INCIDENTAL PAPER
Seminar on Intelligence, Command, and Control
Cyber Threats: Developing a National Strategy for Defending Our Cyberspace Mark C. Montgomery
Guest Presentations, Spring 2000 Charles E. Allen, Albert J. Edmonds, John J. Garstka,
Timothy G. Hoechst, Hans Mark, Dale W. Meyerrose, Mark C. Montgomery, Scott A. Snook
July 2001
Program on Information Resources Policy
Center for Information Policy Research
Harvard University
The Program on Information Resources Policy is jointly sponsored by Harvard University and the Center for Information Policy Research.
Chairman Managing Director Anthony G. Oettinger John C. B. LeGates
Copyright © 2001 by the President and Fellows of Harvard College. Not to be reproduced in any form without written consent from the Program on Information Resources Policy, Harvard University, Maxwell Dworkin 125, 33 Oxford Street, Cambridge MA 02138. (617) 495-4114
E-mail: [email protected] URL: http://www.pirp.harvard.edu ISBN 1-879716-74-7 I-01-1 July 2001 PROGRAM ON INFORMATION RESOURCES POLICY
Harvard University Center for Information Policy Research
Affiliates
Anonymous Startup NEST–Boston AT&T Corp. Nippon Telegraph & Telephone Corp Australian Telecommunications Users Group (Japan) BellSouth Corp. NMC/Northwestern University The Boeing Company PDS Consulting Booz•Allen & Hamilton, Inc. PetaData Holdings, Inc. Center for Excellence in Education Research Institute of Telecommunications CIRCIT at RMIT (Australia) and Economics (Japan) Commission of the European Communities Samara Associates Critical Path Sonexis CyraCom International Strategy Assistance Services DACOM (Korea) United States Government: ETRI (Korea) Department of Commerce Fujitsu Research Institute (Japan) National Telecommunications and Hanaro Telecom Corp. (Korea) Information Administration Hearst Newspapers Department of Defense High Acre Systems, Inc. National Defense University Hitachi Research Institute (Japan) Department of Health and Human IBM Corp. Services Korea Telecom National Library of Medicine Lee Enterprises, Inc. Department of the Treasury Lexis–Nexis Office of the Comptroller of the Currency John and Mary R. Markle Foundation Federal Communications Commission Microsoft Corp. National Security Agency MITRE Corp. United States Postal Service Motorola, Inc. Upoc National Security Research, Inc. Verizon NEC Corp. (Japan) Cyber Threats: Developing a National Strategy for Defending Our Cyberspace Mark C. Montgomery April 13, 2000
Commander Mark Montgomery is director for transnational threats at the National Security Council, where he serves in the office of the national coordinator for security, infrastructure protection, and counterterrorism. He helps to coordinate national security policy in the areas of information warfare, counterterrorism, and information security training. He is also a surface warfare officer in the U.S. Navy. From 1988 to 1998 he served in a number of shipboard assignments, including as a division officer on the USS Bainbridge, operations officer on the USS Leftwich, as reactor electrical assistant on the USS Theodore Roosevelt, and most recently as executive officer on the USS Elliot. A resident of Sunapee, New Hampshire, Commander Montgomery was graduated from the University of Pennsylvania, receiving B.A. and M.A. degrees in history and political science, and was commissioned in the U. S. Navy through the Naval Reserve Officer Training Corps program. He subsequently attended Oxford University, where he earned a master’s degree in modern history. He has also completed the naval nuclear propulsion program.
Oettinger: There’s a change in our program today. Our speaker is not John Tritak, who has been preempted by the White House. He called yesterday and said he could not make it. That’s the bad news. The good news is that Commander Mark Montgomery will give the briefing. For those of you who were not at the lunch, here is Commander Montgomery’s biography. Now let me just turn it over to Mark. We’re delighted to have you here. Montgomery: I plan to talk about what we’re doing in the White House and in the executive branch of the government in developing a national strategy for defending cyberspace. I would propose about a 20- or 25-minute briefing, then questions for an hour. It might go a little bit longer if you have a lot of questions. If I say something that you find completely unsatisfactory, please just raise your hand, and I will stop and try to explain it while I’m still on that train of thought. One thing that I think is fair to say at the outset is that at the National Security Council [NSC] we’re learning that computer security and critical infrastructure protection are national security problems that cannot be handled by law enforcement or the Department of Defense [DOD] alone (Figure 1). This makes them practically unique. There is only one other issue like this where the FBI, or the Department of Justice, or the State Department, or the DOD just can’t handle an issue or a threat on its own: the issue of weapons of mass destruction [WMD] preparedness, or how we protect our homeland against chemical and biological weapons. They – 2 –
Emerging Security Threats