[ISN] Coordination called key to NIPC improvements

From: InfoSec News (isnat_private)
Date: Tue Aug 07 2001 - 03:10:28 PDT

  • Next message: InfoSec News: "[ISN] Senator Targets School Hackers"

    By Diane Frank 
    Aug. 6, 2001 
    The National Infrastructure Protection Center is slowly improving its
    ability to provide warnings and analysis on computer security threats,
    but Congress remains concerned that its greater mission is hurt by a
    lack of coordination with other agencies and industry.
    President Clinton formally established the center in May 1998 with
    Presidential Decision Directive 63, which requires federal agencies to
    secure the systems that support the nations critical infrastructure,
    such as telecommunications. The NIPC is intended to form a bridge
    between government and industry for incident warnings and analysis.
    The center has made improvements since a General Accounting Office
    review last year, said Ronald Dick, the centers director. Gains have
    resulted from adding workers from the Defense Department and moving
    forward with a new data-mining project for its analysis. Dick
    testified July 25 before the Senate Judiciary Committees Technology,
    Terrorism and Government Information Subcommittee.
    In their report, GAO officials said the NIPC was hindered by a lack of
    analysis, staff members and information from industry. But the biggest
    problem and one that still has not been addressed is the lack of
    agreement within government on the role the center should play in the
    larger critical infrastructure protection environment, said Robert
    Dacey, director of information security issues at GAO.
    Subcommittee members said they were most concerned that the NIPC is
    not receiving appropriate support from agencies and industry. The NIPC
    should consist of workers from civilian and Defense agencies, but so
    far, many agencies have not provided the needed personnel. Sen. Jon
    Kyl (R-Ariz.), ranking member of the subcommittee, suggested that
    Congress help encourage agencies, through money or mandates, to assign
    those workers.
    But agencies cannot afford to lose precious information security
    talent, Dick said. "Were stretching our resources as thin as they can
    be." He said the centers new workers from DOD include a new deputy
    Subcommittee Chairwoman Dianne Feinstein (D-Calif.) also called on the
    NIPC to rely on expertise from agencies such as the Secret Service,
    which works closely with the financial community to combat cybercrime.
    The Secret Service has developed an extensive training course through
    its Electronic Crimes Special Agent Program and trains other agencies,
    state and local governments, and even the private sector, according to
    James Savage, deputy special agent in charge of the Secret Services
    Financial Crimes Division.
    The subcommittee also encouraged the NIPC to continue its work to form
    formal partnerships with industry to gather the information needed to
    make informed analyses of incidents.
    Both Feinstein and Kyl suggested that Congress support the NIPC
    through legislation, such as a bill introduced recently by Rep. Tom
    Davis (R-Va.) to create a new exemption to the Freedom of Information
    Act. Davis bill, along with another to be co-introduced by Sen. Robert
    Bennett (R-Utah) and Kyl, would exempt industry cybersecurity
    information from FOIA requests.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 05:27:16 PDT