Reno Missive Proposes Cyberspace Defense Plan

P> Government officials will give industry a major role in devising a strategy to defend the nation's information networks from terrorists and criminal hackers, said Richard Wilhelm, a White House official.

The plan could be announced by May if it wins President Bill Clinton's approval, said Wilhelm, who coordinates the White House's network-defense efforts.

Reno sent her memo, titled "Critical Infrastructure Security," to the secretaries of Commerce, Energy, Treasury and Transportation, and to John Deutch, director of Central Intelligence; John White, deputy secretary of defense; Louis Freeh, director of the FBI; and six other senior officials. The memo is marked "For Official Use Only."

Deutch oversees the Fort Meade, Md.-based National Security Agency, the intelligence agency that develops technology to guard the government's classified data and the Pentagon's critical information networks. The Commerce Department runs the National Institute for Standards and Technology in Gaithersburg, Md., which helps protect unclassified government information networks.

The memo represents the latest government effort to counter what intelligence and defense officials say is a new national security threat -- so-called cyberwar attacks by hackers against the nation's electronic infrastructure. Government officials believe the nation's phone system, power grid, banking system and other critical computer-controlled networks could be wrecked by hackers based in foreign countries such as Iran.

Reno's memo was drafted after an internal White House battle last year, during which Deutch and others tried to win Clinton's approval for a presidential review directive. If it had been approved, the directive would have created a governmentwide board to study the development of a national cyberspace defense policy.

Government officials fear that such hacker attacks could be launched through the Internet and cause more economic damage than the bombing of the World Trade Center. Also, 95 percent of the Pentagon's wartime communications pass through commercial networks, making the military dependent on the phone companies, say Pentagon officials.

But any cyberspace defense plan likely will receive criticism from industry executives who don't want to pay for anti-hacker measures, and from libertarians who don't want the government to shape the development of the Internet and the fast-growing World Wide Web.

"It has the potential of creating new financial costs to the taxpayer, depending on how aggressive a response the government proposes," said Steven Aftergood, an analyst at the Washington-based Federation of American Scientists.

Also, government cyberwar defense efforts could exacerbate the battle over government attempts to limit encryption technology. Government officials argue that limits on encryption technology, such as phone scramblers, are needed to suppress organized crime and computer hackers, but "it may well be that the simplest and most elegant solution to the [cyberwar] problem is universal use of strong encryption," he said.

Under Reno's proposal, a presidential appointee from the private sector would head the cyberwar task force, which also would include an industry advisory committee. The task force would recommend a national cyberspace defense policy within 12 months, following discussions with law enforcement agencies, industry executives and privacy advocates.

The task force would be overseen by the U.S. deputy attorney general, the U.S. deputy secretary of defense and a civilian agency representative.

Also, Reno's memo suggested a cyberspace defense "entity" headed by the FBI, which would provide advice and technical help to agencies on protecting their critical information networks.

But the government can't solve this problem by itself, said Wilhelm. It must listen to the telecommunications industry, and also to privacy advocates concerned about government intrusion, he said. Because of industry's critical role, government officials are redrafting the Reno memo to increase industry's participation, he said.

The companies most concerned by the new policy are the phone and power-generation companies. But if industry objects to cyberwar security, a government check may help overcome opposition. In 1994, government officials won the phone industry's agreement to a plan that eases wiretapping of computerized phone networks by offering to pay most of the costs, estimated between $500 million and $10 billion.

The CEOs from the nation's largest phone companies, such as AT&ampT, long have cooperated with government officials via the National Security Telecommunications Advisory Council.

Executives at the major phone companies have become more aware of the hacker threat to the networks, partly because some phone networks have been disrupted by hacker attacks, said Randy Schulz, a Washington-based network security expert with Bellcore Inc., Morristown, N.J. Bellcore works with NSTAC and the Pentagon to improve the reliability of the phone networks.

Later this year, the NSTAC expects to complete its review of vulnerabilities to the computer-controlled power grid, according to a statement from the DoD's NSTAC office. By the end of 1997, NSTAC will complete a study of vulnerabilities to information networks used by banks and transportation companies.

Government officials also have sponsored the industry-run North American Electric Reliability Council, Princeton, N.J., to improve the reliability of the power grid. "We've had contacts from the government to talk about this," but industry officials have yet to respond, said Gene Gorzelnik, a security expert at the council. The industry's response will "depend on what they are proposing.... It may be that these [anti-hacker defense measures] are already in place," he said.