Embed Size (px)
Citation preview
Critical Infrastructure:
Commerce/NTIA Lead Agency Role
by
Shirl Kinney
Deputy Assistant Secretary, NTIA
October - November, 1998
A Composite of Recent Presentations Regarding PDD 63
I&C is the Key
The traditional view of separate infrastructures that interact will give way to a view that the set of
infrastructures constitutes a complete and complex system. In other words, we need to adopt a holistic
view of the infrastructure.
In the meantime, we must make the most effective transition from the current perspective to the new one.
Therein lies the challenge...
PDD 63 - Structure
• Establishes a National Coordinator for Critical Infrastructure Protection (Richard Clarke)
• Identifies 8 critical infrastructures and designated Federal lead agencies to collaborate with industry sectors
• Requires lead agencies to identify industry Sector Coordinators
PDD Roles for Dept of Commerce
• Overall coordination and support (Jeffrey Hunker, CIAO/BXA)
• Lead Agency for I&C (NTIA)
• Education and Awareness (NTIA)
• Standards and Best Practices (NIST, NSA)
PDD Tasks/(Federal Lead)
• National Infrastructure Assurance Plan (NSC/CIAO)
• R&D priorities (OSTP)• FY 2000 budget (OMB/NSC)• Response plan (FBI/DOD)• USG as model (OMB/NSC)• Intelligence collection (CIA)• Creation of ISACs (CIAO/NEC/FBI)
PDD Tasks, con’t
• Education and awareness (DOC)• International cooperation (DOS)• Legal issues (DOJ)• Personnel and training/Cyber Corps (DOJ)• Standards and best practices (NSA/DOC)• Federal Detection Net (DOD/FBI)• Federal communications reconstitution (GSA)
PDD Tasks, con’t
• Expert review process for VAPs (NSC)
• Enhancing understanding of cyber attacks on U.S. infrastructure (NSC/NSA)
• Y2K crisis management (NSC)
I&C Lead Agency Role:Why Commerce?
• We are not the Department of Defense
• We are not the Department of Justice
• Our focus is economic growth and security:– 50% of GDP is information-related– $300B in e-commerce in U.S. by 2002
• We are collaborators
Commerce Approach
• Your bottom line is our bottom line….• We define the infrastructure broadly and you own
most of it;• You understand and manage your own risks in
ways that make good business sense;• However, some risks can cause cascading failures
that affect larger national interests;• Can succeed only if partners.
Why NTIA?
NTIA envisions a world where telecommunications and information technologies are used to protect and
improve the quality of life for everyone.
NTIA Mission
• NTIA serves as the principal adviser to the Administration on national and international telecommunications issues.
• Examples:– E-commerce: privacy, content, access,
governance– Universal service– Spectrum management
Some Guiding Principles
• Industry should lead
• NTIA should form partnerships with industry and academia
• Regulations should be minimal
• NTIA should serve as “honest broker”
NTIA Infrastructure Assurance Activities
• Evolutionary approach• Seeking optimal alliance for Sector Coordinators• Establishing a new program at NTIA -- the
Communications and Information Assurance Program (CIIAP)* see ntia.doc.gov for employment opportunity
• Mounting an education and awareness campaign• Participating in Task Groups
Education & Awareness
• Education universities and K-12
• Awareness critical infrastructure communities, government, general public
• Purpose: to outline a Threat/Vulnerability Awareness Plan directed to the critical infrastructure communities.
Education & Awareness Con’t
• The message: – The threat is real– There are vulnerabilities– Action is needed
• Strategy– Work with industry to develop and implement
an awareness campaign
Suggestions for Industry
• Establish or join an ISAC for information sharing;
• Sponsor workshops and seminars;
• Work with us to develop the National Plan;
• Participate in development and implementation of E&A campaign
• Leverage your Y2K preparations for CIP
Contact:
Website: ntia.doc.gov
202-482-1830
or
202-482-1116
Rm. 4898, HCHB
1401 Constitution Avenue, NW
Washington,DC 20230
