From: InfoSec News (isnc4i.org)
Date: Fri Jul 27 2001 - 04:21:47 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.wired.com/news/politics/0,1283,45552,00.html

By Declan McCullagh and Andrew Osterman
7:00 a.m. July 26, 2001 PDT

WASHINGTON -- It's been two months since congressional investigators
said that a highly touted FBI Internet center was about as effective
as Al Gore's presidential campaign.

During a hearing Wednesday, a Senate panel concluded that the FBI's
National Infrastructure Protection Center had made scant progress
since the blistering report released in May.

Sen. Jon Kyl of Arizona, the top Republican on the Judiciary
technology subcommittee, suggested that the NIPC was not using agents
contributed to the center from other agencies and said the problem
"seemed to be a leadership issue."

The panel's Democratic chairman, Sen. Dianne Feinstein of California,
called the NIPC "an important hole in our national infrastructure"
that must be patched.

Wednesday's hearing came as the SirCam virus and the Code Red worm
roiled the Net and clogged e-mail inboxes. The NIPC's mission is to
act as a clearinghouse for "threat assessment, warning, investigation,
and response for threats or attacks against our critical
infrastructures," including the Net.

The 108-page report from Congress' General Accounting Office concluded
that instead of becoming a highly sensitive nerve center that responds
to computer intrusions, the NIPC has turned into a federal backwater
that is surprisingly ineffective in pursing malicious hackers or
devising a plan to protect electronic infrastructures. The NIPC
received $32 million in 1999 and $28 million in 2000, not counting
items like office space and telephones provided by the FBI.

NIPC Director Ronald Dick tried to reassure the subcommittee. "The GAO
recommendations are all being addressed and I plan to keep the
subcommittee updated on our progress," Dick said. "We have come far in
a few years. We had to build the plane as we flew it."

To placate the senators, Dick admitted that the NIPC needs
improvement. "While we have numerous documents reflecting strategic
and tactical planning, I agree that more work needs to be done ...
through a sustained process of documenting lessons learned from
significant cyber events," he said.

Translated, this bureaucratese means: Don't dismember us.

While it's nearly impossible to get rid of a federal agency, the
National Security Council -- which is part of the White House -- has
suggested something almost as drastic. In a letter to the GAO this
spring, the council suggested that some of the NIPC's critical
infrastructure functions "might be better accomplished by distributing
the tasks among several existing federal agencies."

In a written statement, Sen. Orrin Hatch (R-Utah) hinted that he
hadn't ruled out such drastic measures.

"In the absence of such a strategic assessment," grumbled Hatch, "law
enforcement will be perpetually consigned to responding reactively --
instead of proactively addressing and eliminating threats to the
system. I simply do not know, at this point, whether or not the NIPC
is the ideal entity to perform this analysis."

In time-honored Washington fashion, Dick blamed his agency's problems
-- which he largely inherited from former director Mike Vatis -- on a
lack of cash.

"While the center has representatives from several U.S. government
agencies, staffing continues to be a challenge," Dick said. "Agencies
have responded to the NIPC's requests for detailees by saying that
they are constrained from sending personnel due to lack of funds."

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn' in the BODY
of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]