Information Security News mailing list archives
Feds shape cyberwarning strategy
From: William Knowles <wk () C4I ORG>
Date: Tue, 15 Aug 2000 02:40:27 -0500
http://www.fcw.com/fcw/articles/2000/0814/news-tritak-08-14-00.asp BY Diane Frank 08/14/2000 Under pressure from Congress to better coordinate the governments response to computer viruses and other cyberattacks, the National Security Council has developed a plan outlining roles and responsibilities for federal cybersecurity organizations. Under the plan sent out to those organizations and federal agencies late last month the National Infrastructure Protection Center, working with the General Services Administrations Federal Computer Incident Response Capability office, will take the lead in alerting agencies to cyberattacks and will coordinate any immediate response. The memo identifies the organizations and agencies to be involved in various kinds of attacks and defines the criteria for NIPC to call a meeting of the full cybersecurity community. NSC working with Richard Clarke, the national coordinator for security, infrastructure protection and counter- terrorism will step in whenever a security response requires a broad policy decision, according to the plan. "This institutionalizes how we will share information both at an operations level and a policy level when cyber-incidents occur," said Mark Montgomery, director of transnational threats at NSC. Many observers have called for coordination among organizations such as NIPC, the Critical Infrastructure Assurance Office (CIAO) and NSC itself. NIPC, based at the FBI, was established in 1998 to serve as the governments central organization to assess cyberthreats, issue warnings and coordinate responses. The CIAO was set up to help agencies develop and coordinate security policies and plans. "The proliferation of organizations with overlapping oversight and assistance responsibilities is a source of potential confusion among agency personnel and may be an inefficient use of scarce technical resources," said Jack Brock, director of governmentwide and defense information systems at the General Accounting Office, speaking before Congress in February. The calls for coordination became louder after the "I Love You" virus in May affected almost every federal e-mail server and taxed many agencies resources. The lack of formal coordination and communication led to many more agencies being affected by the incident than necessary, according to GAO. Although the many warning and response organizations work together, the NSC memo lays out a standard process for coordination, said John Tritak, director of the CIAO. In the past, that type of coordination happened an ad hoc basis, an administration official said. Now, as laid out in the memo, the process is set so that it can last through the November election and into the next administration, he said. "Some of the formal mechanisms that existed were frankly ineffective in the tasks they were meant to do," another administration official said. "For circumstances that are extraordinary, we now have a process where the NIPC will coordinate the operational response, and the National Security Council will head the policy response." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Feds shape cyberwarning strategy William Knowles (Aug 15)