Critical Foundations: Protecting America's Infrastructures

by Gen. Robert T. Marsh (ret.)
November 12, 1997

Executive Summary:  At one time, wide oceans and friendly neighbors were enough to assure the citizens of the United States that our country's critical infrastructures were secure.  That was the old geography.  The new geography, created by rapidly advancing cyber and other technologies, presents a vast array of possible threats to those infrastructures.  Although these technologies have created the threat, we can also look to technology for solutions.  By sharing information between government and the infrastructures' owners and operators, precautions can be put in place and coordinated decisions can be made in the event of an actual cyber attack.

There is no doubt our critical infrastructures are the best in the world ? largely the result of the tremendous efficiency and global reach made possible by the incorporation of our advancing information and communication technology. However, advances in technology have created a new set of vulnerabilities, and we must look to technology to solve the problem.

Today, I want to discuss briefly the new vulnerabilities and threats of the cyber age, the President?s Commission on Critical Infrastructure Protection, its key findings and, finally, our recommendations.

The President?s Commission on Critical Infrastructure Protection (PCCIP). The PCCIP has just finished a very intensive 15-month effort. Unlike most commissions, this was a full-time endeavor ? that is, its members didn?t come to town every couple of weeks to meet, then delegate the work to the full-time staff. We, the Commission members, were the staff. Half were executives from the involved departments and agencies in Washington; the other half were executives from infrastructure companies and organizations bringing industry experience, expertise, and perspective to the Commission. All worked full time on the Commission and were supported by a highly competent staff of approximately fifty personnel.

The Problem of Protecting Critical Infrastructures. Here are some scenarios that give some perspective on our challenge.

Imagine that the power goes out in the Northwest, as has happened several times in the last couple of years; or that 911 is disrupted in major cities, as has happened in large sections of certain states in the Union; or that a couple of bridges across the Mississippi River are destroyed ? which, thank goodness, hasn?t happened ? disrupting not only vehicular traffic, but also the telephonic communication lines associated with those bridges; or that two Internet service providers to a major metropolitan area like New York City go down, which is something that has occurred many times.

Now imagine that all of these things occurred in a short period of time. Could these events be coincidental, or might they be part of some kind of a concentrated attack? If a concentrated attack, what could be done about it? Who would be in charge of making decisions as to what could be done about it?

Those are the types of questions with which the Commission was faced, and to which, frankly, there are no easy answers. We hope that the PCCIP?s recommendations will lay a foundation that will enable the best possible answers to these questions to be found in the future.

Our recommendations and conclusions are quite different from those we and our principal stakeholders anticipated. At the outset, it was thought that this was a problem government alone could address. We have concluded, however, that protecting these critical infrastructures is ? and must be ? a combined public and private undertaking, requiring a new kind of partnership between those two sectors.

Partnership between the public and private sectors is a new paradigm. Protecting critical infrastructures is going to require some very solid, long-term efforts and a new way of thinking about these kind of problems. It will also take a long time to accomplish.

Background. The PCCIP was established July 15, 1996, and charged with developing a national policy and the implementation strategies for protecting our critical infrastructures from both physical and cyber threats. The goal, of course, was to assure the infrastructures? continued operation.

The President identified eight infrastructures (Figure 1)?or our nation?s life support systems, as I view them?for study. The incapacity or destruction of these systems would have a debilitating effect on the defense and/or economic security of the United States.

Critical Infrastructures

• Telecommunications
• Banking & Finance
• Electric Power
• Water
• Transportation
• Emergency Services
• Oil & Gas Delivery & Storage
• Goverment Services
  

Figure 1

Critical infrastructures have long been lucrative targets for anyone wanting to attack another country. A nation relies on its infrastructures for national security, for its public welfare and economic strength. Those who would attack America?s infrastructures, then, would do so to reduce our ability to act in our own interest, to erode public confidence in these critical services, and to reduce our economic competitiveness. In the Gulf War, disabling Iraq?s infrastructures was key to the Coalition?s success, and was a lesson much noted by many countries throughout the world.

The PCCIP?s Structure. The Commission was uniquely tailored for its task. Recognizing that the infrastructures are largely owned and operated by the private sector, the Commission was established as a joint, public-and-private undertaking. Therefore, half the commissioners came from the private sector and the other half were detailed from the affected agencies of government. A Steering Committee made up of senior government officials oversaw the work of the commissioners and guided us through myriad government concerns. A Presidentially appointed Advisory Committee made up of key industry leaders provided the unique perspective of infrastructure owners and operators. Finally, there was an Infrastructure Protection Task Force, established at the same time as the Commission, and intended to support infrastructure protection and coordinate the activities of government should a problem develop prior to the completion of the Commission?s efforts and implementation of its recommendations. The Commission?s structure is illustrated in Figure 2.

The Structure

Figure 2

Although infrastructures operate within an existing framework of government policy and regulation, they are privately owned, competitive industries; as such, protection recommendations should not adversely affect their competitive position. We recognized that any solution would have to be viable in the marketplace as well as in the public policy arena. Thus we adopted a set of guiding principles, listed in Chart 3. Briefly stated, while government has to set the example, the owners and operators are the key to success. They have a strong economic stake in protecting their assets and maximizing customer satisfaction, and they already understand the infrastructures and know best how to respond to disruptions. We felt that we needed to build on what already existed, utilizing the best ideas, practices and processes from current structures and relationships as well as promoting voluntary cooperation. Also, partnership between government and industry will be far more effective and efficient than legislation or regulation. Our final guiding principle was that this would need to be a long-term effort requiring continuous improvement. Action must be taken in practical increments; there is no instant, "magic bullet" solution. Ideally, we would both protect the infrastructures and enhance them.

Guiding Principles

• Government must lead by example
• Start with owners and operators
• Build on that which exists
• Promote voluntary cooperation
• Maintain existing oversight and regulations
• Practice continuous improvement

Figure 3

Our conclusions and recommendations were developed from conversations and meetings heldwith over 6,000 individuals at all levels of industry, academia, science, technology, the military,and government. We held public meetings around the country, participated in numerous conferences, posted simulations, games and focus groups, and sought to increase the awareness of our effort through the media and our own web site. Outreach was a cornerstone of our effort.

Outreach Efforts

• Public meeting -- Atlanta, Boston, Houston, Los Angeles, St. Louis
• Conferences -- Council on Competitiveness, Stanford University
• Simulations -- Booz-Allen & Hamilton, Sandia National Laboratory
• Approximately 6000 contacts -- Associations, corporations, government agencies
• Media contacts -- Interviews, articles, broadcasts
• World Wide Web page
  

Figure 4

Vulnerabilities and Threats. In the past, broad oceans and peaceable neighbors provided all the infrastructure protection we needed. That began to change during the Cold War, when technology made geography less relevant. We became subject to attack by bombs and missiles, but even then we knew who the enemy was and where an attack would originate. Now, computers and electrons change the picture entirely. The capability to seriously disrupt our infrastructures is widely available at relatively little cost. This is the new "geography" on which the Commission focused its efforts, a borderless, "cyber-geography" whose major topographical features are technology and change.

Evolution of Threat

Figure 5

We considered physical threats to infrastructures, and noted weaknesses that must be attended to, but concluded that we had little new to offer in this regard. Cyberspace, however, is new territory, so to speak. Not only is it new territory, but the fast pace of technology in the cyber dimension has us always running to catch up. The Commission?s efforts, therefore, focused primarily on coping with the cyber-threat, in an effort to come up with the "street smarts" for the cyber world.

A major concern is the high level of interdependency inherent in today?s "system of systems" upon which we rely. It is a system of systems responsible for the daily operation of our critical infrastructures. For instance, the banking and finance industry is critically dependent on the telecommunications industry, which in turn is critically dependent on the electric power distribution system, which is critically dependent on transportation for fuels, etc. This increasing interdependency has created a new kind of risk, because the damage to or destruction of one system has far-reaching effects. Furthermore, information describing our vulnerabilities is increasingly accessible to anyone wishing to acquire it. Most is unclassified and available on the Internet. In fact, we had to be careful in compiling our report so as not to provide a handbook for those who might want to use it for harm.

Who presents a threat? They are the "bad actors" (as I like to call them), those with the capability, the technology and the intent to do harm. While we don?t know who has the intent to do harm, we do know that the threat is a function of capability and intent. We characterize capability as a combination of skills and tools ? skills that even most teenagers have and tools that are readily available, especially on the Internet.

In other words, the opportunity to do harm is expansive and it?s growing.

The bad actors range from, on the lower end of the scale, the recreational hacker who thrives on the thrill and the challenge of breaking into somebody else?s computer, all the way up to the national security threat: the information warriors intent on achieving strategic advantage.

Common to all of these threats, shown in Figure 6, is the insider. In addition to harnessing technology to protect our infrastructures, we have to pay special attention to insiders, to their trustworthiness and their access to critical control functions.

Threat Spectrum

Figure 6

The new arsenal of "weapons of mass disruption" ? as we refer to them in the cyber world ? include Trojan Horses, viruses, e-mail attacks used to alter or steal data, and so on. These weapons recognize neither borders nor jurisdictions. They also can be used anywhere, anytime, by anyone with the capability, technology and intent to do harm. They also offer the advantage of anonymity.

The PCCIP examined the roles of the private sector and the federal government in light of this new threat and the potential bad actors. We concluded that the responsibilities must be shared ? the private sector has a responsibility to protect itself from known, established threats like individual hackers and criminals, and the federal government has a larger responsibility to protect our citizens from terrorist and national state attacks.

Specifically, the private sector must take prudent measures to protect itself from commonplace hacker tools. But it turns out, these same tools will likely be used by the terrorist and the information warrior, so the private sector also will be protecting itself against terrorist and foreign nation attack, hence playing a significant role in national security. It follows then that the federal government, in turn, must assume responsibility for collecting information about the tools, the perpetrators and their intent from all sources, including the owners and operators of the infrastructures. The government must share this information with the private sector so that industry can then take the necessary protective measures. (Figure 7)

Figure 7

Findings. Our findings are listed in Figure 8. In some respects, our most important finding is that adapting to this challenge requires thinking differently about infrastructure protection. We are facing a new and different set of national security challenges as we approach the third millennium.

Findings

• We have real and serious vulnerabilities.
• Information sharing is the most immediate need.
• Responsibility is shared among owners/operators and government.
• The federal government has an important role in the new alliance.
• We must develop an analysis and warning capacity. Infrastructure protection requires a focal point.
• The existing legal framework is imperfectly tuned to deal with cyber threats.
• Current research and development efforts are inadequate to the task.

Figure 8

Protecting our infrastructures into the 21st century requires greater understanding of their vulnerabilities and decisive actions to reduce them. Waiting for a serious threat to show itself is a dangerous strategy. Now is the time to act to protect our future. This action requires a new partnership to address the risks to our nation?s infrastructures.

Recommendations. The Commission?s recommendations are founded on shared core principles. They are based on fact. They are aimed at improving coordination and establishing roles for infrastructure protection, promoting partnerships among all stakeholders, and coordinating the diverse interests involved.

Our recommendations fall generally into three categories: the actions the federal government must take, the actions the owners and operators of the infrastructures must take, and actions that require partnership between government and industry.

During our extensive outreach efforts, we heard time and again from the owners and operators of the infrastructure that they need more information about cyber threats. They also said that an environment of trust must be built so that they can freely exchange information with each other and with the government without fear of regulation, loss in public confidence, incurred liability, or damaged reputation. The Commission?s recommendations outline a foundation for creating a new collaborative environment that includes a two-way exchange of information, not more burdensome regulation. Our recommendations focus on protecting proprietary information and assuring anonymity when required, reviewing legal impediments to information-sharing ? such as anti-trust provisions and the Freedom of Information Act ? and creating information-sharing mechanisms, both within industry and between industry and government.

Recommendations: Information Sharing
Objective: Free interchange of essential threat and vulnerability
information among all parties ? public and private.

• Protect proprietary information
• Provide anomymity, as needed
• Ease anti-trust concerns
• Organize sector "clearinghouses"
• Establish public-private information sharing and analysis center
  

Figure 9

As to actions the government should take ? outlined in Figure 10 ? we recommend specific steps to ensure that owners and operators ? and state and local governments ? are sufficiently informed and supported in their infrastructure-protection role. The recommendations include having the designated federal agencies continue and expand the availability of risk-assessment services to the private sector, and encouraging industry to develop risk methodology, and even assisting industry when necessary. The U.S. security policy board should study and recommend how best to protect specific private sector information on threats, vulnerabilities and critical infrastructures. We recommend that the funding for the Nunn-Lugar-Dominici Domestic Preparedness Program be doubled in order to expand and accelerate mitigating the effects of weapons of mass disruption attacks.

Recommendations: Federal Assistance
Objective: Properly prepared owners and operators and state and local
governments to accomplish their infrastructure protection roles.

• NSA, DoE, DoD perform vulnerability risk assessments
• Encourage industry to develop reshk methodologies
• Federal government review sensitive owner and operator information prior to publication
• Double Nunn-Lugar-Domenici Funding
  

Figure 10

Key to the success of this initiative is the education of our citizens about the emerging cyber threats and vulnerabilities. The culture and technology have changed, and our way of thinking about the resulting threats and vulnerabilities also must change. The Commission?s recommendations include all levels of education, from grammar to graduate school and beyond. (Figure 11).

Recommendations: Education & Awareness
Objective: Heightened awareness of critical infrastructure threats
and vulnerabilities.

• Conduct White House conferences on computer ethics
• Conduct national awareness campaign
• Establish simulations and Round Tables
• NSF fund network security graduate programs
• Establish partnership between Department of Education and industry
  

Figure 11

Infrastructure assurance is a joint responsibility, but the federal government has an unmistakable duty to lead the effort. Clearly, the federal government must lead by example, as it exhorts the private sector and state and local governments to raise the level of security of their systems. The federal government must pursue the tools, practices and policies required to conduct business in the cyber age. This includes: improving government information security through developing, implementing and enforcing the best practices and standards; conducting certification and measures following those standards; working with industry to expedite efforts for alternative information security and encryption key management pilot programs; elevating and formalizing information assurance as a foreign intelligence priority; recruiting and retaining adequate numbers of law enforcement personnel with cyber skills; and conducting a thorough risk assessment of the national aerospace system and its planned sole reliance on the Global Positioning System. (Figure 12)

Recommendations: Leading by Example
Objective: Federal government systems and processes serve as "bench-
marks" for infrastructure assurance.

• Use best practices and set standards
• Conduct certification
• Conduct information security pilot programs
• Formalize intelligence priorities
• Acquire and retain cyber-qualified law enforcement personnel
• Emphasize security in National Airspace System design
• Address Global Positioning System vulnerability
  

Figure 12

We examined a full range of legal issues relating to protecting the critical infrastructures with the three goals listed in Figure 13 in mind: increasing the effectiveness of government?s protection efforts; enhancing the private sector?s ability to protect itself; and enabling effective public/private partnership where most needed. To that end, we propose revision of major federal legislation as it relates to the critical infrastructures and the cyber threat. We have modest recommendations in the area of criminal law and procedure, specifically that the federal sentencing guidelines take into account the true harm done by attacks on the critical infrastructures. We call for an expert study group representing labor, management, government and privacy interests, to make recommendations for a long-term reform in the employer/employee relationship that will balance security with privacy. We recommend easing legal impediments to information sharing, such as anti-trust provisions, federal and private liability and the Freedom of Information Act.

Recommendations: Legal Initiatives

• Major federal legislation
• Criminal law and procedure
• Employer-Employee Relationship
• Legal impediments to information sharing

Figure 13

Federal Research and Development efforts are inadequate to meet the challenge presented by emerging cyber threats. About $250 million is spent each year on infrastructure-assurance- related R&D, of which 60%, or $150 million, is dedicated to information security. There is very little research supporting a national cyber defense. The Commission believes that real-time detection, identification, and response tools are urgently needed. We concluded that market forces are insufficient to meet those needs. Thus, we recommend doubling federal R&D funding for infrastructure protection to $500 million the first year, with 20% increase each year for the next five years. We recommend this funding target ? such topics as risk management, simulation and modeling, decision support, and early warning and response. (Figure 14)

Figure 14

To formalize the public/private partnership necessary for infrastructure protection, we recommend several channels for information-sharing and policy input. At the policymaking level, we recommend the establishment of an Office of National Infrastructure Assurance, located within the White House, to serve as the federal government?s focal point for infrastructure protection; a National Infrastructure Assurance Council, comprised of selected infrastructure CEOs and cabinet officials, to propose policy and advise the President; and an Infrastructure Assurance Support Office to support both the Council and the national office. At the operational level, we recommend sector infrastructure assurance coordinators or clearinghouses as focal points within each infrastructure to share information; federal lead agencies to promote and assist in establishing the sector coordinators or clearinghouses; an Information Sharing and Analysis Center staffed by both private industry and government to receive and share information about infrastructure incidents to be located in the private sector; and a warning center designed to provide operational warning whenever possible of an attack on the infrastructures, either physical or cyber, to be located within the FBI. (Figure 15)

Figure 15

To sum up: just as the risks are shared between the public and private sectors, so will the solutions be found. Our national and economic security has become a shared responsibility, one that will require a new kind of partnership between government and industry, one which encourages information sharing and one which requires the government to lead by example.
We believe this issue is of national importance, and that we?ve only laid the foundation for solutions to the problem. There?s a lot to be done, and we solicit your support and interest.

Discussion:

Q: If there?s a cyber attack from overseas ? say, from Iraq ? how do you think a public-private partnership would work vs. a military response?

GEN Marsh: A public/private partnership would be needed in order to deal with such a situation, and it would have to be a partnership built on information sharing.

Say, for example, that Wall Street is under attack. The banking industry today is very reluctant to share information, because it might indicate to some a lack of confidence in the security of their systems, etc. We must create an environment of trust, an environment in which there can be a near real-time flow of information as incidents occur; if we have the tools to share information, we can assess the happenings and determine if the banking industry is actually under attack by Iraq or anybody else. Once that determination had been made a proper military response could be designed. At the present time, we lack both the information-sharing mechanisms and the tools necessary to assess information to deduce what?s happening.

Q: Does the Commission envision the military taking control of the situation if it becomes too serious for the private sector to handle?

GEN Marsh: Well. perhaps I shouldn?t speak for the entire Commission on this point, but I believe that once it is determined that we are under attack by a foreign power, the Commission envisions the Department of Defense having the responsibility to respond.

Ambiguity is the problem. The fact that we lack the tools today to understand the situation causes great ambiguity and, of necessity, dictates that a response begin ? as it probably should in all cases ? as a law enforcement matter.

Q: It is unclear to me how the relationships would work. For example, in the case of TWA Flight 800 it was unclear how the responsibilities were delineated between civil and military.

GEN Marsh: Again, I think one of the reasons such a handoff is difficult today is because of the uncertainty as to whether or not there is actually an attack by a foreign power. I think once that uncertainty is resolved, there is no question of the appropriate handoff of responsibility.

Q: I agree with most of the Commission?s recommendations, certainly in terms of the partnership between industry and government. I?m concerned, however, by their ambiguity. Is the Commission saying that the federal government is responsible for national security and the private sector for [ankle-biting?], so to speak? Suppose a problem is caused by a thrill-seeking hacker who somehow severely impacts national and economic security. Does that suddenly become a national security issue, even though it?s not a foreign intelligence service? What if there is minor intrusion by a foreign intelligence service ? an intrusion only and not an attack ? whose responsibility would that be? I guess my question involves intelligence exploitation vs. denial of service.

GEN Marsh: We wrestled with this, and decided not to change any of the fundamental responsibilities that exist today. That is, that the FBI has its role with dealing with domestic terrorists, regardless of the action. We believe the intelligence services have their responsibility with respect to foreign actions, and we believe the DoD has the responsibility if it?s clearly a state-sponsored, all-out, information-warfare attack. The PCCIP proposed the mechanisms that will allow all of these agencies to better understand what the attack is, where it?s coming from, the implications of it, and then how to carry out the agencies? respective responsibilities.

Q: Would you determine that on a case-by-case basis for flexibility? Is that the reason for establishing it within the White House?

GEN Marsh: We believe that if today?s CSG ? the group that deals with physical terrorist attacks and so on ? is given proper information with regard to cyber attacks, similar action can be taken by a coordinated government effort. You could have a cyber CSG-like arrangement, or something to deal with both physical and cyber terrorism. But we need the cyber analysis and input, to understand if we are in fact being subjected to a cyber-terrorist attack.

Q: Two questions. One: are copies of your report available in the public domain? Two, who is going to be the patron/sponsor for the next steps, and what are the next steps?

GEN Marsh: Unclassified copies are available and information can also be obtained from our web site on the Internet, WWW.PCCIP.GOV. The full report is secret, and rather voluminous -- some 300 pages ? and includes a lot of appendices. The unclassified version of that is 75-80 pages and is available now.

As to the second part of your question, as soon as the Commission completed its effort on the 13th of October, the executive order was amended and set up a transition office. The transition office, under the direction of our former executive director, Phil Lacombe, is intended to support the interagency process that will try to coordinate the effort to get a position to forward to the President. I believe it?s fair to say that the transition office?s goal is to accomplish that by the end of the year. If that goal is achieved, we?re even hopeful it may be included in the State of the Union as an initiative to be pursued.

There is a very serious interagency review process underway right now involving all of the affected agencies of government. We think it is getting reasonable reception.

Q: One of the strengths of our infrastructure is its decentralization. I perceive a tension between that strength and the need to, according to the Commission, get some kind of centralized coordinating body to share information. How do you deal with that so you get the kind of partnership that is needed and not at the same time undermine the decentralization, which is a strength in and of itself?

GEN Marsh: We?re talking about information sharing, not about control. By no means do we propose setting any centralized control on the infrastructure. We believe that, through a good education and awareness campaign, some lead agency will promote establishment of these clearinghouses and let the private sector get itself together any way it wants. We believe that they will recognize early on that it?s in their vital business interest to be willing to share information. They are skittish of doing so now, and for all the right reasons. They don?t trust government to keep their secrets, and besides that, to acknowledge vulnerability is damaging to their reputation, and so on.

These clearinghouses should be voluntary, and run by the private sector. That?s not far-fetched, because in many cases, the private sector is already doing similar things. The North American Reliability Council (NARC) ? which has in its membership nearly all the electric power companies in the nation ? is in the process of making reliability standards mandatory upon themselves. They want to share information, and if we can assure them that their proprietary information will not be infringed, and that where anonymity is desired it will be provided, I think they will participate. In fact, I think they will jump at the chance. We have had indications of this from our contacts with industry.

There is something similar in the aviation industry. The airlines actually formed a corporation through which they can report mishap information, with anonymity provided. That information could then be exchanged with the Federal Aviation Administration (FAA) for the betterment of safety and in everybody?s interest. The Centers for Disease Control (CDC) works in a similar fashion. At one time, there was great reluctance on the part of physicians to provide data to the government on matters of health. The CDC broke down that barrier by providing anonymity when required, thereby eliminating the possibility of retribution.

We believe that this information sharing can be done on a large scale, and that it is in the very best interest of the industry to do so. We think our job is to persuade industry of that, and we think we can.

Q: Does the Commission have a position on encryption software?

GEN Marsh: First, encryption is absolutely essential to protect information and critical infrastructures. We must have it and so naturally we are in favor of it.

We recommend lowering the temperature of this debate, however. The Commission?s position is that the government ought to get behind one of the pilot programs being proposed ? for example, that proposed by the Social Security Administration ? and then go to the private sector. The private sector should design and implement the security of a system that touches the private citizenry in an important way, as Social Security does, or Medicare payments do. Then, the private sector needs the means to recover the data that?s encrypted in case their encryption scheme is lost ? the government needs to have that ability as well. We don?t care how the key management structure is laid out; the Commission is not going to get into that debate. We recognize that there are legitimate needs for encrypted information ? by the law enforcement community, by the private owners and operators and others ? and we should use the best talent of the private sector to tell us how to protect such information.

Q: Do you see any need for establishing a redundant capability in the various Internet servers throughout the country? We seem to be stretched pretty much to the maximum these days. I wonder if it would be valuable ? considering the cost of the information that?s being transmitted by a relatively inexpensive servers ? to increase that capability?

GEN Marsh: We think the Internet is very fragile. Almost weekly some major Internet service provider goes down for one reason or another. Not only are the servers themselves overloaded, but it?s also easy to overload the server. The spamming techniques ? where you hit "Send" and then resend and resend and resend ? can quickly spam out an Internet service provider. It is done frequently.

We would caution any critical infrastructure owner and operator against putting any criti-cal function onto the Internet. This is more important than it sounds, because some industries do just that. We found some in the electric power industry planned to put their SCADA system ? that?s Supervisory Control and Data Acquisition system ? onto the Internet in an effort to economize. We consider that a bad practice, because that service can be denied by many techniques, only one of which is spamming. So we believe, rather than try to make the Internet secure ? which we don?t know how to do ? the Internet should be avoided for critical functions. The next-generation Internet ? an initiative being supported by Congress and an interagency group ? is addressing security as one of this new Internet?s fundamental needs. We recognize the importance of their task, primarily because the Internet grew up with no security considerations whatsoever.

Q: Could you say anything about satellite vulnerability?

GEN Marsh: We do in our report. It?s a somewhat sensitive subject. There?s no question that satellites are vulnerable, and we need to take that into consideration.

Q: Can you discuss, even in a general way, the results of some of your simulations?

GEN Marsh: Our experiences with simulations validated most of our initial principles and concerns. They also validated some of our tentative conclusions and recommendations. The simulations also created a lot of awareness in the private sector.

Dr. Salmon: Thank you, General Marsh.