http://www.wired.com/news/politics/0,1283,45552,00.html By Declan McCullagh and Andrew Osterman 7:00 a.m. July 26, 2001 PDT WASHINGTON -- It's been two months since congressional investigators said that a highly touted FBI Internet center was about as effective as Al Gore's presidential campaign. During a hearing Wednesday, a Senate panel concluded that the FBI's National Infrastructure Protection Center had made scant progress since the blistering report released in May. Sen. Jon Kyl of Arizona, the top Republican on the Judiciary technology subcommittee, suggested that the NIPC was not using agents contributed to the center from other agencies and said the problem "seemed to be a leadership issue." The panel's Democratic chairman, Sen. Dianne Feinstein of California, called the NIPC "an important hole in our national infrastructure" that must be patched. Wednesday's hearing came as the SirCam virus and the Code Red worm roiled the Net and clogged e-mail inboxes. The NIPC's mission is to act as a clearinghouse for "threat assessment, warning, investigation, and response for threats or attacks against our critical infrastructures," including the Net. The 108-page report from Congress' General Accounting Office concluded that instead of becoming a highly sensitive nerve center that responds to computer intrusions, the NIPC has turned into a federal backwater that is surprisingly ineffective in pursing malicious hackers or devising a plan to protect electronic infrastructures. The NIPC received $32 million in 1999 and $28 million in 2000, not counting items like office space and telephones provided by the FBI. NIPC Director Ronald Dick tried to reassure the subcommittee. "The GAO recommendations are all being addressed and I plan to keep the subcommittee updated on our progress," Dick said. "We have come far in a few years. We had to build the plane as we flew it." To placate the senators, Dick admitted that the NIPC needs improvement. "While we have numerous documents reflecting strategic and tactical planning, I agree that more work needs to be done ... through a sustained process of documenting lessons learned from significant cyber events," he said. Translated, this bureaucratese means: Don't dismember us. While it's nearly impossible to get rid of a federal agency, the National Security Council -- which is part of the White House -- has suggested something almost as drastic. In a letter to the GAO this spring, the council suggested that some of the NIPC's critical infrastructure functions "might be better accomplished by distributing the tasks among several existing federal agencies." In a written statement, Sen. Orrin Hatch (R-Utah) hinted that he hadn't ruled out such drastic measures. "In the absence of such a strategic assessment," grumbled Hatch, "law enforcement will be perpetually consigned to responding reactively -- instead of proactively addressing and eliminating threats to the system. I simply do not know, at this point, whether or not the NIPC is the ideal entity to perform this analysis." In time-honored Washington fashion, Dick blamed his agency's problems -- which he largely inherited from former director Mike Vatis -- on a lack of cash. "While the center has representatives from several U.S. government agencies, staffing continues to be a challenge," Dick said. "Agencies have responded to the NIPC's requests for detailees by saying that they are constrained from sending personnel due to lack of funds." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Jul 27 2001 - 07:06:37 PDT