ANDRE VAN TILBORG: I wonder if you might comment on how much of the security problem might be related to not having the analogue of something like building codes for information and telecommunications systems, versus how much really requires deep, new insights and research. If you had, for instance, a national electrical code—not for electricity or electrical appliances or Underwriters Laboratory, but for computing systems and telecommunications systems—you might be able to cover a large fraction of the troublesome areas in ensuring that your systems remain stable and work. You would still have that part where a very determined adversary can get through, even though you have a good building code. I wonder what your thoughts on that might be.
TRAUB: I think what you are suggesting is standards. It has been suggested that there be a core communications system in case of a national emergency, and there has been some discussion about that. The things we have with which to protect our homes will at least keep out the amateurs, although they will not keep out a professional, determined burglar. The big problem is that everything is changing so quickly that this is an almost impossible area, I believe, to standardize. Standardization, it seems to me, requires a certain maturity and a certain stability. I am not sure we can do that in this area.
ROBERT KAHN: The good news is that the notion of the national information infrastructure is in the public consciousness. The bad news is that we really do not know what it is or might not recognize it if we saw it. To some, the NII is 500 channels of cable TV and to others it is the Library of Congress on every desktop—in some ways very mutually incompatible goals.
Some people think we have always had an information infrastructure, or at least maybe since 1844 when the telegraph was invented, if you want to focus on electrons. Others think we clearly have it now. Still others will wake up in 10 years and be totally shocked that we do not have an infrastructure yet and have been talking about it all these years.
It seems to me that the one thing that has really been missing, apart from understanding what it is, is any notion about getting coherence among all the pieces, so that the infrastructure really becomes the mechanism to lower the barriers to productivity in a broad sense. I do not think we are there yet. The big objective over the next decade, perhaps many decades, is trying to figure out how to achieve interoperability to lower these barriers. By getting coherence in the system, you make it more of a target for the kind of information warfare that you are talking about.
So my question to you is, How do we go about designing this coherence for interoperability into the system, while at the same time worrying about protecting against the kind of information warfare you are discussing as a social process in this country?
TRAUB: That is a very good question, Bob. I am sorry, but my time is up.
WILLIAM WULF: Let me just make a couple of comments. First of all, the balancing of privacy and societal protection was mentioned. Probably the most sensitive report that CSTB has ever undertaken is going to be released imminently, and it is one that was requested by Congress. 5 It addresses national cryptography policy. It will be a completely unclassified report. This fact is very, very important. There is not going to be a classified annex to the report. We wanted the report to be completely unclassified.
My second comment has to do with the national information infrastructure and natural disasters. We absolutely agree with Dr. Bonametti's remarks. If you look in the CSTB brochure, you will see that one of CSTB's 1996 studies (Computing and Communications in the Extreme: Research for Crisis Management and Other Applications) is looking at how we can use information technology to save lives and property.
In his early remarks, Joe pointed out that, from the outset, the Board has been concerned with both technology and policy issues. If anything—and this is a personal perception—the increasing recognition among people in both the executive and the legislative branches of the relevance of information technology to virtually every problem that the country faces has reinforced the correctness of that original decision.