Remarks Prepared for Delivery
By Robert T. Marsh
Chairman, President's Commission on Critical Infrastructure Protection
National Press Club
January 30, 1997
I appreciate the opportunity to speak to you this morning. I'm here to ask for your help with an important issue.
Last July 15, President Clinton signed an Executive Order that begins
with this sentence: "Certain national infrastructures are so vital
that their incapacity or destruction would have a debilitating impact
on the defense or economic security of the United States."
That order created the President's Commission on Critical
Infrastructure Protection, of which I was later designated
|Chairman Marsh at the NPC|
The President identified eight critical infrastructure areas for
study: Telecommunications, electric power systems, oil and gas
transportation, transportation, banking and finance, water supply
systems, emergency services (such as medical, police, fire and
rescue), and continuity of government services.
These critical infrastructures are the life support systems of the
country. They support features of daily life that help give the
United States a standard of living that is the envy of the world. In
general, Americans are blessed with pure water, safe highways,
reliable energy, global communications, and so on.
But we cannot take our infrastructures for granted. That is why the
Commission was created.
Today I'd like to share a few thoughts with you about the Commission's
work, then take your questions.
Specifically, I want to tell you about:
- Issues we face
- How the Commission is addressing them, and
- The partnership the Commission is building between the private
sector and government to address how to better protect our
The Commission's mission is to:
- assess vulnerabilities and threats to the critical
- identify relevant legal and policy issues, and assess how they
should be addressed
- recommend to the President a national policy and implementation
strategy for protecting critical infrastructures
- and propose any necessary statutory or regulatory changes
Briefly, why do we have a Commission, and why now?
Basically three reasons:
First, physical terrorism continues -- by physical I mean, for
example, attacks involving explosive devices. Their use, as you well
know, is regularly reported around the world.
Second, increased reliance on telecommunications and information
technology in all infrastructures. By information technology I mean
everything from computer hardware and software to the Internet. This
reliance is also creating new vulnerabilities, especially to
intrusions into automated systems -- the so-called "cyber" attacks.
Third, tools to exploit these vulnerabilities are readily available,
and their use is increasing. In some cases, all it takes to
penetrate automated systems is a PC, a phone, and skills that many
14-year-olds seem able to master.
As for terrorism
While our critical infrastructures have not been primary targets per
America, sadly, is not a stranger to terrorism. The bombings of the
World Trade Center and the Oklahoma City Federal building are
sobering reminders of the dangers of terrorism and physical attack on
our critical infrastructures.
|Chairman Marsh and Journalists at the National Press Club|
As for increased reliance on telecommunications, it has created new
America has pioneered tremendous advances in technology, and reaped
extraordinary benefits. What was once unimaginable is now
unremarkable. What was once impossible is now expected. Tasks that
once took days now take split seconds.
But this capability comes at a price. Our infrastructures have
become increasingly reliant on information technology and the
telecommunications infrastructure that ties them together. This
reliance exposes infrastructures in new ways, and creates new
For example, many companies, such as utilities, are very familiar
with natural hazards. But today we are facing a new set of manmade
Technology has created an interconnected world. Each connection,
however, creates new exposure and risk. Companies are becoming
increasingly vulnerable to vandalism, theft, unscrupulous competitors,
malicious hackers, and criminals.
Companies are also increasingly vulnerable to so-called "insiders" -
people with legitimate access to the company's systems. Insider "cyber attacks" are increasing, particularly in this age of mergers,
consolidation and downsizing.
Furthermore, these interconnected systems are characterized by a
highly efficient but sometimes delicate interdependence. If service
fails in one area, it can adversely affect several others. Whether
caused by an inadvertent keystroke, or an intruder who wants to
disrupt operations, the ripple effect can be far-reaching.
Information technology and telecommunications have brought great
speed and precision to industrial, governmental, and military
operations, but reduced the tolerance of both individual
organizations and the economy as a whole to error or delay.
And with interdependence comes complexity. The sheer sophistication
of automated systems multiplies the number of potential errors or
disruptions, and the potential magnitude of their impact.
In the past, you put a guard at the door, and your assets were
protected. Today, there is no door - or too many doors, depending on
how you look at it. And you can never be sure who will drop in for a
visit via the Internet.
And as for tools to exploit these vulnerabilities:
Even amateurs have access to the technological tools needed to
penetrate systems and cause trouble.
Because of the availability of Internet hacker sites, infrastructures
may be endangered by persons intent on penetrating or disrupting
Unlike Willie Sutton, who had to go to the bank to rob it, today's
hacker can try to rob it from home using a PC. And he doesn't even
have to be in the same city - or country. The information age makes
it possible for individuals armed only with computers to gain access
to our infrastructures without physically crossing our borders.
Given everything I've just described, a great many people -
especially the President - are very interested in doing something to
better protect our infrastructures. And the Commission is clearly an
effort to get something done. Further, it demonstrates that the
President is committed to taking action before a crisis occurs,
rather than after-the-fact.
I want to emphasize that we are not here to proclaim the sky is
falling, but to talk about investments today to secure a safer
tomorrow. Our infrastructures are robust. But there are clearly new
challenges before us, and we must address them before they become
serious. The Commission represents prudent planning for the
I've been asked how this Commission is different from past efforts to
address similar issues. The major difference is that there is a
widespread recognition that the nature and scope of the threat have
changed as the result of advances in technology, particularly
information technology and telecommunications. The weight of
anecdotal evidence is sufficiently persuasive to warrant a serious
collaborative effort to address this problem - to determine how
serious it is, how serious it might become, and what to do about it.
Those are some of the issues the Commission is facing. Let me tell
you how we're approaching them.
The central challenge of the Commission is to forge a partnership
between the private sector and government at all levels -- Federal,
State and local. Partnership is the core of the Commission.
We are pursuing this partnership through non-stop efforts to carry
our message throughout the country.
To build awareness throughout industry, we are conducting an
aggressive outreach to companies -- particularly industry leaders --
to discuss our goals and solicit participation. We need their help
in developing a strategy and recommendations that are compatible with
both increased protection and business' bottom line.
To build public awareness, we will hold a series of public hearings,
in cities from Los Angeles to Boston, to ensure everyone will have an
opportunity to be heard.
The Commission's philosophy is that the quality of our
recommendations to the President can only be as good as the buy-in we
foster with the private sector.
Our approach is not "We're government and we're here to help."
Rather, we are vitally interested in what the private sector has to
say because it owns and operates the critical infrastructures.
Private sector involvement is absolutely essential to an informed
process of developing a comprehensive national policy and
In short, the Commission's job is assuring America's future through
We are under no illusions that this Commission can solve every
infrastructure problem. Instead, we see the recommendations we will
develop as a point of departure for implementation. For that reason,
we need the best thinking of the private sector up front.
A question I often hear is, "How can we help?"
As the Commission's work progresses, I would ask two things of the
media and the public: Help us build awareness and understanding of
the issues, and help encourage participation in our efforts.
Thank you. I'll take any questions now.