Tags: Cyber | Protection | Lags

Cyber Protection Lags

Tuesday, 22 May 2001 12:00 AM

The General Accounting Office, an investigative arm of Congress, initially launched its review of the National Infrastructure Protection Center at the request of lawmakers. Industry complaints said the NIPC had failed to adequately respond to cyber mishaps such as viruses.

"The NIPC has initiated a variety of critical infrastructure protection efforts that, together, have laid a foundation for future government-wide efforts," the report said. "However, the analytical and information-sharing capabilities ... needed to protect the nation's critical infrastructures have not yet been achieved."

The report said the NIPC "often is not able to provide timely information on changes in threat conditions or warnings of imminent attacks." It cited shortcomings in an information-sharing program between both industry and government agencies and NIPC's analysis centers.

"Of four information-sharing and analysis centers established as focal points for infrastructure sectors, only one - the electric power industry - had developed a two-way, information-sharing partnership with the NIPC at the close of the GAO's review," the report said.

"Further, fully productive partnerships have not been established with other federal entities, most notably the Department of Defense and the Secret Service, which also collect and analyze data on computer-based threats and vulnerabilities."

The report noted some NIPC successes, including providing technical support and coordination for FBI investigations of computer crimes. It also noted the center's procedures for establishing crisis-management teams for serious incidents such as the Melissa virus in 1999.

In a written letter responding to the GAO review, NIPC Director Ronald Dick said the center's strategic-analysis capabilities could be improved, but reaffirmed the GAO's finding that staff shortages and vacancies were to blame.

The center, founded through a 1998 presidential directive that arose from concerns that the nation's infrastructure was vulnerable to cyber threats, relies in large part on staff resources detailed from various federal agencies.

"While the center is grateful to partners who have provided assistance, the staffing resources provided from other executive branch components to the NIPC has been insufficient to allow the center to fully meet the enormous analytical challenges of infrastructure protection," Dick said.

The GAO review said that one key position, the chief of analysis and warning section, was supposed to be filled by the CIA, but remained vacant for about half of the NIPC's three-year life. And a National Security Agency detailee position was vacant for about 17 months between May 1998 and April 2000.

Defending against criticisms that the center failed to give timely, preemptive warnings of virus threats, Dick said predicting the work of hackers, who often work solo, is very difficult. Despite that, he said the center has issued a number of warnings that preceded attacks.

The center has altered its user community to the presence of Denial of Service tools residing on networks and in some cases provided tools to let users sniff out the tools on their system, Dick's letter said.

The report also said the user community and government agencies were not sure about NIPC's jurisdiction.

"A major underlying problem is that the NIPC's roles and responsibilities have not been fully defined and are not consistently interpreted by other entities involved in the government's broader critical infrastructure protection strategies," the GAO report said.

The report was to be reviewed Tuesday at a hearing before the Judiciary subcommittee for Technology, Terrorism and Government information. The hearing was cancelled because lawmakers were facing several stacked votes on the Senate floor.

Copyright 2001 by United Press International.

All rights reserved.

© 2019 Newsmax. All rights reserved.

   
1Like our page
2Share
Pre-2008
The General Accounting Office, an investigative arm of Congress, initially launched its review of the National Infrastructure Protection Center at the request of lawmakers. Industry complaints said the NIPC had failed to adequately respond to cyber mishaps such as...
Cyber,Protection,Lags
574
2001-00-22
Tuesday, 22 May 2001 12:00 AM
Newsmax Media, Inc.
 

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
America's News Page
© Newsmax Media, Inc.
All Rights Reserved