February 02, 2001, 10:38 AM — A congressionally appointed panel of national security experts yesterday recommended the creation of a National Homeland Security Agency (NHSA) to oversee government and private sector efforts to protect the nation's critical infrastructure from cyber- and physical attacks.
The U.S. Commission on National Security, headed by former senators Gary Hart and Warren B. Rudman, urged the Bush administration to form the new agency and to include a National Crisis Action Center as a "focal point for monitoring emergencies and for coordinating federal support in a crisis to state and local governments, as well as to the private sector."
Some analysts said they were doubtful, however, whether a proposal for a new security agency would fly, given the large number of agencies and organizations seeking the same funds and authority.
Central to the new agency would be a directorate of critical infrastructure protection (CIP) that would manage cyberdefenses for the various sectors of the economy, including banking and finance, telecommunications, transportation and utilities. Most of the nation's critical infrastructure is owned and operated by private sector companies.
"An attack on any one of several highly interdependent networks can cause collateral damage to other networks and the systems they connect," the report states. "Some forms of disruption will lead merely to nuisance and economic loss, but other forms will jeopardize lives. One need only note the dependence of hospitals, air-traffic-control systems and the food processing industry on computer controls to appreciate the point."
According to the commission's recommendations, the CIP directorate would have two primary responsibilities. The first would be to oversee the physical assets and information networks that make up the U.S. critical infrastructure. The second would be to coordinate government and private sector efforts to address the nation's vulnerability to electronic or physical attacks.
"In partnership with the private sector, where most cyberassets are developed and owned, the Critical Infrastructure Protection Directorate would be responsible for enhancing information sharing on cyber- and physical security, tracking vulnerabilities and proposing improved risk management policies and delineating the roles of various government agencies in preventing, defending and recovering from attacks," the report says.
That effort is now done through a maze of different agencies and private sector partnerships, such as the National Infrastructure Protection Center, the Critical Infrastructure Assurance Office and the various information-sharing centers formed in the private sector. As a result, the commission recommended that the Bush administration consolidate these efforts.