Security Incidents mailing list archives

Re: What use is the NIPC? / RFF Comments

From: Richard Forno <rforno () infowarrior org>
Date: Sun, 05 Aug 2001 23:40:58 +0000


Pardon the comments and mini-rant.

In partial defense, as a security director for a net company, I worked with
NIPC since their inception in 1998 - while they had some really good techhie
folks there, many have sinced moved on to Cisco and other IT industry
vendors. There's not much meat left there, and it's been woefully
understaffed since its beginnings - even the April GAO report on NIPC said
so.

NIPC is a noble idea on paper, but was designed as one of several White
House pet projects designed as knee-jerk reactions to the sensationalized
nature of information security and the new term of critical infrastructure
protection. Look what web vandals were able to get the USG to build and fund
- an entirely new organization!!! (How's that for a kiddie's ego trip?)

Recall that NIPC is the same entity that ran a one-line virus advisory for
I-LOVE-YA that simply read "A new virus has been detected in thie
Philippenes" ..... they updated it 4 hours later to say that it was a VBS
event and that more info would be provided as it became available. I got
better info on the radio driving into work then from NIPC....From what I've
seen, their advisories and alerts are redundant to any number of free
listservs, vendor, and the time-delayed CERT advisories. Chances are when
NIPC reports something, it's been common knowledge for a while. No great
secret there.

You want cracker-jack computer crime investigations, check out USAF OSI and
NASA ... they wrote the book on computer crime investigations and analysis.
You want cracker-jack security information on exploits and vulnerabilities,
check out BUGTRAQ, INCIDENTS, and such....it's free, useful, and
interactive. (yeah, yeah, I plugged the list....)

We now return to your regularly-scheduled Code Red analysis.


Rick Forno
infowarrior.org / incidentresponse.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

What use is the NIPC? aleph1 (Aug 05)
- Re: What use is the NIPC? bonk (Aug 05)
  - Re: What use is the NIPC? / RFF Comments Richard Forno (Aug 05)
- Re: What use is the NIPC? Jay D. Dyson (Aug 06)
- <Possible follow-ups>
- RE: What use is the NIPC? Tim Hollebeek (Aug 06)