The IT Law Wiki


The President's Commission on Critical Infrastructure Protection (PCCIP) was established in July 1996.[1] Its tasks were to: report to the President the scope and nature of the vulnerabilities and threats to the nation’s critical infrastructures (focusing primarily on cyber threats);[2] recommend a comprehensive national policy and implementation plan for protecting critical infrastructures; determine legal and policy issues raised by proposals to increase protections; and propose statutory and regulatory changes necessary to effect recommendations.

Final report[]

The PCCIP released its report to President Clinton in October 1997.[3] Examining both the physical and cyber vulnerabilities, the Commission found no immediate crisis threatening the nation's infrastructures. However, it did find reason to take action, especially in the area of cybersecurity. The rapid growth of a computer-literate population (implying a greater pool of potential hackers), the inherent vulnerabilities of common protocols in computer networks, the easy availability of hacker "tools" (available on many websites), and the fact that the basic tools of the hacker (computer, modem, telephone line) are the same essential technologies used by the general population indicated to the Commission that both threat and vulnerability exist.

The Commission generally recommended that greater cooperation and communication between the private sector and government was needed. The private sector owns and operates much of the nation's critical infrastructure. As seen by the Commission, the government's primary role (aside from protecting its own infrastructures) is to collect and disseminate the latest information on intrusion techniques, threat analysis, and ways to defend against hackers.

The Commission also proposed a strategy for action:

The Commission's report underwent interagency review to determine how to respond. That review led to Presidential Decision Directive No. 63 released in May 1998.


  1. Executive Order 13010, Critical Infrastructure Protection, 61 Fed. Reg., No. 138, July 17, 1996, at 3747-50. Concern about the security of the nation’s information infrastructure and the nation's dependence on it preceded the establishment of the Commission.
  2. Given the growing dependence and interconnectedness of the nation's infrastructure on computer networks, there was concern that computers and computer networks presented a new vulnerability and one that was not receiving adequate attention.
  3. Critical Foundations: Protecting America's Infrastructures.


See also[]