FAS Intro: The following memorandum represents the latest
official attempt to address the perceived threat to the U.S.
information infrastructure. It was first reported by Neil
Munro in Washington Technology on April 25, 1996.
Office of the Attorney General
Washington, DC 20530
March 14, 1996
FOR OFFICIAL USE ONLY
Memorandum
FOR: Robert E. Rubin, Secretary of the Treasury
Ronald H. Brown, Secretary of Commerce
Frederico Pena, Secretary of Transportation
Hazel R. O'Leary, Secretary of Energy
John M. Deutch, Director of Central Intelligence
John P. White, Deputy Secretary of Defense
Samuel R. Berger, Deputy Assistant to the President for
National Security Affairs
Louis J. Freeh, Director, Federal Bureau of
Investigation
Leon Fuerth, Assistant to the Vice President for
National Security Affairs
Sally Katzen, Administrator, Information and Regulatory
Affairs, Office of Management and Budget
W. Bowman Cutter, Deputy Assistant to the President,
National Economic Council
John H. Gibbons, Director, Office of Science and
Technology Policy
James Lee Witt, Director, Federal Emergency Management
Agency
FROM: Janet Reno, Attorney General
SUBJECT: Critical Infrastructure Security
Purpose
I have the responsibility, under Presidential Decision
Directive (PDD) 39, which concerns Counterterrorism Policy, to
"chair a Cabinet Committee to review the vulnerability to
terrorism of... critical national infrastructure and make
recommendations to [the President] and the appropriate Cabinet
member or Agency head." The purpose of this memorandum is to
brief you on the work done to date and to invite you to
participate in the Cabinet Committee.
After consultations with the Director of Central
Intelligence, the Deputy Secretary of Defense, the Deputy Attorney
General, the Deputy Assistant to the President for National
Security Affairs, the Vice President's National Security Advisor,
and the Director of the FBI, it was decided that, in light of the
breadth of critical infrastructures and the multiplicity of
sources and forms of attack, the Cabinet Committee should consider
not only terrorist threats to the infrastructures, but also
threats from other sources. The Committee needs to address both
traditional "physical" attacks (e.g. bombings) and electronic,
"cyber" attacks on the infrastructures (e.g., an attack on a
computer or communications system).
To facilitate the work of the Cabinet Committee, a small
working group has reviewed options for: (1) a full-time group that
would consider how the government should address threats to
critical infrastructures over the long term; and (2) an emergency
response capability to address physical and/or cyber threats in
the interim, while the full-time group was conducting its study.
The report of the working group is attached, along with a summary
of its recommendations.
Having reviewed the options presented by the working group,
we make the following proposals:
Preliminary Recommendation 1: Follow-on Study Group
We propose the creation of a full-time Task Force in the
Executive Office of the President to study infrastructure
assurance issues and recommend national policy (as outlined more
fully in the CIWG). The Task Force would be headed by a
presidential appointee from the private sector and comprise full-
time representatives from the affected agencies. It would include
an advisory committee from the private sector, and could also draw
on existing advisory groups for assistance. The Task Force would
report to the President through a Principals Committee of affected
agencies. The work of the Task Force would be overseen by a
Steering Committee consisting of the Deputy Attorney General, the
Deputy Secretary of Defense, and a representative of one of the
agencies reflecting civil concerns. The Task Force would have a
nominal duration of 12 months. An important issue that remains to
be addressed is how the Task Force would be funded.
Preliminary Recommendation 2: Interim Operational Response
We also propose establishing a single interagency
coordinating group within the Department of Justice, chaired by
the FBI, to handle the interim infrastructure assurance mission
with regard to both physical and cyber threats and to coordinate
the work of the government in this area. This group would
facilitate rapid access to existing physical and cyber security
efforts and expertise within the government. It would also act as
a form of "yellow pages" to facilitate access to resources and
expertise in the private sector, particularly with regard to cyber
threats. Individuals agencies would continue to carry out their
existing programs. In particular, DoD and JCS would continue to
perform an emergency response function for their own assets and
responsibilities. Nevertheless, their expertise might be called
upon to assist in the event of a threat or attack to
infrastructures outside of DoD.
Conclusion
I look forward to meeting with you (or, if you prefer, your
Deputy) to discuss this subject and to decide on final
recommendations to the President.
Attachments
FOR OFFICIAL USE ONLY