Information Security News mailing list archives

Cybersentries under GAO review

From: InfoSec News <isn () C4I ORG>
Date: Fri, 16 Jun 2000 09:27:15 -0500

http://www.fcw.com/fcw/articles/2000/0612/web-nipc-06-16-00.asp

BY Diane Frank
06/16/2000

The General Accounting Office is starting a review of the FBIs
National Infrastructure Protection Centers ability to fulfill its
cyberattack analysis and warning duties.

The review follows a request by three members of the Senate Judiciary
Subcommittee on Technology, Terrorism and Government Information to
look into the NIPCs abilities to act as a central point for detection
and analysis of cyberattacks.

The senators John Kyl (R-Ariz.), Dianne Feinstein (D-Calif.) and
Charles Grassley (R-Iowa)  also asked GAO to examine NIPCs ability to
send out timely alerts and fixes to federal agencies and the private
sector.

"It is really a look at how well the NIPC is fulfilling its charter,"
said Jean Boltz, assistant director of governmentwide and defense
information systems at GAO.

Several members of Congress first raised this concern after
distributed denial-of-service attacks in February shut down many
commercial sites. The concern came to the forefront again in May when
the "love bug" computer virus hit agencies and companies.

The NIPC has a fairly small staff of technicians and scientists in its
Analysis and Warnings Section, and it is still working to coordinate
communication with other government organizations, such as the Federal
Computer Incident Response Capability. The staffing is among the
factors that affect the NIPCs ability to provide meaningful help to
agencies and the private sector, according to GAO.

"Clearly, more needs to be done to enhance the governments ability to
collect, analyze and distribute timely information that can be used by
agencies to protect their critical information systems from possible
attack," said Jack Brock, director of governmentwide and defense
information systems at GAO, testifying before the Senate last month.
"In the ILOVEYOU incident, NIPC and FedCIRC, despite their efforts,
had only a limited impact on agencies being able to mitigate the
attack."

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".

Current thread:

Cybersentries under GAO review InfoSec News (Jun 17)
- <Possible follow-ups>
- Re: Cybersentries under GAO review InfoSec News (Jun 19)