costs of hiring new staff and implementing the President's tax cut.

"Do me a favor - do a content analysis of the President's speech," Thomas said in an interview following Bush's address. "Ask me how many lines were devoted to issues that are in front of the Ways and Means Committee and how many lines were devoted to other committees' jurisdiction. After you do that, you'll fully appreciate why I've asked for more money."

Another factor affecting committee budgets is the bipartisan push to implement a funding ratio that would give Democrats on all committees the ability to control at least a third of panel resources. Ney supports the measure and said efforts to have all chairmen implement the ratio are going well.

"I've personally talked to a lot of chairmen,"Ney said. "We're striving very hard, and so is the Speaker, and so is [House Administration ranking member Steny] Hoyer [D-Md.], to get to one-third."

Both Thomas and Boehner have implemented the 2/3-1/3 ratio on their panels, although it may take some time before Democrats begin to see the benefits.

"There will be a little transition period because there was some shared staff, and we're figuring out how to allocate those so [ranking member Charlie Rangel (D-N.Y.)] can have complete one-third resource control," Thomas said.

As for his committee, Boehner said, "It's something I fought for when I was in the minority. It's something that I believed in when we took the majority and it's something I think every committee ought to do. The Democrats have been treated much more fairly than we were ever treated [in the minority]."

Ney has asked Democrats to provide a list of the committees they believe have reached the 1/3 ratio and those that are still lacking.

"It would be unfair for me to say what the third is," Ney said. "It needs to come from them because my perception of budget numbers may not be their perception. It's only fair."

Ney said he and his staff are communicating "by the hour" with Hoyer and the minority staff. The committee funding issue must be wrapped up by the end of March.

Even with the enormity of their requests, it is unlikely that committees will see much of what they are seeking. At the beginning of the 106th Congress, committee chairmen requested about $188.5 million and received around $180 million, a 3 percent increase.

When asked if he thought he would get the full amount he sought, Thomas replied, "Probably not."But he insisted that his initial request was not intended as a bargaining chip.

"I laid out a budget that I thought was appropriate, [and] I asked for the number of staff that I thought was appropriate," Thomas said. "I'm hopeful that since they know me, they will try to give me what I asked for."

"I didn't ask for more than I needed hoping that we would negotiate down," he continued. "I don't operate that way."

Thomas, who sat on House Administration for 20 years and served as chairman for the past six, said defending his budget in front of the committee will be quite a change.

"It's going to be different," Thomas said. "I'm going to be sitting at a lower level than I usually do when we talk about budget."

Meanwhile, across the Capitol, negotiations over committee structures began to reap some dividends, with even the most troublesome Senate panels showing signs of progress. Senate leaders grew increasingly optimistic Wednesday that a comprehensive deal would be reached this week on a two-year authorization for committee funding.

"It's really going pretty well, so I don't see it as too much of a problem," Senate Minority Leader Thomas Daschle (D-S.D.) said after emerging from a meeting of ranking members.

The current authorization for Senate committees expired at midnight, prompting the Senate to prepare a continuing resolution to keep the panels going for the next 10 days, according to Democratic and Republican aides.

Daschle, who focused the ranking-member meeting almost entirely on committee funding, said "less than a handful" of panels had still not agreed on the details of implementing the 50-50 power-sharing deal that he and Majority Leader Trent Lott (R-Miss.) reached in early January.

The trouble spots appear to be Intelligence and Judiciary, among others.

At Judiciary, Democrats say the two sides remain far apart. Over two days of marking up the bankruptcy bill this week, Sen. Patrick Leahy (D-Vt.), the ranking member, repeatedly protested that there had not been any substantial negotiations over the power-sharing deal.

Leahy noted that he felt Democrats had been very accommodating during the nomination of Attorney General John Ashcroft and the bankruptcy debate and that they expect Republicans to reciprocate on the committee structure.

"He signaled this is the end of the road for cooperation from Democrats," said one Democratic committee aide.

Judiciary Chairman Orrin Hatch (R-Utah) vowed to set up a meeting with Leahy to discuss the matter, but as of late Wednesday no timetable had been set for a Hatch-Leahy meeting.

And Republican aides privately characterized Judiciary as much closer to finalizing a deal than Leahy and the Democrats have portrayed the situation. Jeanne Lopatto, Hatch's spokeswoman, noted that staff have been meeting on the issue every day, describing it as a "painstaking process."

"There have been meetings on this almost every day. We are working on this," she said.

Tensions appeared to be deflating at Intelligence, which had previously been marked by the most contentious fight over staffing, with Republicans claiming the equal split in workers promised in the 50-50 deal didn't apply to the technically non-partisan committee.

Sen. Bob Graham (D-Fla.), the ranking member, declined to talk about the specifics of his negotiations with Intelligence Chairman Richard Shelby (R-Ala.) because they are so close to a final deal. "It's possible that we'll wrap it up in the next 24 to 48 hours," he said.

John Bresnahan and Ben Pershing contributed to this report.

Current News Index
Back To Top		Home

-- mugb (ikhv @jho.com), March 04, 2001.

We also have to remember that the same technology that empowers us, empowers America's adversaries. And our very dominance in conventional military strength, may make those adversaries turn to unconventional battlefields such as cyberspace In short, it is just not clear that we can count on deterrence to work in this context. That means we have to be prepared for scenarios where we have to restore and reconstitute critical operations quickly once they've been disrupted. And here again, this is not something that government can tackle on its own. We need to work hand in hand with the private sector. In short, we need you.

Finally, I think it is clear that if there was ever a challenge that called upon us to think anew -- and not be afraid to break old paradigms -- this is it. We need to think seriously about how we can build security into the next generation of IT networks -- security that is not an appendage or an afterthought, but an integral part of the network. We need to think seriously about how privacy rights and cyber security measures overlap and intersect -- not just how they conflict.

We have a big job ahead of us. But for all the differences between this national security challenge and other challenges our nation has faced in the past, I still think the similarities win out. We still need dedication to the principles of freedom that define our very nationhood. We still need decisiveness. And we still need the best thinking our nation has to offer -- both in and out of government.

Dean Acheson wrote in his memoirs of being "present at the creation" of the strategy and structures that guided our efforts to meet the challenges of what was then called the "Atomic Age." All of us here today will be able to speak of being "present at the creation" of the strategy and structures that guide our efforts to meet the challenge of the Information Age. Armed with a clear vision, a judicious temperament, and a strong heart, I trust that we will be able to conclude the narrative in a fashion that is equally satisfactory.

-- dynjtb (grvad@fy5v.wyu), March 25, 2001.

We also have to remember that the same technology that empowers us, empowers America's adversaries. And our very dominance in conventional military strength, may make those adversaries turn to unconventional battlefields such as cyberspace In short, it is just not clear that we can count on deterrence to work in this context. That means we have to be prepared for scenarios where we have to restore and reconstitute critical operations quickly once they've been disrupted. And here again, this is not something that government can tackle on its own. We need to work hand in hand with the private sector. In short, we need you.

Finally, I think it is clear that if there was ever a challenge that called upon us to think anew -- and not be afraid to break old paradigms -- this is it. We need to think seriously about how we can build security into the next generation of IT networks -- security that is not an appendage or an afterthought, but an integral part of the network. We need to think seriously about how privacy rights and cyber security measures overlap and intersect -- not just how they conflict.

We have a big job ahead of us. But for all the differences between this national security challenge and other challenges our nation has faced in the past, I still think the similarities win out. We still need dedication to the principles of freedom that define our very nationhood. We still need decisiveness. And we still need the best thinking our nation has to offer -- both in and out of government.

Dean Acheson wrote in his memoirs of being "present at the creation" of the strategy and structures that guided our efforts to meet the challenges of what was then called the "Atomic Age." All of us here today will be able to speak of being "present at the creation" of the strategy and structures that guide our efforts to meet the challenge of the Information Age. Armed with a clear vision, a judicious temperament, and a strong heart, I trust that we will be able to conclude the narrative in a fashion that is equally satisfactory.

-- dynjtb (grvad@fy5v.wyu), March 25, 2001.

WASHINGTON, March 22 /U.S. Newswire/ -- The following are remarks by Condoleezza Rice, assistant to the President for national security affairs, at the Partnership for Critical Infrastructure annual meeting, as prepared for delivery:

U.S. CHAMBER OF COMMERCE WASHINGTON, D.C. MARCH 22, 2001 "Understanding Risk and U.S. Economic Security"

It is truly a pleasure to have this opportunity to talk with you this morning. I don't accept very many of the hundreds of speaking invitations that come across my desk. But Dick Clarke didn't have to twist my arm very hard to persuade me to come here. That's because critical infrastructure protection is a critically important

issue -- one that is squarely on our radar screen at the National Security Council. The President himself is on record as stating that infrastructure protection is important "to (our) economy and (our) national security, and it will be a priority for my Administration."

Just a few years ago, this would have been a very surprising, or at least very odd-sounding statement. Certainly, the "Internet" and "cyber security" were not terms that were used a lot when I was in graduate school studying international relations, or even during my first stint at the NSC ten years ago. Today, it's not much of a stretch to say that you can't get out of bed in the morning without relying on information technology. I know from my own experience as provost at Stanford University that large institutions could not function without information technology -- it is simply ubiquitous. And it is often taken for granted -- even though it is clear we cannot afford to. Today, the cyber economy is the economy. And I don't mean the dot coms. I mean virtually every vital service -- water supply, transportation, energy, banking and finance, telecommunications, public health. All of these rely upon computers and the fiber-optic lines, switchers and routers that connect them. Corrupt those networks, and you disrupt the nation. It is a paradox of our times: the very technology that makes our economy so dynamic and our military forces so dominating -- also makes us more vulnerable. As the President's National Security Advisor, I have to worry about that vulnerability. But each corporate CEO has to worry about the fact that a much smaller cyber attack than on the U.S. could place the very existence of your company at issue.

Our gaming exercises have told us for some time now that a few well-organized hackers could disrupt everything from our power lines to our 911 systems. And everyday it is driven home to us that the threat is not just theoretical -- whether it be a new virus that sweeps across the country or a new report like the one last week from the Computer Security Institute that told us that 85 percent of large corporations and government agencies detected security breaches in the last 12 months. Financial losses from these electronic break-ins totaled almost $400 million dollars -- a 40 percent jump from the year before. Remember too that these are only the breaches that were reported.

The government's responsibility for shoring up this vulnerability is both internal and external. Government has a direct responsibility to ensure that it can deliver its our core competencies -- like national defense and public safety. There is also a more general responsibility to ensure the smooth functioning of the economy. Government has always acknowledged a responsibility for protecting critical infrastructure, such as dams and power plants. Now that circle is enlarged to include critical information infrastructures as well.

But it is clear to anyone who gives it just a little bit of thought that meeting this challenge is not something that government can do alone. Protecting our nation's critical infrastructure can only be done in concert with private industry. Moreover, this collaborative effort needs to encompass efforts at both the federal and state levels and within and among various sectors of the economy. What we are talking about is a collaborative partnership between the public and private sectors that is unprecedented in our history. It's a unique problem and it is going to require a unique solution.

And, of course, this is what makes this Partnership -- PCIS -- so important. You have set for yourself a task of uncommon difficulty -- the task of bringing together competitors, suppliers and users to reach consensus on how to think about and how to meet a challenge that affects all three groups differently. But it is even harder than that. Because ultimately, the consensus must not include just industry, but also the Executive Branch, the Congress and the American people.

The next version of the National Plan for Critical Infrastructure Assurance -- due out this summer -- will be the first integrated plan ever produced by any nation where government and industry are the authors and architects of their future course. I applaud the work this group is doing to contribute to this effort -- particularly the infrastructure sectors' work in preparing reports for incorporation into the plan.

Right now the Administration is conducting a thorough review of our critical infrastructure protection policy. But I would like to share with you this morning a few truths about this subject that we already know.

First, we know that that no single government agency can handle critical infrastructure assurance all by itself. All agencies are stakeholders and each has a role in the solution. But it is also true that we can't have as many solutions as there are Federal agencies. We have to coordinate among the government's naturally occurring stovepipes. We have to encourage common standards. We have maximized our resources and energies by making sure they are focused instead of allowing them to be dissipated through dispersal. We also have to make sure that the Federal government's organization provides for a common point of contact that is accessible to private sector, Congress and the American people.

Second, we need to build on the progress of the private sector, including the PCIS and the Information Sharing and Analysis Centers. The Federal Government's approach should strengthen our partnership with private industry. This does not mean regulation. < Font color="blue">Wanna bet?

Here's a point where I think our experience in addressing the Y2K problem is instructive. We learned in addressing that challenge that there is a lot that government and industry can accomplish if we work together, build partnerships, share information, and encourage best practices. We should apply those lessons here. Third, both the government and the private sector need to be prepared for the day when all our efforts won't be enough. In some ways, protecting our critical infrastructure is a classical national security problem. We want to deter action against us through prevention. Deterrence worked during the Cold War. It may not work here.

Unlike the Soviet Union, today's adversaries may not fit the classic game theory models. They may be a small, well-organized group that attacks us through a series of hop points, including neutral countries or from within the United States.

We also have to remember that the same technology that empowers us, empowers America's adversaries. And our very dominance in conventional military strength, may make those adversaries turn to unconventional battlefields such as cyberspace

In short, it is just not clear that we can count on deterrence to work in this context. That means we have to be prepared for scenarios where we have to restore and reconstitute critical operations quickly once they've been disrupted. And here again, this is not something that government can tackle on its own. We need to work hand in hand with the private sector. In short, we need you. Finally, I think it is clear that if there was ever a challenge that called upon us to think anew -- and not be afraid to break old paradigms -- this is it.

We need to think seriously about how we can build security into the next generation of IT networks -- security that is not an appendage or an afterthought, but an integral part of the network. We need to think seriously about how privacy rights and cyber security measures overlap and intersect -- not just how they conflict.

We have a big job ahead of us. But for all the differences between this national security challenge and other challenges our nation has faced in the past, I still think the similarities win out. We still need dedication to the principles of freedom that define our very nationhood. We still need decisiveness. another way of saying to do something that will not be welcomed with open arms! Going against the public's wishes! And we still need the best thinking our nation has to offer -- both in and out of government.

Dean Acheson wrote in his memoirs of being "present at the creation" of the strategy and structures that guided our efforts to meet the challenges of what was then called the "Atomic Age." All of us here today will be able to speak of being "present at the creation" of the strategy and structures that guide our efforts to meet the challenge of the Information Age. Armed with a clear vision, a judicious temperament, and a strong heart, I trust that we will be able to conclude the narrative in a fashion that is equally satisfactory.

-- (news@of.note)

-- f tq24t (ffweraf@yuied.com), March 25, 2001.

WASHINGTON, March 22 /U.S. Newswire/ -- The following are remarks by Condoleezza Rice, assistant to the President for national security affairs, at the Partnership for Critical Infrastructure annual meeting, as prepared for delivery:

U.S. CHAMBER OF COMMERCE WASHINGTON, D.C. MARCH 22, 2001 "Understanding Risk and U.S. Economic Security"

It is truly a pleasure to have this opportunity to talk with you this morning. I don't accept very many of the hundreds of speaking invitations that come across my desk. But Dick Clarke didn't have to twist my arm very hard to persuade me to come here. That's because critical infrastructure protection is a critically important

issue -- one that is squarely on our radar screen at the National Security Council. The President himself is on record as stating that infrastructure protection is important "to (our) economy and (our) national security, and it will be a priority for my Administration."

Just a few years ago, this would have been a very surprising, or at least very odd-sounding statement. Certainly, the "Internet" and "cyber security" were not terms that were used a lot when I was in graduate school studying international relations, or even during my first stint at the NSC ten years ago. Today, it's not much of a stretch to say that you can't get out of bed in the morning without relying on information technology. I know from my own experience as provost at Stanford University that large institutions could not function without information technology -- it is simply ubiquitous. And it is often taken for granted -- even though it is clear we cannot afford to. Today, the cyber economy is the economy. And I don't mean the dot coms. I mean virtually every vital service -- water supply, transportation, energy, banking and finance, telecommunications, public health. All of these rely upon computers and the fiber-optic lines, switchers and routers that connect them. Corrupt those networks, and you disrupt the nation. It is a paradox of our times: the very technology that makes our economy so dynamic and our military forces so dominating -- also makes us more vulnerable. As the President's National Security Advisor, I have to worry about that vulnerability. But each corporate CEO has to worry about the fact that a much smaller cyber attack than on the U.S. could place the very existence of your company at issue.

Our gaming exercises have told us for some time now that a few well-organized hackers could disrupt everything from our power lines to our 911 systems. And everyday it is driven home to us that the threat is not just theoretical -- whether it be a new virus that sweeps across the country or a new report like the one last week from the Computer Security Institute that told us that 85 percent of large corporations and government agencies detected security breaches in the last 12 months. Financial losses from these electronic break-ins totaled almost $400 million dollars -- a 40 percent jump from the year before. Remember too that these are only the breaches that were reported.

The government's responsibility for shoring up this vulnerability is both internal and external. Government has a direct responsibility to ensure that it can deliver its our core competencies -- like national defense and public safety. There is also a more general responsibility to ensure the smooth functioning of the economy. Government has always acknowledged a responsibility for protecting critical infrastructure, such as dams and power plants. Now that circle is enlarged to include critical information infrastructures as well.

But it is clear to anyone who gives it just a little bit of thought that meeting this challenge is not something that government can do alone. Protecting our nation's critical infrastructure can only be done in concert with private industry. Moreover, this collaborative effort needs to encompass efforts at both the federal and state levels and within and among various sectors of the economy. What we are talking about is a collaborative partnership between the public and private sectors that is unprecedented in our history. It's a unique problem and it is going to require a unique solution.

And, of course, this is what makes this Partnership -- PCIS -- so important. You have set for yourself a task of uncommon difficulty -- the task of bringing together competitors, suppliers and users to reach consensus on how to think about and how to meet a challenge that affects all three groups differently. But it is even harder than that. Because ultimately, the consensus must not include just industry, but also the Executive Branch, the Congress and the American people.

The next version of the National Plan for Critical Infrastructure Assurance -- due out this summer -- will be the first integrated plan ever produced by any nation where government and industry are the authors and architects of their future course. I applaud the work this group is doing to contribute to this effort -- particularly the infrastructure sectors' work in preparing reports for incorporation into the plan.

Right now the Administration is conducting a thorough review of our critical infrastructure protection policy. But I would like to share with you this morning a few truths about this subject that we already know.

First, we know that that no single government agency can handle critical infrastructure assurance all by itself. All agencies are stakeholders and each has a role in the solution. But it is also true that we can't have as many solutions as there are Federal agencies. We have to coordinate among the government's naturally occurring stovepipes. We have to encourage common standards. We have maximized our resources and energies by making sure they are focused instead of allowing them to be dissipated through dispersal. We also have to make sure that the Federal government's organization provides for a common point of contact that is accessible to private sector, Congress and the American people.

Second, we need to build on the progress of the private sector, including the PCIS and the Information Sharing and Analysis Centers. The Federal Government's approach should strengthen our partnership with private industry. This does not mean regulation. < Font color="blue">Wanna bet?

Here's a point where I think our experience in addressing the Y2K problem is instructive. We learned in addressing that challenge that there is a lot that government and industry can accomplish if we work together, build partnerships, share information, and encourage best practices. We should apply those lessons here.

Third, both the government and the private sector need to be prepared for the day when all our efforts won't be enough. In some ways, protecting our critical infrastructure is a classical national security problem. We want to deter action against us through prevention. Deterrence worked during the Cold War. It may not work here.

Unlike the Soviet Union, today's adversaries may not fit the classic game theory models. They may be a small, well-organized group that attacks us through a series of hop points, including neutral countries or from within the United States.

We also have to remember that the same technology that empowers us, empowers America's adversaries. And our very dominance in conventional military strength, may make those adversaries turn to unconventional battlefields such as cyberspace

In short, it is just not clear that we can count on deterrence to work in this context. That means we have to be prepared for scenarios where we have to restore and reconstitute critical operations quickly once they've been disrupted. And here again, this is not something that government can tackle on its own. We need to work hand in hand with the private sector. In short, we need you. Finally, I think it is clear that if there was ever a challenge that called upon us to think anew -- and not be afraid to break old paradigms -- this is it.

We need to think seriously about how we can build security into the next generation of IT networks -- security that is not an appendage or an afterthought, but an integral part of the network. We need to think seriously about how privacy rights and cyber security measures overlap and intersect -- not just how they conflict.

We have a big job ahead of us. But for all the differences between this national security challenge and other challenges our nation has faced in the past, I still think the similarities win out. We still need dedication to the principles of freedom that define our very nationhood. We still need decisiveness. another way of saying to do something that will not be welcomed with open arms! Going against the public's wishes! And we still need the best thinking our nation has to offer -- both in and out of government.

Dean Acheson wrote in his memoirs of being "present at the creation" of the strategy and structures that guided our efforts to meet the challenges of what was then called the "Atomic Age." All of us here today will be able to speak of being "present at the creation" of the strategy and structures that guide our efforts to meet the challenge of the Information Age. Armed with a clear vision, a judicious temperament, and a strong heart, I trust that we will be able to conclude the narrative in a fashion that is equally satisfactory.

-- (news@of.note)

-- v326v (b1q354@9huec.8yg), March 25, 2001.

WASHINGTON, March 22 /U.S. Newswire/ -- The following are remarks by Condoleezza Rice, assistant to the President for national security affairs, at the Partnership for Critical Infrastructure annual meeting, as prepared for delivery:

U.S. CHAMBER OF COMMERCE WASHINGTON, D.C. MARCH 22, 2001 "Understanding Risk and U.S. Economic Security"

It is truly a pleasure to have this opportunity to talk with you this morning. I don't accept very many of the hundreds of speaking invitations that come across my desk. But Dick Clarke didn't have to twist my arm very hard to persuade me to come here. That's because critical infrastructure protection is a critically important

issue -- one that is squarely on our radar screen at the National Security Council. The President himself is on record as stating that infrastructure protection is important "to (our) economy and (our) national security, and it will be a priority for my Administration."

Just a few years ago, this would have been a very surprising, or at least very odd-sounding statement. Certainly, the "Internet" and "cyber security" were not terms that were used a lot when I was in graduate school studying international relations, or even during my first stint at the NSC ten years ago. Today, it's not much of a stretch to say that you can't get out of bed in the morning without relying on information technology. I know from my own experience as provost at Stanford University that large institutions could not function without information technology -- it is simply ubiquitous. And it is often taken for granted -- even though it is clear we cannot afford to. Today, the cyber economy is the economy. And I don't mean the dot coms. I mean virtually every vital service -- water supply, transportation, energy, banking and finance, telecommunications, public health. All of these rely upon computers and the fiber-optic lines, switchers and routers that connect them. Corrupt those networks, and you disrupt the nation. It is a paradox of our times: the very technology that makes our economy so dynamic and our military forces so dominating -- also makes us more vulnerable. As the President's National Security Advisor, I have to worry about that vulnerability. But each corporate CEO has to worry about the fact that a much smaller cyber attack than on the U.S. could place the very existence of your company at issue.

Our gaming exercises have told us for some time now that a few well-organized hackers could disrupt everything from our power lines to our 911 systems. And everyday it is driven home to us that the threat is not just theoretical -- whether it be a new virus that sweeps across the country or a new report like the one last week from the Computer Security Institute that told us that 85 percent of large corporations and government agencies detected security breaches in the last 12 months. Financial losses from these electronic break-ins totaled almost $400 million dollars -- a 40 percent jump from the year before. Remember too that these are only the breaches that were reported.

The government's responsibility for shoring up this vulnerability is both internal and external. Government has a direct responsibility to ensure that it can deliver its our core competencies -- like national defense and public safety. There is also a more general responsibility to ensure the smooth functioning of the economy. Government has always acknowledged a responsibility for protecting critical infrastructure, such as dams and power plants. Now that circle is enlarged to include critical information infrastructures as well.

But it is clear to anyone who gives it just a little bit of thought that meeting this challenge is not something that government can do alone. Protecting our nation's critical infrastructure can only be done in concert with private industry. Moreover, this collaborative effort needs to encompass efforts at both the federal and state levels and within and among various sectors of the economy. What we are talking about is a collaborative partnership between the public and private sectors that is unprecedented in our history. It's a unique problem and it is going to require a unique solution.

And, of course, this is what makes this Partnership -- PCIS -- so important. You have set for yourself a task of uncommon difficulty -- the task of bringing together competitors, suppliers and users to reach consensus on how to think about and how to meet a challenge that affects all three groups differently. But it is even harder than that. Because ultimately, the consensus must not include just industry, but also the Executive Branch, the Congress and the American people.

The next version of the National Plan for Critical Infrastructure Assurance -- due out this summer -- will be the first integrated plan ever produced by any nation where government and industry are the authors and architects of their future course. I applaud the work this group is doing to contribute to this effort -- particularly the infrastructure sectors' work in preparing reports for incorporation into the plan.

Right now the Administration is conducting a thorough review of our critical infrastructure protection policy. But I would like to share with you this morning a few truths about this subject that we already know.

First, we know that that no single government agency can handle critical infrastructure assurance all by itself. All agencies are stakeholders and each has a role in the solution. But it is also true that we can't have as many solutions as there are Federal agencies. We have to coordinate among the government's naturally occurring stovepipes. We have to encourage common standards. We have maximized our resources and energies by making sure they are focused instead of allowing them to be dissipated through dispersal. We also have to make sure that the Federal government's organization provides for a common point of contact that is accessible to private sector, Congress and the American people.

Second, we need to build on the progress of the private sector, including the PCIS and the Information Sharing and Analysis Centers. The Federal Government's approach should strengthen our partnership with private industry. This does not mean regulation. Wanna bet?

Here's a point where I think our experience in addressing the Y2K problem is instructive. We learned in addressing that challenge that there is a lot that government and industry can accomplish if we work together, build partnerships, share information, and encourage best practices. We should apply those lessons here.

Third, both the government and the private sector need to be prepared for the day when all our efforts won't be enough. In some ways, protecting our critical infrastructure is a classical national security problem. We want to deter action against us through prevention. Deterrence worked during the Cold War. It may not work here.

Unlike the Soviet Union, today's adversaries may not fit the classic game theory models. They may be a small, well-organized group that attacks us through a series of hop points, including neutral countries or from within the United States.

We also have to remember that the same technology that empowers us, empowers America's adversaries. And our very dominance in conventional military strength, may make those adversaries turn to unconventional battlefields such as cyberspace

In short, it is just not clear that we can count on deterrence to work in this context. That means we have to be prepared for scenarios where we have to restore and reconstitute critical operations quickly once they've been disrupted. And here again, this is not something that government can tackle on its own. We need to work hand in hand with the private sector. In short, we need you. Finally, I think it is clear that if there was ever a challenge that called upon us to think anew -- and not be afraid to break old paradigms -- this is it.

We need to think seriously about how we can build security into the next generation of IT networks -- security that is not an appendage or an afterthought, but an integral part of the network. We need to think seriously about how privacy rights and cyber security measures overlap and intersect -- not just how they conflict.

We have a big job ahead of us. But for all the differences between this national security challenge and other challenges our nation has faced in the past, I still think the similarities win out. We still need dedication to the principles of freedom that define our very nationhood. We still need decisiveness. another way of saying to do something that will not be welcomed with open arms! Going against the public's wishes! And we still need the best thinking our nation has to offer -- both in and out of government.

Dean Acheson wrote in his memoirs of being "present at the creation" of the strategy and structures that guided our efforts to meet the challenges of what was then called the "Atomic Age." All of us here today will be able to speak of being "present at the creation" of the strategy and structures that guide our efforts to meet the challenge of the Information Age. Armed with a clear vision, a judicious temperament, and a strong heart, I trust that we will be able to conclude the narrative in a fashion that is equally satisfactory.

-- (news@of.note)

-- rvye (retehbr@y7brf.com), March 25, 2001.

WASHINGTON, March 22 /U.S. Newswire/ -- The following are remarks by Condoleezza Rice, assistant to the President for national security affairs, at the Partnership for Critical Infrastructure annual meeting, as prepared for delivery:

U.S. CHAMBER OF COMMERCE WASHINGTON, D.C. MARCH 22, 2001 "Understanding Risk and U.S. Economic Security"

It is truly a pleasure to have this opportunity to talk with you this morning. I don't accept very many of the hundreds of speaking invitations that come across my desk. But Dick Clarke didn't have to twist my arm very hard to persuade me to come here. That's because critical infrastructure protection is a critically important

issue -- one that is squarely on our radar screen at the National Security Council. The President himself is on record as stating that infrastructure protection is important "to (our) economy and (our) national security, and it will be a priority for my Administration."

Just a few years ago, this would have been a very surprising, or at least very odd-sounding statement. Certainly, the "Internet" and "cyber security" were not terms that were used a lot when I was in graduate school studying international relations, or even during my first stint at the NSC ten years ago. Today, it's not much of a stretch to say that you can't get out of bed in the morning without relying on information technology. I know from my own experience as provost at Stanford University that large institutions could not function without information technology -- it is simply ubiquitous. And it is often taken for granted -- even though it is clear we cannot afford to. Today, the cyber economy is the economy. And I don't mean the dot coms. I mean virtually every vital service -- water supply, transportation, energy, banking and finance, telecommunications, public health. All of these rely upon computers and the fiber-optic lines, switchers and routers that connect them. Corrupt those networks, and you disrupt the nation. It is a paradox of our times: the very technology that makes our economy so dynamic and our military forces so dominating -- also makes us more vulnerable. As the President's National Security Advisor, I have to worry about that vulnerability. But each corporate CEO has to worry about the fact that a much smaller cyber attack than on the U.S. could place the very existence of your company at issue.

Our gaming exercises have told us for some time now that a few well-organized hackers could disrupt everything from our power lines to our 911 systems. And everyday it is driven home to us that the threat is not just theoretical -- whether it be a new virus that sweeps across the country or a new report like the one last week from the Computer Security Institute that told us that 85 percent of large corporations and government agencies detected security breaches in the last 12 months. Financial losses from these electronic break-ins totaled almost $400 million dollars -- a 40 percent jump from the year before. Remember too that these are only the breaches that were reported.

The government's responsibility for shoring up this vulnerability is both internal and external. Government has a direct responsibility to ensure that it can deliver its our core competencies -- like national defense and public safety. There is also a more general responsibility to ensure the smooth functioning of the economy. Government has always acknowledged a responsibility for protecting critical infrastructure, such as dams and power plants. Now that circle is enlarged to include critical information infrastructures as well.

But it is clear to anyone who gives it just a little bit of thought that meeting this challenge is not something that government can do alone. Protecting our nation's critical infrastructure can only be done in concert with private industry. Moreover, this collaborative effort needs to encompass efforts at both the federal and state levels and within and among various sectors of the economy. What we are talking about is a collaborative partnership between the public and private sectors that is unprecedented in our history. It's a unique problem and it is going to require a unique solution.

And, of course, this is what makes this Partnership -- PCIS -- so important. You have set for yourself a task of uncommon difficulty -- the task of bringing together competitors, suppliers and users to reach consensus on how to think about and how to meet a challenge that affects all three groups differently. But it is even harder than that. Because ultimately, the consensus must not include just industry, but also the Executive Branch, the Congress and the American people.

The next version of the National Plan for Critical Infrastructure Assurance -- due out this summer -- will be the first integrated plan ever produced by any nation where government and industry are the authors and architects of their future course. I applaud the work this group is doing to contribute to this effort -- particularly the infrastructure sectors' work in preparing reports for incorporation into the plan.

Right now the Administration is conducting a thorough review of our critical infrastructure protection policy. But I would like to share with you this morning a few truths about this subject that we already know.

First, we know that that no single government agency can handle critical infrastructure assurance all by itself. All agencies are stakeholders and each has a role in the solution. But it is also true that we can't have as many solutions as there are Federal agencies. We have to coordinate among the government's naturally occurring stovepipes. We have to encourage common standards. We have maximized our resources and energies by making sure they are focused instead of allowing them to be dissipated through dispersal. We also have to make sure that the Federal government's organization provides for a common point of contact that is accessible to private sector, Congress and the American people.

Second, we need to build on the progress of the private sector, including the PCIS and the Information Sharing and Analysis Centers. The Federal Government's approach should strengthen our partnership with private industry. This does not mean regulation. Wanna bet?

Here's a point where I think our experience in addressing the Y2K problem is instructive. We learned in addressing that challenge that there is a lot that government and industry can accomplish if we work together, build partnerships, share information, and encourage best practices. We should apply those lessons here.

Third, both the government and the private sector need to be prepared for the day when all our efforts won't be enough. In some ways, protecting our critical infrastructure is a classical national security problem. We want to deter action against us through prevention. Deterrence worked during the Cold War. It may not work here.

Unlike the Soviet Union, today's adversaries may not fit the classic game theory models. They may be a small, well-organized group that attacks us through a series of hop points, including neutral countries or from within the United States.

We also have to remember that the same technology that empowers us, empowers America's adversaries. And our very dominance in conventional military strength, may make those adversaries turn to unconventional battlefields such as cyberspace

In short, it is just not clear that we can count on deterrence to work in this context. That means we have to be prepared for scenarios where we have to restore and reconstitute critical operations quickly once they've been disrupted. And here again, this is not something that government can tackle on its own. We need to work hand in hand with the private sector. In short, we need you. Finally, I think it is clear that if there was ever a challenge that called upon us to think anew -- and not be afraid to break old paradigms -- this is it.

We need to think seriously about how we can build security into the next generation of IT networks -- security that is not an appendage or an afterthought, but an integral part of the network. We need to think seriously about how privacy rights and cyber security measures overlap and intersect -- not just how they conflict.

We have a big job ahead of us. But for all the differences between this national security challenge and other challenges our nation has faced in the past, I still think the similarities win out. We still need dedication to the principles of freedom that define our very nationhood. We still need decisiveness. another way of saying to do something that will not be welcomed with open arms! Going against the public's wishes! And we still need the best thinking our nation has to offer -- both in and out of government.

Dean Acheson wrote in his memoirs of being "present at the creation" of the strategy and structures that guided our efforts to meet the challenges of what was then called the "Atomic Age." All of us here today will be able to speak of being "present at the creation" of the strategy and structures that guide our efforts to meet the challenge of the Information Age. Armed with a clear vision, a judicious temperament, and a strong heart, I trust that we will be able to conclude the narrative in a fashion that is equally satisfactory.

-- (news@of.note)

-- grq (rgg@7f.y8b), March 25, 2001.

huyyuh

-- David (myrrhperson@hotmail.com), October 28, 2001.

huy yuh

-- David (myrrhperson@hotmail.com), October 28, 2001.