Reno unveils center to protect infrastructure

and TORSTEN BUSSE

Attorney General Janet Reno last week announced an interagency effort to track and analyze electronic threats to the nation's critical infrastructure, such as the private computer systems used to manage the financial, electrical and transportation industries.

The new National Infrastructure Protection Center (NIPC), headed by Michael Vatis, associate deputy attorney general, will include the FBI' Computer Investigations and Infrastructure Threat Assessment Center (CITAC) and will add real-time intrusion-detection "watch-and-warning" capabilities so that officials can identify who is attacking the infrastructure's systems and trace the attacks back to a source.

Initially, the center, which will be housed at FBI headquarters, will employ 85 FBI agents and 40 employees from the Secret Service and the departments of Defense, Transportation and Energy. Eventually, the center will add employees from other federal agencies and the private sector. Funding mechanisms have not been completed.

Our telecommunications systems are more vulnerable than ever before as we rely on technology more than ever before," Reno said.

In October the president's Commission on Critical Infrastructure Protection recommended that the government field a real-time warning capability modeled after the military's air defense and missile-warning system. While the commission found no evidence of an impending cyberattack on the nation's infrastructure, its members warned that the capability to exploit weaknesses in the country's power, telecommunications, transportation and financial segments does exist.

Reno will ask Congress for $64 million for the NIPC in fiscal 1999, a sum that would allow the establishment of six additional computer investigation centers in cities throughout the nation.

The private sector also will have a vital role to play in the electronic defense, Reno said. She called for direct electronic links between the private sector and law enforcement agencies in what she termed a "significant departure" from past behavior. The closer links, however, must be set up within the confines of the Constitution and cannot infringe on individual rights and confidentiality.

The dimensions of the threat also will require international collaboration, given the possibility that someone "can sit in a kitchen in St. Petersburg, Russia, and can steal money from a bank in New York," she said. "Cyberspace crosses borders."

Winn Schwartau, who writes about information warfare and is president of Interpact Inc., a security consulting company, questioned the Justice Department taking the lead for national infrastructure protection. "Does Justice really have enough capability, manpower [and] technical knowledge to take the lead?" he said. "The Defense Department has a much stronger skill set to manage something like this."

The NIPC officials may use the nation's Arms Control Treaty monitoring system as a model for its system. DOE's Sandia National Laboratory is designing a computer system that could become the backbone for a national information warfare indication and warning center. Kenneth Geide, deputy chief of NIPC, said CITAC officials have been following the work at Sandia, but a warning-and-detection method has not yet been selected.

Sandia, whose work has been partially funded by the Defense Information Systems Agency, is exploring ways to embed sensors in the computer systems of the nation's critical infrastructure, said Sam Varnado, Sandia's director of the energy and critical infrastructure technology center. The sensors would send intrusion or attack information back to a central command center, where officials could determine the nature of the incident and then trace the intrusion back to the perpetrator.

Sandia officials soon will begin using a powerful supercomputer to model the consequences of an attack on a specific critical system. "We're really concerned about the interdependence of the infrastructures," Varnado said. "If the telecommunications network would go down, then banking and finance would go down. Then you can look at systems and say what would cause that consequence. Now you can start to get at a cost-benefit approach. We need to get industry involved. They don't see a business case because no one can tell them exactly what the threat is."

Busse is a reporter with IDG News Service.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above