Aviation Security

Cyber Attacks on Critical
Infrastructure

Now let me turn to aviation security. Since 1996, we have presented numerous reports and testimonies and reported on numerous weaknesses that we found in the commercial aviation security system. For example, we reported that airport passenger screeners do not perform well in detecting dangerous objects, and Federal Aviation Administration tests showed that as testing gets more realistic—that is, as tests more closely approximate how a terrorist might attempt to penetrate a checkpointscreener performance declines significantly. In addition, we were able to penetrate airport security ourselves by having our investigators create fake credentials from the Internet and declare themselves law enforcement officers. They were then permitted to bypass security screening and go directly to waiting passenger aircraft. In 1996, we outlined a number of steps that required immediate action, including identifying vulnerabilities in the system; developing a short-term approach to correct significant security weaknesses; and developing a long-term, comprehensive national strategy that combines new technology, procedures, and better training for security personnel.

Federal critical infrastructure-protection initiatives have focused on preventing mass disruption that can occur when information systems are compromised because of computer-based attacks. Such attacks are of growing concern due to the nation's increasing reliance on interconnected computer systems that can be accessed remotely and anonymously from virtually anywhere in the world. In accordance with Presidential Decision Directive 63, issued in 1998, and other information-security requirements outlined in laws and federal guidance, an array of efforts has been undertaken to address these risks. However, progress has been slow. For example, federal agencies have taken initial steps to develop critical infrastructure plans, but independent audits continue to identify persistent, significant information security weaknesses that place virtually all major federal agencies' operations at high risk of tampering and disruption. In addition, while federal outreach efforts have raised awareness and prompted information sharing among government and private sector entities, substantive analysis of infrastructure components to identify interdependencies and related vulnerabilities has been limited. An underlying deficiency impeding progress is the lack of a national plan that fully defines the roles and responsibilities of key participants and establishes interim objectives. Accordingly, we have recommended that the Assistant to the President for National Security Affairs ensure that the government's critical infrastructure strategy clearly define specific roles and responsibilities, develop interim objectives and milestones for achieving adequate protection, and define performance measures for accountability. The administration currently is reviewing and considering

76-801 D-00--3

International Crime
Control

Public Health

adjustments to the government's critical infrastructure-protection strategy that may address this deficiency.

On September 20, 2001, we publicly released a report on international
crime control and reported that individual federal entities have developed
strategies to address a variety of international crime issues, and for some
crimes, integrated mechanisms exist to coordinate efforts across agencies.
However, we found that without an up-to-date and integrated strategy and
sustained top-level leadership to implement and monitor the strategy, the
risk is high; scarce resources will be wasted; overall effectiveness will be
limited or not known; and accountability will not be ensured. We
recommended that the Assistant to the President for National Security
Affairs take appropriate action to ensure sustained executive-level
coordination and assessment of multiagency federal efforts in connection
with international crime. Some of the individual actions we recommended
were to update the existing governmentwide international crime threat
assessment, to update or develop a new International Crime Control
Strategy to include prioritized goals as well as implementing objectives,
and to designate responsibility for executing the strategy and resolving
any jurisdictional issues.

The spread of infectious diseases is a growing concern. Whether a disease
outbreak is intentional or naturally occurring, the public health response
to determine its causes and contain its spread is the same. Because a
bioterrorist event could look like a natural outbreak, bioterrorism
preparedness rests in large part on public health preparedness. In our
review last year of the West Nile virus outbreak in New York, we found
problems related to communication and coordination among and between
federal, state, and local authorities. Although this outbreak was relatively
small in terms of the number of human cases, it taxed the resources of one
of the nation's largest local health departments. In 1999, we reported that
surveillance for important emerging infectious diseases is not
comprehensive in all states, leaving gaps in the nation's surveillance
network. Laboratory capacity could be inadequate in any large outbreak,
with insufficient trained personnel to perform laboratory tests and
insufficient computer systems to rapidly share information. Earlier this
year, we reported that federal agencies have made progress in improving
their management of the stockpiles of pharmaceutical and medical
supplies that would be needed in a bioterrorist event, but that some
problems still remained. There are also widespread concerns that hospital
emergency departments generally are not prepared in an organized fashion
to treat victims of biological terrorism and that hospital emergency
capacity is already strained, with emergency rooms in major metropolitan

NEW WORLD COMING:

AMERICAN SECURITY IN THE 21ST CENTURY

MAJOR THEMES AND IMPLICATIONS

The Phase I Report on the Emerging Global Security Environment for the First Quarter of the 21st Century

The United States Commission on National Security/21st Century

September 15, 1999