Cybersentries under GAO review
- By Diane Frank
- Jun 16, 2000
National Infrastructure Protection Center home page
The General Accounting Office is starting a review of the FBI's National
Infrastructure Protection Center's ability to fulfill its cyberattack analysis
and warning duties.
The review follows a request by three members of the Senate Judiciary Subcommittee
on Technology, Terrorism and Government Information to look into the NIPC's
abilities to act as a central point for detection and analysis of cyberattacks.
The senators — John Kyl (R-Ariz.), Dianne Feinstein (D-Calif.) and Charles
Grassley (R-Iowa) — also asked GAO to examine NIPC's ability to send out
timely alerts and fixes to federal agencies and the private sector.
"It is really a look at how well the NIPC is fulfilling its charter," said
Jean Boltz, assistant director of governmentwide and defense information
systems at GAO.
Several members of Congress first raised this concern after distributed
denial-of-service attacks in February shut down many commercial sites. The
concern came to the forefront again in May when the "love bug" computer
virus hit agencies and companies.
The NIPC has a fairly small staff of technicians and scientists in its Analysis
and Warnings Section, and it is still working to coordinate communication
with other government organizations, such as the Federal Computer Incident
Response Capability. The staffing is among the factors that affect the NIPC's
ability to provide meaningful help to agencies and the private sector, according
"Clearly, more needs to be done to enhance the government's ability to collect,
analyze and distribute timely information that can be used by agencies to
protect their critical information systems from possible attack," said Jack
Brock, director of governmentwide and defense information systems at GAO,
testifying before the Senate last month. "In the ILOVEYOU incident, NIPC
and FedCIRC, despite their efforts, had only a limited impact on agencies
being able to mitigate the attack."