Agencies Urged to Secure Networks

WASHINGTON (05/23/2000) - Agencies need to move quickly to secure their critical networks even without the immediate backing of Congress and the president, federal officials urged.

It will take time before Congress can act on the president's recommendations for critical infrastructure protection (CIP) within the National Plan for Information Systems Protection, said Jeffery Hunker, director of transnational threats at the U.S. National Security Council, at the CIP 2000 Conference.

There is no greater sin then recognizing a threat and doing nothing about it, he said. "You should not be waiting, you should not be using the Congress as an excuse for doing nothing," Hunker said.

Sen. Robert Bennet, a Republican from Utah, said it might take some time for Congress to be able to respond appropriately to security threats. "We are organized to deal with Industrial Age problems," he said. "The "love bug' cut across all these jurisdictions instantaneously, and Congress is not set up to deal with issues that cut across jurisdictions."

Hunker outlined six elements from the president's plan that the administration is asking Congress to fund but agencies can act upon on their own:

* Building a trained organization.

* Developing and using best practices and standards.

* Performing and using vulnerability assessments.

* Sharing security information.

* Working with warning response and recovery organizations.

* Developing systems for obtaining resources and assigning accountability.

"Even if it is a tiny step forward, all of us can move the ball forward in our own organizations," Hunker said.