Communications Litigation Today was a service of Warren Communications News.

BUSH ISSUES CRITICAL INFRASTRUCTURE PROTECTION ORDER

December 19, 2003 by Patrick Ross|Miscellaneous

President Bush issued an Executive Order Wed. clarifying the role of various federal agencies in protecting critical infrastructure and enhancing cybersecurity, while acknowledging that potential terrorist targets, such as telecom networks, were largely owned privately. Bush’s action came after a Markle Foundation-led task force urged him to clarify critical infrastructure protection by Executive Order (CD Dec 3 p5).

Homeland Security Presidential Directive (HSPD) 7 explicitly replaces Presidential Decision Directive (PDD) 63, issued by then-President Clinton in 1998. PDD-63, among other things, established the National Infrastructure Protection Center (NIPC), the Critical Infrastructure Assurance Office (CIAO) and the National Infrastructure Assurance Council (NIAC). HSPD-7 addresses a concern of the Markle task force on the ambiguity of command on critical infrastructure protection. Bush makes it clear Dept. of Homeland Security (DHS) Secy. Tom Ridge is the point person for federal agencies and the private sector.

DHS is to coordinate with the Departments. of Justice, Commerce, Treasury, Defense, Energy, State, the CIA and any other relevant agency on information sharing, vulnerability reduction and aiding recovery efforts for critical infrastructure information systems. The directive doesn’t address how information will be shared. The Markle task force had called on Bush to order development of a secure decentralized network for information sharing.

HSPD-7, like its Clinton predecessor, will lead to creation of a new group. The Critical Infrastructure Protection Coordinating Committee will be formed to advise DHS and its partners “on interagency policy related to physical and cyberinfrastructure protection.” A govt. official will chair it, the order said.

“While it is not possible to protect or eliminate the vulnerability of all critical infrastructure,” Bush wrote, “strategic improvements in security can make it more difficult for attacks to succeed and can lessen the impact of attacks that may occur.” The private sector is encouraged to work with the govt. and share relevant information, and to identify vulnerabilities while coordinating protection. However, the order creates no requirements or regulation of business.