House Commerce Chair demands info-security report status

[InfoSec News <isn () C4I ORG>]

http://www.computeruser.com/news/01/01/29/news16.html

By Brian Krebs
January 29, 2001

The chairman of the House Commerce Committee demanded to know the
status of an overdue report on the Clinton administration's efforts to
protect the nation's most critical computer systems from
cyber-attacks.

In a letter addressed to Richard Clarke, the national coordinator for
security, Commerce Committee Chairman W.J. "Billy" Tauzin and ranking
Democrat John Dingell, D-Mich., urged Clarke - a National Security
Council veteran - to report back on the whereabouts of the study that
now is nearly two weeks overdue.

The 200-page study was reportedly finished more than a week before
Clinton left office, but never was signed by Clinton or forwarded to
Congress, as required by law.

The letter also touched on Clarke's appointment as head of the newly
created National Infrastructure Assurance Council, a group conceived
of in 1997 by White House advisors as a collection of leading
corporate CEOs representing virtually every major infrastructure
sector including energy, telecommunications, transportation and
banking. The council was designed to advise the US president of a
cyber-attack on one or more of these critical sectors.

While Clinton signed an executive order in July 1999 to create the
NIAC and assign its members, he delayed naming them until his final
day in office, an action that was condemned as a mean-spirited
partisan jab that could endanger the group's legitimacy with the Bush
administration.

"As the committee with jurisdiction over many such systems, I am
concerned that President Clinton waited until his last full day in
office to finally appoint the first group of members to this critical
council," the two lawmakers wrote.

The committee asked Clarke to provide a copy of the report, and to
indicate which agency or entity recommended each of the of 21 NIAC
appointees.

In an interview Tuesday, John Tritak, the head of the Critical
Infrastructure Assurance Office - an agency that acts as a liaison
between the White House and various government agenices on information
security matters - said the action was unfortunate; not because of the
quality of the people chosen, but because its timing.

"This organization should have been stood up a long time ago, and the
fact that it was not raises the issue of why the administration is
doing so on its way out the door," Tritak said. "It boils down to a
question of propriety of an outgoing administration picking a team
that's going to advise a new administration."

While the Bush administration will inherit Clinton's appointees, he is
in no way bound by those choices, as the NIAC was created by a
presidential directive whose charter expires in July 2001.

"My guess is President Bush will decide by that time whether he
intends to proceed on this issue and, if so, he will probably hand
pick those he feels are best suited to the task and to his purposes,"
Tritak said.

The Commerce Committee asked that Clarke submit the relevant
information by Jan 30.

Clarke could not be reached for comment.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".