Wednesday May 23, 2001
U.S. Cyber Security Center Lags on Threat Warnings
By Jim Wolf

WASHINGTON (Reuters) - An FBI led unit set up to guard critical U.S. grids and computer networks from guerrillas and hackers often fails to give timely warning of imminent cyber attacks, congressional investigators said Tuesday.

The National Infrastructure Protection Center (NIPC), established in 1998, has suffered from a lack of support by the Defense Department and Secret Service among others, said the General Accounting Office (news - web sites), the audit arm of Congress.

While the NIPC has given valuable help to FBI teams investigating a growing threat to computer networks, it has developed only limited capabilities for strategic analysis of threat and vulnerability data, it said.

``A major underlying problem is that the NIPC's roles and responsibilities have not yet been fully defined and are not consistently interpreted by other entities involved in the government's broader critical infrastructure protection strategy,'' it said.

In a letter commenting on the GAO findings published with the study, Ronald Dick, director of the NIPC, acknowledged that ''many Executive Branch components simply have not heeded the call'' set out in a 1998 presidential order to support the infrastructure protection center.

``To date, the intelligence and defense communities have only partially staffed'' analysis positions earmarked for detailees from the Central Intelligence Agency, the Pentagon's code-cracking National Security Agency and the military services, he wrote.

``Many of those upon whom the NIPC relies to accomplish its mission might prefer that the NIPC, especially as housed in the FBI, not succeed,'' Dick added in his April 4 letter to the GAO.

UNFILLED POSITION

In an interview at a computer security conference in Dulles, Virginia, Dick said the analysis and information-sharing unit position reserved for a National Security Agency detailee was currently unfilled. Asked why, a spokeswoman for the NSA had no immediate comment.

Dick said 17 detailees from U.S. executive branch agencies were currently working at the NIPC, less than half the 40 slots reserved for them.

The analysis and warning center section chief, a position earmarked for a CIA (news - web sites) officer, was vacant for about half of the NIPC's three-year existence, the report said. The position is filled by a CIA officer due to stay two years, twice as long as his predecessors in the position, Dick told Reuters.

GAO said the NIPC's ability to issue warnings promptly had been undercut by lack of ``a comprehensive government-wide or nationwide framework for promptly obtaining and analyzing information on imminent attacks.''

``While some warnings were issued in time to avert damage, most of the warnings, especially those related to viruses, pertained to attacks under way,'' the report said.

Back To The Study