[ISN] FBI Net Center Blasted Again

From: InfoSec News (isnat_private)
Date: Fri Jul 27 2001 - 02:21:47 PDT

  • Next message: InfoSec News: "[ISN] Macmillan India buys teen hacker's how-to"

    http://www.wired.com/news/politics/0,1283,45552,00.html
    
    By Declan McCullagh and Andrew Osterman 
    7:00 a.m. July 26, 2001 PDT  
    
    WASHINGTON -- It's been two months since congressional investigators
    said that a highly touted FBI Internet center was about as effective
    as Al Gore's presidential campaign.
    
    During a hearing Wednesday, a Senate panel concluded that the FBI's
    National Infrastructure Protection Center had made scant progress
    since the blistering report released in May.
    
    Sen. Jon Kyl of Arizona, the top Republican on the Judiciary
    technology subcommittee, suggested that the NIPC was not using agents
    contributed to the center from other agencies and said the problem
    "seemed to be a leadership issue."
    
    The panel's Democratic chairman, Sen. Dianne Feinstein of California,
    called the NIPC "an important hole in our national infrastructure"
    that must be patched.
    
    Wednesday's hearing came as the SirCam virus and the Code Red worm
    roiled the Net and clogged e-mail inboxes. The NIPC's mission is to
    act as a clearinghouse for "threat assessment, warning, investigation,
    and response for threats or attacks against our critical
    infrastructures," including the Net.
    
    The 108-page report from Congress' General Accounting Office concluded
    that instead of becoming a highly sensitive nerve center that responds
    to computer intrusions, the NIPC has turned into a federal backwater
    that is surprisingly ineffective in pursing malicious hackers or
    devising a plan to protect electronic infrastructures. The NIPC
    received $32 million in 1999 and $28 million in 2000, not counting
    items like office space and telephones provided by the FBI.
    
    NIPC Director Ronald Dick tried to reassure the subcommittee. "The GAO
    recommendations are all being addressed and I plan to keep the
    subcommittee updated on our progress," Dick said. "We have come far in
    a few years. We had to build the plane as we flew it."
    
    To placate the senators, Dick admitted that the NIPC needs
    improvement. "While we have numerous documents reflecting strategic
    and tactical planning, I agree that more work needs to be done ...
    through a sustained process of documenting lessons learned from
    significant cyber events," he said.
    
    Translated, this bureaucratese means: Don't dismember us.
    
    While it's nearly impossible to get rid of a federal agency, the
    National Security Council -- which is part of the White House -- has
    suggested something almost as drastic. In a letter to the GAO this
    spring, the council suggested that some of the NIPC's critical
    infrastructure functions "might be better accomplished by distributing
    the tasks among several existing federal agencies."
    
    In a written statement, Sen. Orrin Hatch (R-Utah) hinted that he
    hadn't ruled out such drastic measures.
    
    "In the absence of such a strategic assessment," grumbled Hatch, "law
    enforcement will be perpetually consigned to responding reactively --
    instead of proactively addressing and eliminating threats to the
    system. I simply do not know, at this point, whether or not the NIPC
    is the ideal entity to perform this analysis."
    
    In time-honored Washington fashion, Dick blamed his agency's problems
    -- which he largely inherited from former director Mike Vatis -- on a
    lack of cash.
    
    "While the center has representatives from several U.S. government
    agencies, staffing continues to be a challenge," Dick said. "Agencies
    have responded to the NIPC's requests for detailees by saying that
    they are constrained from sending personnel due to lack of funds."
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jul 27 2001 - 07:06:37 PDT