Reno Memo (3/14/96)

Originally posted by the Federation of American Scientists (FAS) at http://www.fas.org/sgp/munromem.htm

FAS Intro: The following memorandum represents the latest official attempt to address the perceived threat to the U.S. information infrastructure. It was first reported by Neil Munro in Washington Technology on April 25, 1996.

Office of the Attorney General
Washington, DC 20530

 
March 14, 1996
 
FOR OFFICIAL USE ONLY
 
 
Memorandum
 
FOR:        Robert E. Rubin, Secretary of the Treasury
            Ronald H. Brown, Secretary of Commerce
            Frederico Pena, Secretary of Transportation
            Hazel R. O'Leary, Secretary of Energy
            John M. Deutch, Director of Central Intelligence
            John P. White, Deputy Secretary of Defense
            Samuel R. Berger, Deputy Assistant to the President 
               for National Security Affairs
            Louis J. Freeh, Director, Federal Bureau of
               Investigation
            Leon Fuerth, Assistant to the Vice President for
               National Security Affairs
            Sally Katzen, Administrator, Information and 
               Regulatory Affairs, Office of Management and Budget
            W. Bowman Cutter, Deputy Assistant to the President,
               National Economic Council
            John H. Gibbons, Director, Office of Science and
               Technology Policy
            James Lee Witt, Director, Federal Emergency Management
               Agency
 
FROM:       Janet Reno, Attorney General
 
SUBJECT:    Critical Infrastructure Security

Purpose

I have the responsibility, under Presidential Decision Directive (PDD) 39, which concerns Counterterrorism Policy, to "chair a Cabinet Committee to review the vulnerability to terrorism of... critical national infrastructure and make recommendations to [the President] and the appropriate Cabinet member or Agency head." The purpose of this memorandum is to brief you on the work done to date and to invite you to participate in the Cabinet Committee.

After consultations with the Director of Central Intelligence, the Deputy Secretary of Defense, the Deputy Attorney General, the Deputy Assistant to the President for National Security Affairs, the Vice President's National Security Advisor, and the Director of the FBI, it was decided that, in light of the breadth of critical infrastructures and the multiplicity of sources and forms of attack, the Cabinet Committee should consider not only terrorist threats to the infrastructures, but also threats from other sources. The Committee needs to address both traditional "physical" attacks (e.g. bombings) and electronic, "cyber" attacks on the infrastructures (e.g., an attack on a computer or communications system).

To facilitate the work of the Cabinet Committee, a small working group has reviewed options for: (1) a full-time group that would consider how the government should address threats to critical infrastructures over the long term; and (2) an emergency response capability to address physical and/or cyber threats in the interim, while the full-time group was conducting its study. The report of the working group is attached, along with a summary of its recommendations.

Having reviewed the options presented by the working group, we make the following proposals:

Preliminary Recommendation 1: Follow-on Study Group

We propose the creation of a full-time Task Force in the Executive Office of the President to study infrastructure assurance issues and recommend national policy (as outlined more fully in the CIWG). The Task Force would be headed by a presidential appointee from the private sector and comprise full- time representatives from the affected agencies. It would include an advisory committee from the private sector, and could also draw on existing advisory groups for assistance. The Task Force would report to the President through a Principals Committee of affected agencies. The work of the Task Force would be overseen by a Steering Committee consisting of the Deputy Attorney General, the Deputy Secretary of Defense, and a representative of one of the agencies reflecting civil concerns. The Task Force would have a nominal duration of 12 months. An important issue that remains to be addressed is how the Task Force would be funded.

Preliminary Recommendation 2: Interim Operational Response

We also propose establishing a single interagency coordinating group within the Department of Justice, chaired by the FBI, to handle the interim infrastructure assurance mission with regard to both physical and cyber threats and to coordinate the work of the government in this area. This group would facilitate rapid access to existing physical and cyber security efforts and expertise within the government. It would also act as a form of "yellow pages" to facilitate access to resources and expertise in the private sector, particularly with regard to cyber threats. Individuals agencies would continue to carry out their existing programs. In particular, DoD and JCS would continue to perform an emergency response function for their own assets and responsibilities. Nevertheless, their expertise might be called upon to assist in the event of a threat or attack to infrastructures outside of DoD.

Conclusion

I look forward to meeting with you (or, if you prefer, your Deputy) to discuss this subject and to decide on final recommendations to the President.

Attachments

FOR OFFICIAL USE ONLY

Return to the EPIC Computer Security Page