From: Declan McCullagh <declan@eff.org>
Date: Thu, 18 Jul 1996 13:51:23 +0800
To: cypherpunks@toad.com
Subject: Gorelick testifies before Senate, unveils new executive order
Message-ID: <Pine.SUN.3.91.960717184531.7324A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain





---------- Forwarded message ----------
Date: Wed, 17 Jul 1996 15:54:24 -0500
From: Declan McCullagh <declan@well.com>
To: fight-censorship+@andrew.cmu.edu
Subject: Gorelick testifies before Senate, unveils new executive order

Deputy Attorney General Jamie Gorelick testified yesterday before Sen.
Sam Nunn's cyberscare hearing (take #3), where she ranted about the
evils of the Net and unveiled an executive order signed by the
president on Monday.

Gorelick, the administration's newly-annointed chief Net fearmonger,
said: "The executive order is on Federal Information Infrastructure
protection... It creates a committee to draft policy and recommend
legislation. The order cites two types of threats: physical and cyber."

The infrastructure she's talking about isn't government computers; she
means the private sector. "Because this infrastructure is privately
owned, this [executive order] emphasizes and recognizes the importance
of cooperation."

That is, cooperation with the fear of government regulation hanging
over your head. The President's Commission on Critical Infrastructure
Protection, which will have an industry advisory panel, has one year to
report back with recommendations.

Sen. Patrick Leahy testified: "Armed with a modem and a computer, a
criminal can wreak havoc on our computers from anywhere in the world.
There are no borders in cyberspace... Existing criminal statutes
provide a good framework for prosecuting [some] computer offenses... We
have to assume we have to update our criminal code."

Clinton's executive order also creates a "Infrastructure Protection
Task Force," effective immediately, with reps from the FBI, DOD, and
NSA. At yesterday's Senate permanent subcommittee on investigations
hearing, Gorelick ducked Sen. Nunn's questions about the limits of the
task force's authority. But the executive order says the group must:

      (i)     provide, or facilitate and coordinate the provision of,
              expert guidance to critical infrastructures to detect,
              revent, halt, or confine an attack and to recover and restore
              service...
      (v)     coordinate with the pertinent law enforcement authorities
              during or after an attack to facilitate any resulting
              criminal investigation.

"Critical infrastructures" include telecommunications facilities and
the Net.

-Declan

PS: For background, check out:
  http://www.netizen.com/netizen/96/29/campaign_dispatch0a.html




Critical infrastructures:

 1. telecommunications;
 2. electrical power systems;
 3. gas and oil storage and transportation;
 4. banking and finance;
 5. transportation;
 6. water supply systems;
 7. emergency services (including medical, police, fire and rescue); and
 8. continuity of government.




                          EXECUTIVE ORDER

                           - - - - - - -

                 CRITICAL INFRASTRUCTURE PROTECTION

      Certain national infrastructures are so vital that their incapacity
 or destruction would have a debilitating impact on the defense or economic
 security of the United States.  These critical infrastructures include
 telecommunications, electrical power systems, gas and oil storage and
 transportation, banking and finance, transportation, water supply systems,
 emergency services (including medical, police, fire and rescue), and
 continuity of government.  Threats to these critical infrastructures fall
 into two categories: physical threats to tangible property ("physical
 threats"), and threats of electronic, radio-frequency, or computer-based
 attacks on the information or communications components that control
 critical infrastructures ("cyber threats").  Because many of these
 critical infrastructures are owned and operated by the private sector, it
 is essential that the government and private sector work together to
 develop a strategy for protecting them and assuring their continued
 operation.

      NOW, THEREFORE, by the authority vested in me as President by the
 Constitution and the laws of the United States of America, it is hereby
 ordered as follows:

      Section 1.  Establishment.  There is hereby established the
 President's Commission on Critical Infrastructure Protection
 ("Commission").
      (a) Chair.  A qualified individual from outside the Federal
 Government shall be appointed by the President to serve as Chair of the
 Commission.  The Commission Chair shall be employed on a full-time basis.
      (b) Members.  The head of each of the following executive branch
 departments and agencies shall nominate not more than two full-time
 members of the Commission:
      (i)     Department of the Treasury;
      (ii)    Department of Justice;
      (iii)   Department of Defense;
      (iv)    Department of Commerce;
      (v)     Department of Transportation;
      (vi)    Department of Energy;
      (vii)   Central Intelligence Agency;
      (viii)  Federal Emergency Management Agency;
      (ix)    Federal Bureau of Investigation;
      (x)     National Security Agency.
      One of the nominees of each agency may be an individual from outside
 the Federal Government who shall be employed by the agency on a full-time
 basis.  Each nominee must be approved by the Steering Committee.

      Sec. 2.  The Principals Committee.  The Commission shall report to
 the President through a Principals Committee ("Principals Committee"),
 which shall review any reports or recommendations before submission tot he
 President.  The Principals Committee shall comprise the:
      (i)     Secretary of the Treasury;
      (ii)    Secretary of Defense;
      (iii)   Attorney General;
      (iv)    Secretary of Commerce;
      (v)     Secretary of Transportation;
      (vi)    Secretary of Energy;
      (vii)   Director of Central Intelligence;
      (viii)  Director of the Office of Management and Budget;
      (ix)    Director of the Federal Emergency Management Agency;
      (x)     Assistant to the President for National Security Affairs;
      (xi)    Assistant to the Vice President for National Security
              Affairs.

      Sec. 3.  The Steering Committee of the President's Commission on
 Critical Infrastructure Protection.  A Steering Committee ("Steering
 Committee") shall oversee the work of the Commission on behalf of the
 Principals Committee.  The Steering Committee shall comprise four members
  appointed by the President.  One of the members shall be the Chair of the
 Commission and one shall be an employee of the Executive Office of the
 President.  The Steering Committee will receive regular reports on the
 progress of the Commission's work and approve the submission of reports to
 the Principals Committee.

      Sec. 4.  Mission.  The Commission shall:  (a) within 30 days of this
 order, produce a statement of its mission objectives, which will elaborate
 the general objectives set forth in this order, and a detailed schedule
 for addressing each mission objective, for approval by the Steering
 Committee;
      (b) identify and consult with:  (i) elements of the public and
 private sectors that conduct, support or contribute to infrastructure
 assurance; (ii) owners and operators of the critical infrastructures; and
 (iii) other elements of the public and private sectors, including the
 Congress, that have an interest in critical infrastructure assurance
 issues and that may have differing perspectives on these issues;
      (c) assess the scope and nature of the vulnerabilities of, and
 threats to, critical infrastructures;
      (d) determine what legal and policy issues are raised by efforts to
 protect critical infrastrucutres and assess how these issues should be
 addressed;
      (e) recommend a comprehensive national policy and implementation
 strategy for protecting critical infrastructures from physical and cyber
 threats and assuring their continued operation;
      (f) propose any statutory or regulatory changes necessary to effect
 its recommendations; and
      (g) produce reports and recommendations to the Steering Committee as
 they become available; it shall not limit itself to producing one final
 report.

      Sec. 5.  Advisory Committee to the President's Commission on Critical
 Infrastructure Protection.  (a) The Commission shall receive advice from
 an advisory committee ("Advisory Committee") composed of no more than ten
 individuals appointed by the President from the private sector who are
 knowledgeable about critical infrastructures.  The Advisory Committee
 shall advise the Commission on the subjects of the Commission's mission in
 whatever manner the Advisory Committee, the Commission Chair, and the
 Steering Committee deem appropriate.
      (b) A Chair shall be designated by the President from among the
 members of the Advisory Committee.
      (c) The Advisory Committee shall be established in compliance with
 the Federal Advisory Committee Act, as amended (5 U.S.C. App.).  The
 Department of Defense shall perform the functions of the President under
 the Federal Advisory Committee Act for the Advisory Committee, except that
 of reporting to the Congress, in accordance with the guidelines and
 procedures established by the Administrator of General Services.
      Sec. 6.  Administration.  (a) All executive departments and agencies
 shall cooperate with the Commission and provide such assistance,
 information, and advice to the Commission as it may request, to the extent
 permitted by law.
      (b) The Commission and the Advisory Committee may hold open and
 closed hearings, conduct inquiries, and establish subcommittees, as
 necessary.
      (c) Members of the Advisory Committee shall serve without
 compensation for their work on the Advisory Committee.  While engaged in
 the work of the Advisory Committee, members may be allowed travel
 expenses, including per diem in lieu of subsistence, as authorized by law
 for persons serving intermittently in the government service.
      (d) To the extent permitted by law, and subject to the availability
 of appropriations, the Department of Defense shall provide the Commission
 and the Advisory Committee with administrative services, staff, other
 support services, and such funds as may be necessary for the performance
 of its functions and shall reimburse the executive branch components that
 provide representatives to the Commission for the compensation of those
 representatives.
      (e) In order to augment the expertise of the Commission, the
 Department of Defense may, at the Commission's request, contract for the
 services of nongovernmental consultants who may prepare analyses, reports,
 background papers, and other materials for consideration by the
 Commission.  In addition, at the Commission's request, executive
 departments and agencies shall request that existing Federal advisory
 committees consider and provide advice on issue sof critical
 infrastructure protection, to the extent permitted by law.
      (f) The Commission, the Principals Committee, the Steering Committee,
 and the Advisory Committee shall terminate 1 year from the date of this
 order, unless extended by the President prior to this date.

      Sec. 7.  Interim Coordinating Mission.  (a) While the Commission is
 conducting its analysis and until the President has an opportunity to
 consider and act on its recommendations, there is a need to increase
 coordination of existing infrastructure protection efforts in order to
 better address, and prevent, crises that would have a debilitating
 regional or national impact.  There is hereby established an
 Infrastructure Protection Task Force ("IPTF") within the Department of
 Justice, chaired by the Federal Bureau of Investigation, to undertake this
 interim coordinating mission.
      (b) The IPTF will not supplant any existing programs or
 organizations.
      (c) The Steering Committee shall oversee the work of the IPTF.
      (d) The IPTF shall include at least one full-time member each from
 the Federal Bureau of Investigation, the Department of Defense, and the
 National Security Agency.  It shall also receive part-time assistance from
 other executive branch departments and agencies.  Members shall be
 designated by their departments or agencies on the basis of their
 expertise in the protection of critical infrastructures.  IPTF members'
 compensation shall be paid by their parent agency or department.
      (e) The IPTF's function is to identify and coordinate existing
 expertise, inside and outside of the Federal Government, to:
      (i)     provide, or facilitate and coordinate the provision of,
              expert guidance to critical infrastructures to detect,
              revent, halt, or confine an attack and to recover and restore
              service;
      (ii)    issue threat and warning notices in the event advance
              information is obtained about a threat;
      (iii)   provide training and education on methods of reducing
              vulnerabilities and responding to attacks on critical
              infrastructures;
      (iv)    conduct after-action analysis to determine possible future
              threats, targets, or methods of attack; and
      (v)     coordinate with the pertinent law enforcement authorities
              during or after an attack to facilitate any resulting
              criminal investigation.
      (f) All executive departments and agencies shall cooperate with the
 IPTF and provide such assistance, information, and advice as the IPTF
 may request, to the extent permitted by law.
      (g) All executive departments and agencies shall share with the IPTF
 information about threats and warning of attacks, and about actual attacks
 on critical infrastructures, to the extent permitted by law.
      (h) The IPTF shall terminate no later than 180 days after the
 termination of the Commission, unless extended by the President prior to
 that date.

      Sec. 8.  General.  (a) This order is not intended to change any
 existing statutes or Executive orders.
      (b) This order is not intended to create any right, benefit, trust,
 or responsibility, substantive or procedural, enforceable at law or equity
 by a party against the United States, its agencies, its officers, or any
 person.

                            (signed) William J. Clinton

 THE WHITE HOUSE
 July 15, 1996