[Federal Register Volume 60, Number 10 (Tuesday, January 17, 1995)]
[Notices]
[Pages 3441-3443]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 95-1060]



=======================================================================
-----------------------------------------------------------------------

OFFICE OF MANAGEMENT AND BUDGET


National Information Infrastructure Security Issues Forum; Public 
Meeting

AGENCY: Office of Management and Budget.

ACTION: Notice of Public Meetings and request for public comments.

-----------------------------------------------------------------------

SUMMARY: The National Information Infrastructure Security Issues Forum 
will conduct two public meetings to continue a dialogue between 
government and the private and public interest sectors on issues 
related to the security of information on the National Information 
Infrastructure (NII). Interested parties--especially beneficiaries of 
Aid to Families with Dependent Children and Food Stamps, and users of 
public information, and participants in the sophisticated 
communications networks which support the U.S. transportation and 
customs systems--are invited to submit a 1-2 page position statement 
and request to testify.
    The meetings are sponsored by the NII Security Issues Forum of the 
Information Infrastructure Task Force and Mega-Project III of the U.S. 
Advisory Council on the NII.

DATES: Both public meetings, ``Security of the Electronic Delivery of 
Government Information and Services'' and ``Security for Intelligent 
Transportation Systems and Trade Information,'' will be held 
simultaneously on Friday, January 27, 1995, from 9:00 a.m. to 12:30 
p.m. in Raleigh, North Carolina.
    Those wishing to testify should submit a 1-2 page position 
statement and request to participate by January 20, 1995. Individuals 
wishing to offer general comments or present questions may request to 
do so during the meeting. Written comments may be submitted on paper or 
electronically, in ASCII format, and will be accepted until February 
10, 1995.

ADDRESSES: The public meeting, ``Security of the Electronic Delivery of 
Government Information and Services,'' will be held in the Auditorium 
of the North Carolina Museum of History, 1 East Edenton Street, 
Raleigh, North Carolina. The public meeting, ``Security 
[[Page 3442]] for Intelligent Transportation Systems and Trade 
Information,'' will be held in the Auditorium of the Department of 
Cultural Affairs, 109 East Jones Street, Raleigh, North Carolina. Both 
buildings are in close proximity to the North Carolina Capitol 
Building.
    Position statements and requests to appear for the meeting, 
``Security of the Electronic Delivery of Government Information and 
Services,'' sent to the Government Information Technology Services 
Working Group, marked to the attention of Ms. April Ramey, U.S. 
Department of the Treasury, 1425 New York Avenue, Room 2150 N.W., 
Washington, D.C. 20220. Position statements may also be submitted via 
fax to (202) 622-1595 or through electronic mail to 
[email protected]. Electronic mail should be submitted as 
unencoded, unformatted, ASCII text.
    Position statements and requests to appear for the meeting, 
``Security for Intelligent Transportation Systems and Trade 
Information,'' should be sent to the Volpe National Transportation 
Systems Center of the Department of Transportation, marked to the 
attention of Mr. Gary Ritter, DTS-21, at 55 Broadway, Cambridge, MA, 
02142. Position statements may also be submitted via fax to (617) 494-
2370 or through electronic mail to ``R[email protected]''. 
Electronic mail should be submitted as unencoded, unformatted, ASCII 
text.
    Parties offering testimony are asked to provide them on paper, and 
where possible, in machine-readable format. Machine-readable 
submissions may be provided through electronic mail messages sent over 
the Internet, or on a 3.5''floppy disk formatted for use in an MS-DOS 
based computer. Machine-readable submissions should be provided as 
unencoded, unformatted ASCII text.
    Written comments should include the following information:
     Name and organizational affiliation, if any, of the 
individual responding;
     An indication of whether comments offered represent views 
of the respondent's organization or are the respondent's personnal 
views; and
     If applicable, information on the respondent's 
organization, including the type of organization (e.g., trade 
association, private corporation, non-profit organization) and general 
areas of interest.

FOR FURTHER INFORMATION CONTACT: For further information relating to 
electronic delivery of information and services, contact Ms. April 
Ramey of the Treasury Department at (202) 622-1278.
    For further information relating to transportation and trade 
issues, contact Mr. Gary Ritter at the Volpe National Transportation 
Systems Center by telephone at (617) 494-2716.

SUPPLEMENTARY INFORMATION:

I. Issues for Public Comment

A. Background

    The public meetings are part of an ongoing dialogue with the 
Administration to assess the security needs and concerns of users of 
the National Information Infrastructure (NII). The NII is a system of 
high-speed telecommunications networks, databases, and advanced 
computer systems that will make electronic information more widely 
available and accessible than ever before. For example, citizens may be 
able to learn about federal benefits programs through public kiosks, or 
may receive their social security payments through direct deposit to 
their bank accounts. As the U.S. transportation infrastructure becomes 
more complex, Americans will benefit from the application of 
information technologies to such operations as toll collection, motor 
vehicle registration, and traffic routing. This increased availability 
and accessibility of services and products provided through information 
technology will dramatically affect the way in which individuals 
conduct their everyday affairs.
    Consequently, broad public and commercial use of the NII hinges 
upon implementing technologies, policies, and practices that not only 
ensure that users of information systems have access to information 
when and where they need it, but that subjects of information records 
are able to protect themselves from unauthorized or inappropriate use 
of information.
    ``Americans will not use the NII to its full potential unless they 
trust that information will go where and when they want it and nowhere 
else,'' declared Sally Katzen, Administrator of the Office of 
Information Regulatory Affairs at OMB and chair of the Forum. ``The 
Federal government is a primary user of the NII and thus a catalyst for 
change. Yet the NII will be designed, built, owned, operated, and used 
primarily by the private sector, making it essential that security on 
the NII be considered in partnership with the public.''
    To address these critical issues, the Vice President formed the 
Information Infrastructure Task Force (IITF). The IITF is chaired by 
Secretary of Commerce Ron Brown and is comprised of senior 
Administration officials having expertise in technical, legal, and 
policy areas pertinent to the NII. The mission of the IITF is to 
articulate and implement the Administration's vision for the NII.
    The NII Security Issues Forum was established within the IITF to 
address the cross-cutting issue of security in the NII. The forum is 
chaired by Sally Katzen, Administrator of the Office of Information and 
Regulatory Affairs in the Office of Management and Budget.
    In addition to the IITF, the President has established the U.S. 
Advisory Council on the National Information Infrastructure. The 
Advisory Council represents industry, labor, and public interest 
groups, and advises the Secretary of Commerce on issues relating to the 
NII. Mega-Project III, one of three work groups of the Advisory 
Council, is responsible for addressing security, intellectual property, 
and privacy issues as they relate to the NII.

B. Structure and Content of Public Meeting

    Security is linked inextricably to broad public use of the NII. The 
technologies, policies, and procedures used to ensure the 
confidentiality, availability, and integrity of digitally produced and 
transmitted information, information products, and services on the NII 
will determine whether, how, and to what extent digitally linked 
information services will be broadly used in such critical applications 
as providing public information, supporting the delivery of government 
services, utilizing intelligent transportation systems, and conducting 
trade.
    Development of policies and procedures that will ensure the 
security of public and private information and communications on the 
NII requires study from different perspectives, whether that of the 
subject of the information, the user of the information, or the creator 
of the information. The Forum and Mega-Project III seek input from 
parties representing beneficiaries of federal information and services 
and users of intelligent transportation systems and trade data.
    Solutions to these concerns will come via technical solutions, as 
well as legal and policy mechanisms. The Forum and Mega-Project III 
seek input in this area as well. Specifically, what legal measures, 
policy mechanisms, and technological solutions, or combinations 
thereof, can be used to effectively protect the security of federal 
benefits information or transportation or trade data, delivered or made 
accessible on the NII? [[Page 3443]] 
    A panel of witnesses drawn from the public will be assembled to 
discuss the following topics with a panel of senior Administration 
officials, members of the Security Issues Forum, members of the 
Advisory Council, and policy makers at the State level, and to field 
questions and comments from other members of the public.
    Position statements for the meeting, ``Security in the Delivery of 
Electronic Information and Services,'' should address four principal 
questions:
    1. How do you envision the NII being used to provide services and 
information electronically to citizens? Specifically, what types of 
services and information should be delivered or made available?
    2. What risks and threats do you foresee in making services and 
information available via the NII? Such threats might include fraud, 
unauthorized access, breach of confidentiality or privacy, breach of 
integrity, and system performance.
    3. What legal, policy, and ethical issues do you foresee affecting 
usage of the NII? Such issues may include liability, information/
property rights, access, document/records management, legal 
admissibility/evidentiary requirements, and auditability. Do some 
issues, such as privacy and open access, tend to countervene each 
other?
    4. What kinds job administrative or technical solutions should be 
developed or promoted to address security, legal, and ethical concerns? 
Such solutions may include verifying recipient and/or vendor 
eligibility, ensuring operational and systems security, and 
establishing means to facilitate settlement, detection, and 
prosecution.
    Position statements for the meeting, ``Security for Intelligent 
Transportation Systems and Trade Information,'' should address five 
principal questions:
    1. Who should be permitted access to sensitive trade and 
transportation information systems? How can inappropriate access and 
use be prevented?
    2. What technical and institutional safeguards in electronic data 
transmission, storage, and retrieval are needed to protect the security 
of trade and transportation data? Such risks might include: Disclosure 
of proprietary and confidential business information, criminal access 
to trade and cargo records, disclosure of individual travel patterns or 
vehicle locations, or disclosure of transportation dispatch 
communications regarding sensitive cargo shipment routes, itineraries, 
and locations.
    3. What does an ``appropriate level of security'' consist of? Is 
there a ``one-size-fits-all'' solution, or can policies be established 
which flexibly meet diverse needs?
    4. Do certain systems merit greater degrees of security protection, 
such as traffic signal control systems, variable message signs, fleet 
location monitoring, electronic toll collection, international trade 
data, and motor vehicle registration records?
    5. Who should establish and enforce security policies? How can 
government and the private sector work together to support a secure 
National Information Infrastructure?

II. Guidelines for Participation in the Public Hearing

    Individuals who would like to participate on a panel must request 
an opportunity to do so no later than January 20, 1995, by submitting a 
brief, 1-2 page summary position statement. If approved, each 
participant will be allowed to present brief opening remarks. Primary 
participation, however, shall be during the general discussion to 
follow, according to the format described above.
    Participants in the public meeting will testify before and 
participate in discussions with a panel consisting of members of the 
Advisory Council, members of the Security Issues Forum, and other 
Administration officials.
    Individuals not selected as panel participants may offer comments 
or ask questions of the witnesses by requesting an opportunity to do so 
and being recognized during the meeting by the chairs of the meeting. 
Oral remarks offered in this fashion should not exceed three minutes. 
No advance approval is required to attend the public meetings, offer 
comments, or present questions.
    The public meeting on ``Security of the Electronic Delivery of 
Information and Services'' will be chaired by Mr. Jim Flyzik, Chair of 
the Government Information Technology Services Working Group of the 
IITF.
    The public meeting on ``Security for Intelligent Transportation 
Systems and Trade Information,'' will be co-chaired by Ms. Ana Sol 
Gutierrez, Deputy Administrator of the Research and Special Programs 
Administration of the U.S. Department of Transportation, and Ms. 
Christine Johnson, Director of the Intelligent Transportation Systems 
Joint Program Office of the U.S. Department of Transportation.
    More information about the Clinton Administration's National 
Information Infrastructure initiative can be obtained from the IITF 
Secretariat. Inquiries may be directed to Yvette Barrett at (202) 482-
1835, by e-mail to [email protected], or by mail to U.S. Department 
of Commerce, IITF Secretariat, NTIA, Room 4892, Washington, D.C. 20230.
    For inquiries over the Internet to the IITF Gopher Server, gopher, 
telnet (login = gopher), or anonymous ftp to iitf.doc.gov. Access is 
also available over the World-Wide-Web. Questions may be addressed to 
[email protected].
    For access by modem, dial (202) 501-1920 and set modem 
communication parameters at no parity, 8 data bits, and one stop 
(N,8,1). Modem speeds of up to 14,400 baud are supported.
Sally Katzen,
Administrator, Office of Information and Regulatory Affairs.
[FR Doc. 95-1060 Filed 1-13-95; 8:45 am]
BILLING CODE 3110-01-M