Cybersentries under GAO review

National Infrastructure Protection Center home page

Related Links

The General Accounting Office is starting a review of the FBI's National

Infrastructure Protection Center's ability to fulfill its cyberattack analysis

and warning duties.

The review follows a request by three members of the Senate Judiciary Subcommittee

on Technology, Terrorism and Government Information to look into the NIPC's

abilities to act as a central point for detection and analysis of cyberattacks.

The senators — John Kyl (R-Ariz.), Dianne Feinstein (D-Calif.) and Charles

Grassley (R-Iowa) — also asked GAO to examine NIPC's ability to send out

timely alerts and fixes to federal agencies and the private sector.

"It is really a look at how well the NIPC is fulfilling its charter," said

Jean Boltz, assistant director of governmentwide and defense information

systems at GAO.

Several members of Congress first raised this concern after distributed

denial-of-service attacks in February shut down many commercial sites. The

concern came to the forefront again in May when the "love bug" computer

virus hit agencies and companies.

The NIPC has a fairly small staff of technicians and scientists in its Analysis

and Warnings Section, and it is still working to coordinate communication

with other government organizations, such as the Federal Computer Incident

Response Capability. The staffing is among the factors that affect the NIPC's

ability to provide meaningful help to agencies and the private sector, according

to GAO.

"Clearly, more needs to be done to enhance the government's ability to collect,

analyze and distribute timely information that can be used by agencies to

protect their critical information systems from possible attack," said Jack

Brock, director of governmentwide and defense information systems at GAO,

testifying before the Senate last month. "In the ILOVEYOU incident, NIPC

and FedCIRC, despite their efforts, had only a limited impact on agencies

being able to mitigate the attack."


  • Cybersecurity
    cybersecurity (Rawpixel/

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected