Clinton makes last-minute cybersecurity appointments

[InfoSec News <isn () C4I ORG>]

http://www.computerworld.com/cwi/story/0,1199,NAV47_STO56725,00.html

By DAN VERTON
January 22, 2001

In what is being described as an eleventh-hour move designed to
deliver one last political dig at President George W. Bush, former
President Bill Clinton on Friday appointed 21 people to advise his
successor on how best to protect the nation's critical information
infrastructure from attack.

Some experts view the last-minute appointments to the National
Infrastructure Assurance Council (NIAC), including some former Clinton
aides and Democratic Party financial backers, as a move that
unnecessarily politicizes a vital government effort to encourage
private-sector cooperation on critical infrastructure protection and
cybersecurity.

"There is no question that establishing a NIAC is important," said
John Tritak, director of the Critical Infrastructure Assurance Office,
an agency under the Commerce Department. "The question is whether it
was appropriate [for Clinton] to appoint advisers for his successor,"
said Tritak. "It has nothing to do with the quality of the people on
the list. But it's like picking the other guy's team and it
unnecessarily raises the question of politicization. I personally
think it was a mistake."

Clinton established the NIAC by executive order in 1999. The council's
purpose is to advise the president on cybersecurity and to enhance the
partnership between the public and private sectors to address threats
to the nation's critical infrastructure. Part of that responsibility
includes monitoring the development of private sector Information
Sharing and Analysis Centers, such as the IT-ISAC established last
week by 19 technology vendors (see story), as well as making
recommendations to the National Security Council on how to improve
cooperation between federal agencies and private companies.

The national security community has been working to set up the NIAC
for more than a year. However, it is unclear whether Clinton ran out
of time to evaluate the membership of the council or if it was a
calculated political move. Sources say some of the members, including
some Clinton supporters, were "shocked" by the appointments and are
fearful of being linked to any politicization of an issue they feel
should remain above politics.

Some of Clinton's appointments to the NIAC include Wellington E. Webb,
the Democratic mayor of Denver, Lawrence P. LaRocco, a lobbyist and
former Democratic congressman from Idaho, and Jack Quinn, the
co-chairman of Chevy Chase, Md.-based consulting firm Quinn Gillespie
& Associates LLC, who once served as counsel to Clinton and chief of
staff to former vice president Al Gore.

Alan Paller, director of the SANS Institute in Bethesda, Md., and one
of the newly appointed NIAC members, said he is unaware of any
negative fallout to the overall critical infrastructure protection
effort as a result of the late appointments. However, Paller said he
agrees with an effort underway by Richard Clarke, national coordinator
for security, infrastructure protection and counterterrorism, to
create a leaner, more focused government effort by reducing the number
of advisory boards and groups that deal with critical infrastructure
protection.

"The loose network of committees and councils have not yet had a
positive impact and I have not heard any arguments that would lead me
to believe the impact will improve," said Paller. "This is not to cast
aspersions on the folks who planned or staff the committees. Rather,
it is a basic mismatch that occurs when you ask well-meaning
nontechnical people to guide the actions needed to solve a thorny
technical problem," he said.

In a recent interview, Jeffrey Hunker, the former senior director for
Critical Infrastructure Protection at the National Security Council
under Clinton, said the backbone of the critical infrastructure
protection effort was created "explicitly recognizing that this was a
new type of challenge and that a czarlike structure would not work."

"There are too many interests and powerful interests" involved for a
czarlike structure to work," said Hunker. "Still, you need somebody to
manage the effort and crack the whip," he said.

"In the real world, these kinds of advisory councils usually have
negligible impact," said Steven Aftergood, an analyst at the
Federation of American Scientists in Washington. "The Bush
administration may be inclined to let the new council meet while the
members' two-year terms run out," he said. "That won't prevent the
administration from developing its own policies."

Although the Bush administration will likely conduct a review of the
entire national cybersecurity structure and is in no way bound by the
Clinton appointments, the NIAC may, in the end, be the one overarching
policy body to survive, said Tritak. "A NIAC is a fundamental pillar
of a national critical infrastructure assurance policy," said Tritak.
"The NIAC is one of those things that is going to be looked at on its
merits and will be judged independent of what the new administration
decides to do to the other pieces of the puzzle."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".