Coordination called key to NIPC improvements

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2001/0806/mgt-nipc-08-06-01.asp

By Diane Frank 
Aug. 6, 2001 

The National Infrastructure Protection Center is slowly improving its
ability to provide warnings and analysis on computer security threats,
but Congress remains concerned that its greater mission is hurt by a
lack of coordination with other agencies and industry.

President Clinton formally established the center in May 1998 with
Presidential Decision Directive 63, which requires federal agencies to
secure the systems that support the nations critical infrastructure,
such as telecommunications. The NIPC is intended to form a bridge
between government and industry for incident warnings and analysis.

The center has made improvements since a General Accounting Office
review last year, said Ronald Dick, the centers director. Gains have
resulted from adding workers from the Defense Department and moving
forward with a new data-mining project for its analysis. Dick
testified July 25 before the Senate Judiciary Committees Technology,
Terrorism and Government Information Subcommittee.

In their report, GAO officials said the NIPC was hindered by a lack of
analysis, staff members and information from industry. But the biggest
problem and one that still has not been addressed is the lack of
agreement within government on the role the center should play in the
larger critical infrastructure protection environment, said Robert
Dacey, director of information security issues at GAO.

Subcommittee members said they were most concerned that the NIPC is
not receiving appropriate support from agencies and industry. The NIPC
should consist of workers from civilian and Defense agencies, but so
far, many agencies have not provided the needed personnel. Sen. Jon
Kyl (R-Ariz.), ranking member of the subcommittee, suggested that
Congress help encourage agencies, through money or mandates, to assign
those workers.

But agencies cannot afford to lose precious information security
talent, Dick said. "Were stretching our resources as thin as they can
be." He said the centers new workers from DOD include a new deputy
director.

Subcommittee Chairwoman Dianne Feinstein (D-Calif.) also called on the
NIPC to rely on expertise from agencies such as the Secret Service,
which works closely with the financial community to combat cybercrime.
The Secret Service has developed an extensive training course through
its Electronic Crimes Special Agent Program and trains other agencies,
state and local governments, and even the private sector, according to
James Savage, deputy special agent in charge of the Secret Services
Financial Crimes Division.

The subcommittee also encouraged the NIPC to continue its work to form
formal partnerships with industry to gather the information needed to
make informed analyses of incidents.

Both Feinstein and Kyl suggested that Congress support the NIPC
through legislation, such as a bill introduced recently by Rep. Tom
Davis (R-Va.) to create a new exemption to the Freedom of Information
Act. Davis bill, along with another to be co-introduced by Sen. Robert
Bennett (R-Utah) and Kyl, would exempt industry cybersecurity
information from FOIA requests.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.