Editing President's Commission on Critical Infrastructure Protection

== Overview ==

The '''President’s Commission on Critical Infrastructure Protection''' ('''PCCIP''') was established in July 1996.<ref>[[Executive Order 13010]], Critical Infrastructure Protection, 61 Fed. Reg., No. 138, July 17, 1996, at 3747-50. Concern about the [[security]] of the nation’s [[information infrastructure]] and the nation's dependence on it preceded the establishment of the Commission.</ref> Its tasks were to: report to the President the scope and nature of the [[vulnerabilities]] and [[threat]]s to the nation’s [[critical infrastructure]]s (focusing primarily on [[cyber threat]]s);<ref>Given the growing dependence and [[interconnectedness]] of the nation's infrastructure on [[computer network]]s, there was concern that [[computer]]s and [[computer network]]s presented a new [[vulnerability]] and one that was not receiving adequate attention.</ref> recommend a comprehensive national policy and implementation plan for protecting [[critical infrastructure]]s; determine legal and policy issues raised by proposals to increase protections; and propose [[statutory]] and regulatory changes necessary to effect recommendations. 

== Final report ==

The PCCIP released its report to President Clinton in October 1997.<ref>[[Critical Foundations: Protecting America's Infrastructures]].</ref> Examining both the physical and cyber [[vulnerabilities]], the Commission found no immediate crisis threatening the nation's [[infrastructure]]s. However, it did find reason to take action, especially in the area of [[cybersecurity]]. The rapid growth of a [[computer]]-literate population (implying a greater pool of potential [[hacker]]s), the inherent [[vulnerabilities]] of common [[protocol]]s in [[computer network]]s, the easy availability of [[hacker]] "tools" (available on many [[website]]s), and the fact that the basic tools of the [[hacker]] ([[computer]], [[modem]], telephone line) are the same essential [[technologies]] used by the general population indicated to the Commission that both [[threat]] and [[vulnerability]] exist.

The Commission generally recommended that greater cooperation and [[communication]] between the [[private sector]] and [[public sector|government]] was needed. The [[private sector]] owns and operates much of the nation's [[critical infrastructure]]. As seen by the Commission, the government's primary role (aside from protecting its own [[infrastructure]]s) is to [[data collection|collect]] and [[disseminate]] the latest [[information]] on [[intrusion]] techniques, [[threat analysis]], and ways to defend against [[hacker]]s.

The Commission also proposed a strategy for action:

* facilitate greater cooperation and [[communication]] between the [[private sector]] and appropriate government agencies by: setting a top level policy-making office in the White House; establishing a council that includes corporate executives, state and local government officials, and cabinet secretaries; and setting up [[information]] clearinghouses;
* develop a [[real-time]] capability of [[attack]] warning;
* establish and promote a comprehensive awareness and education program;
* streamline and clarify elements of the legal structure to support [[assurance]] measures (including clearing [[jurisdiction]]al barriers to pursuing [[hacker]]s [[electronic]]ally); and,
* expand [[research and development]] in [[technologies]] and techniques, especially [[technologies]] that allow for greater detection of [[intrusion]]s.

The Commission's report underwent interagency review to determine how to respond. That review led to [[Presidential Decision Directive No. 63]] released in May 1998.

== References ==
<references />

== Source ==

* [[Critical Infrastructures: Background, Policy, and Implementation]], at 3-4.

== See also ==

* [[Report of the President's Commission on Critical lnfrastructure Protection: Overview Briefing]]
[[Category:Security]]
[[Category:Publication]]
[[Category:1996]]