Page images
PDF
EPUB

of the United States and to protect the critical infrastructure systems vital to our national security, governance, public health and safety, economy, and national morale.

The NCSD's mission, in cooperation with public, private, and international entities, is to secure cyberspace and America's cyber assets. The key components of this mission involve: (1) implementation of the National Strategy to Secure Cyberspace and the DHS Strategic Plan; and (2) implementation of priority protective measures to secure cyberspace and to reduce the cyber vulnerabilities of America's critical infrastructures.

Prior to joining the Department, Mr. Purdy worked on assignment to the White House as Deputy to the Vice Chair and Senior Advisor for IT Security and Privacy to the President's Critical Infrastructure Protection Board (PCIPB) working on the development of the National Strategy to Secure Cyberspace. With the PCIPB, Purdy worked in the areas of cyber crime, privacy protection, government procurement and maintenance of more secure products and systems, security of the financial sector's information systems, and in promoting information sharing in industry sectors such as health care and finance. In April 2003, Mr. Purdy came to the Department where he worked on the cyber tiger team to help design and launch the NCSD in June 2003. Following that he served as Acting Director until Amit Yoran was appointed Director in the Fall of 2003.

Immediately prior to his assignment to the White House staff, Mr. Purdy served as Chief Deputy General Counsel and later as Acting General Counsel for the U.S. Sentencing Commission. The Sentencing Commission is charged with promulgating and updating the Federal Sentencing Guidelines for individuals and organizations, and for providing counsel to the Congress and others about federal sentencing practices and policies. At the Sentencing Commission Mr. Purdy served as a member of the senior management team and provided legal, strategic, administrative, and ethical advice to the Chair and Commissioners, Staff Director and Unit Chiefs.

Mr. Purdy graduated from the College of William and Mary and the University of Virginia Law School. After receiving his law degree, Purdy served as an Assistant Attorney General in Missouri, and then as Senior Staff Counsel to the U.S. House of Representatives Select Committee on Assassinations' investigation of the assassination of President Kennedy. He subsequently served as an Assistant U.S. Attorney in Philadelphia where he concentrated on investigating and prosecuting white collar crime. Following his service as a federal prosecutor, Mr. Purdy returned to Washington, D.C. to serve as Counsel to the U.S. House of Representatives Committee on Standards of Official Conduct (Ethics).

Mr. Purdy then moved to investigative work in network news, working as an Associate Producer for the NBC News magazines First Camera and Monitor, and then as the Producer for News and Politics for the CBS News broadcast NIGHTWATCH. Subsequently, while at the Sentencing Commission, Mr. Purdy was detailed to Capitol Hill where he worked as Counsel to the U.S. Senate Impeachment Trial Committee for the impeachment trial of then-chief federal judge Walter Nixon of Mississippi.

Mr. Purdy lives in Bethesda, Maryland, with his wife Robin Fader, an Emmy Award winning television and commercial producer, and their daughter, Alexandra, who is 10 years old and has a certified black belt in Tae Kwon Do.

Chairman BOEHLERT. Thank you very much, Mr. Purdy.
Mr. Leggate.

STATEMENT OF MR. JOHN S. LEGGATE, CHIEF INFORMATION
OFFICER AND GROUP VICE PRESIDENT, DIGITAL & COMMU-
NICATIONS TECHNOLOGY, BP PLC., UNITED KINGDOM

Mr. LEGGATE. Thank you, Mr. Chairman, and thank you, distinguished Members.

My name is John Leggate. I am CIO for BP, and this morning, I also represent BENS, which is Business Executives for National Security in the U.S., a large organization whose interest, of course, is improving the nature of business and its dependency on the Internet.

By way of context, also, BP happens to be the biggest provider of oil and gas in the United States. So, in fact, in our normal busi

ness, we take the whole issue of national security as a very, very fundamental part of what we do for the United States.

Anyway, going on from that, this topic, as you said, Mr. Chairman, has actually been in our minds for some time. It has been around, and I think what I would like to do here is point to two things just to simply portray a little bit more of why this is so important today and a few ideas on the way forward above and beyond what is said here.

Almost by stealth since the fail of the dot-com era companies have actually been moving towards the Net progressively. We have done survey work, and our most recent survey would say, in the energy sector, the chemicals and transport sector, up to 30 percent of their revenues come from work done on the Internet today in the United States. In a sense, the dependency is very clear and growing.

And the second point, after Mr. Purdy's point, the nature of business automation regarding running process plants, refineries, and chemical plants are now moving to a place where they look simply like regular computers. They are not different systems anymore. And the capacity for these systems then to be impaired is quite important. In fact, with time, we see a bigger growth in what we call machine-to-machine information flow than simply humans on the Internet, per se. I mean, today, in the world, I think at any point in time, 200 million people are on the Internet with a billion possible connections going on.

So moving on from that to say this is a big issue. The thing that I would note, it isn't simply cyber security but the confluence of cyber and physical security in the Internet. Solving the cyber issue doesn't solve the reliability or the vulnerability of the Internet. There are number of points in the world which are well disclosed where big nodes come together. There are critical points that you can find. If you choose to scan the Internet, you will see these today where it all comes together. And of course, it is that becomes another big issue as to who is in charge. How should we secure or harden these particular environments?

So another area to think about in all of this conversation is making sure we touch on the edges on the nature of the physical distribution of the Internet. Now you might say, "What are companies doing for themselves in the space, because clearly they should be self-reliant?" And we are pretty well. But in a sense, what we do control, if you like, is the last mile, the mile into our premises. But the millions of miles of Internet, we have no control over and no say-so on its deliverability or its resilience. So all of this traffic is heading to a place where it is almost out of reach of the businesses, but because of economic pressures, efficiency, and almost an always-on environment which we demand nowadays, the job is on.

So that broadly says that the problem is real. It is big and probably getting bigger with time. And the dimensions are not well aware with policy makers. In my job, I travel around most of the world, and I would say the same level of lack of knowledge of the dependency of real business, if you like, world trade is now coming to the Internet.

Look at the United States where we have eight channels of principle critical national infrastructure and trace it all back, most of

it ends up somewhere back on the Internet. So if you look through energy, transportation, aviation, it all comes, to some point, to some degree, to the Internet.

And then to look forward more optimistically say what there is to do, I would offer there are two areas to think about. One is fixing what we have. And we have heard from Mr. Purdy various endeavors to do that. I would only add to his remarks and say what business would look at isn't simply the risk envelope but the consequences. Within a major corporation, as in BP, the number of attempts or events per day that come into the system is between a half million and a million attempts on the Internet. Of those, only a handful really matter to the company.

And the issue is how do you screen out the knives on the Internet and get to the issues that actually ultimately take out business and make it quite difficult. So working with that, certainly businesses want to become more aligned with activities of the agencies to bring forward the notion of risk management and consequences into this conversation so that the money is spent wisely on the right priorities. Because you can imagine, you could do a ton of research across a large landscape and not nail the problem.

So the question is how do you converge the issue in the nearterm, in the course of 2006, 2007, and 2008 to put this into a much better state? So that is one aspect of the way forward.

new con

I think the other aspect of the way forward is really versation, and I will call it mixed generation Internet, not Internet 2, which is basically in the scientific domain, but looking 20 years out. Most of all, of the United States to start a conversation that moves us to the next generation, if you like, of public utility, i.e., in order so business can progress. Already, in my travels to the Far East, countries like South Korea and Japan are talking of moving to IPv6, and so we are going to end up, at some stage, with different initiatives in different geographies but no one really holding the game plan, the overall strategic intent, or I would call it, technology development map, even the governments. Who gets to say in such a complex world?

So from my point of view, let me summarize and say the issue is real. We should not be distracted into the near-term issues alone, but also take the position, I think, through this committee to discuss what is the nature of the strategic intent for the future that ensures world trade carries on in the way it is.

Thank you, Mr. Chairman.

[The prepared statement of Mr. Leggate follows:]

PREPARED STATEMENT OF JOHN S. LEGGATE

BUSINESS CONCERNS FOR THE INTERNET

STATEMENT OF THE ISSUE

The Internet is rapidly becoming the backbone of the world economy. This is particularly true for the United States where the use of the Internet underpins many aspects of the U.S. economy and national critical infrastructure (e.g., energy, water, transportation). Given this fundamental dependency on its continuous availability, the public Internet must be better protected, managed and controlled. In the longerterm, the U.S. should take a leadership role in creating the next generation Global Internet.

SUMMARY OF THE ISSUE

The growth of Internet use has been nothing short of extraordinary.1 Almost by stealth since the dot com collapse, governments, public bodies and large and small scale businesses have been transformed to operate with the Internet as a core piece of business infrastructure. Businesses from all over the world have found the Internet to be a cost effective and reliable business tool. Indeed, in the last few years, in addition to conventional business transactions, many of the controls systems (SCADA) that support national and public utilities are adopting the Internet as a core data transport method.2 This has resulted in businesses and societies becoming critically dependent on the continuous operation of the Internet.3

Businesses have moved from dial-up and dedicated point to point leased lines to committing mission critical digital traffic to operate on the Internet, yet with no practical alternative to maintain business continuity. However, the Internet is mostly run by groups of diverse academic and non-profit organizations which operate via loose consensus. Many governments have apparently not yet fully grasped that national and international economies and their citizens are now dependent on this network of networks-i.e., the global communications backbone.

In its current operation the Internet has well known physical and logical security weaknesses both nationally and globally. What is not truly known is the potential business impact of these weaknesses on the U.S. and the world economy. Continued operation is presumed, but is in no way guaranteed. This is compounded by the poor understanding of dependency/interdependencies between companies and critical infrastructures supporting nations/regions.

Global competition has driven the need for ever increasing levels of productivity and innovation from businesses and this has driven the demand for cheaper and more ubiquitous communications. The nature of the architecture of the Internet has allowed it to carry an ever increasing variety of services, with ever decreasing costs. These forces are driving applications, services and business processes from every sector onto the Internet. Businesses that fail to exploit these cost and performance advantages are at a competitive disadvantage.

Today, at moment there are some 200 million individuals active on the Internet. By the end of 2005, at least one billion people will have access to its enormous resources. Also there are as many automated systems-including SCADA systems, CCTV, pipelines, electricity grids, e-mail servers, inventory systems and medical monitoring devices. These systems often communicate over the Internet without human intervention. This machine-to-machine communication is growing dramatically and could supplant interactive use by people in a few years.5

In 2004, $6.9 trillion of the $55.6 trillion of worldwide trade was directly transacted over the Internet. Of the remaining trade there was a significant proportion that relied on supporting activity using the Internet for communication—including specification queries, logistics and links between internal processes within companies. Even financial institutions use the Internet for many routine electronic funds transfers. Significantly, in 2004 and in the U.S. alone, 14.8 million high tech jobs relied directly on the Internet.8

7

In the past there have been attempts to address the issues of security, operational stability and reliability but with limited success. For example, work conducted by the President's Commission on Critical Infrastructure Protection (PCCIP) nearly ten years ago, raised vulnerabilities that are apparently yet to be addressed. It set a goal of a reliable, interconnected, and secure information system infrastructure by the year 2003. Is the context and sense of urgency different today?

This paper explains why the context is now so very different. In the '80s and early '90s companies were not using the Internet in anything like the same way or to the same scale as they do today. Private networks were the common means of communication. The companies providing Internet infrastructure were justified in treating identified weaknesses as rather academic and with little economic importance.

However, things have changed and in ways that often only businesses directly using the Internet can articulate. 10 Companies can, and do, take security measures

1 Lazarus Research Group

2 Internet Security Systems 3 Jupiter Research

4 Meta Research

5 ZDNet Research

6 Forrester Research, Inc.

7 Forrester Research, Inc.

8 University of Texas-Austin

9 PCCIP Report 1997

10 See Appendix.

to protect the systems they run and the services directly under their immediate control. But they can do little, to protect the external network infrastructure on which they rely or even engage in a meaningful dialogue about fundamental performance expectations. Previous work in evaluating risks to the Internet has almost entirely focused around a dialogue between supply-side telecommunications/IT companies and government. 11 We therefore only have half the picture, knowledge of interdependency between supply and demand-side for Internet services clearly needs to be shared.

Even more troubling is that many demand-side organizations do not realise how dependent they are on the Internet. Corporations have become linked to the Internet in ways that are not always easily discerned. For example, a major corporation that depends on a third party's logistical services may be surprised to learn that their supplier communicates internal orders and status using the Internet, or that an electric utility they depend upon has moved its process control network to run over the Internet.

These cascading dependencies all too quickly create 'domino effects' that are not obvious to the corporate customer or to the policy-maker. They are usually only discovered during unplanned outages when capabilities begin to degrade or fail in unexpected ways, or are discovered during widely-based crisis management exercises. Businesses and governments can plan for expected failures. But even the best prepared organizations and corporations may be woefully inadequate in responding to complex, low probability, high impact failures. If a large scale Internet outage or significant reduction in performance were to occur, the unexpected effects on whole sets of industries, utilities and enterprise could have surprisingly large economic and societal impacts.

Whether the failure of the Internet arises through error, a worm-writers experiment, or more directed physical or cyber attacks, vulnerabilities exist and this is a real and present risk. Recent reports about "Cyber attack" attempts being developed and the posting of hacker tools with directions on some of the extremist's websites may be warning signs.

BROADER CONTEXT

It is worth recalling that the Internet was set up as a government sponsored project, with the U.S. Government as the primary customer and 'anchor tenant.' Its creation was a bold and dramatic step-out that went on to evolve into a remarkable resource that has significantly exceeded the wildest imaginings of its creators. As a result it is being used far beyond anything envisaged in the original designs.

Since its creation, the Internet has developed rapidly in scale, but its technical design has progressed more through steady incremental evolution than through any step change. The "grass roots" and academically-based standards setting process of the Internet Engineering Taskforce (IETF) has had great success. However, the down-side of this consensus approach is that entity wide coordination and alignment is difficult to achieve and step changes are difficult to implement. Internet standards setters are a community of interest and as such they share interests, but they do not share goals and timescales in the way that a project with a clear mandate does. 12

This diversity of interest has been compounded by the loss of the primary customer, i.e., the U.S. Government, driving operational performance requirements, since they have started to use alternative infrastructures for extra critical services. Instead of a single ‘anchor tenant,' the Internet now has countless customers drawn from many governments, corporations and individual users and is thus driven by a very diverse range of agendas, without a clear priority setting process. This will further slow change and adaptation to the new and emerging context of Internet

use.

The question we need to ask is whether incremental change will be sufficient to address the current physical and digital integrity weaknesses. The current deficiencies on the Internet may well be filled by tactical repairs, but the potential gap of predictable demand for high volume traffic with high quality services and the intractable vulnerabilities will require a more radical approach. Arguably the risks we are seeing, illustrated by spreading worms and viruses and underlying common mode weaknesses in technologies and physical infrastructure are systemic and sys

11 National Security Technology Advisory Committee (NSTAC) and the National Infrastructure Assurance Council (NIAC).

12 Drawn from I-space theory. Max Boisot, INSEAD.

« PreviousContinue »