Agencies act to secure the future
- By Dan Verton, George I. Seffers
- Jun 19, 2000
In the charge to protect computer systems against cyberattacks, the National
Security Agency and the State Department are two prime examples of agencies
that have taken a proactive approach.
NSA is one of the federal agencies that have taken the lead in cooperation
between government and industry to advance cybersecurity.
NSA has formed alliances with more than 150 leading IT companies to help
identify emerging security solutions and has certified 14 academic institutions
as "centers of excellence" in security training, according to John Nagengast,
assistant deputy director for information systems security at NSA.
"We cannot [develop information assurance solutions] without the IT industry
being an integral part of [the process]," Nagengast said.
As for State, one high-ranking government official suggested
that the department develop a Future Concept Center, a specialized group
of visionaries to help define and prepare for future crises, including the
possibility of cyberattacks on the critical infrastructure.
During a State-sponsored panel discussion June 15, Ambassador
David Litt, political adviser to the president, said the department is too
shortsighted in preparing for crises and should follow the Defense Department's
example in studying and training for threats decades into the future.
"The United States military infrastructure is already preparing for the
requirements of the uncertain future. As time passes, non-state adversaries,
especially international criminal organizations, religious ethnic extremists,
[narcotics] traffickers and merchants of the technologies of weapons of
mass destruction will network among themselves using state-of-the-art communications
devices, as well as low-tech methods, in order to avoid detection," Litt
Part of the problem, according to Litt, is that State historically
has been an organization designed to respond to crises as they arise, rather
than planning and training for them years in advance.
"This is part of our heritage. We pride ourselves in being predominantly
an operational agency, managing the problems and the crises of the day,"
Litt said. "At the same time, we face an alarming shortage of personnel,
which means that in times of crisis, our flexibility is reduced to the extreme.
The result is that the system rapidly becomes overloaded during major complex
Further cyberattack warnings came in a June 5 report by State's
National Commission on Terrorism. The panel recommended the secretary of
State push for an international convention to "improve multilateral cooperation
on preventing and responding to cyberattacks by terrorists."
"Certainly, terrorists are making extensive use of the new information technologies
and a conventional terrorist attack along with a coordinated cyberattack
could exponentially compound the damage," the report states.
The commission reported that groups posing the most danger to the United
States share some characteristics not seen among terrorist groups 10 or
20 years ago, including:
* They operate in the United States and abroad.
* Their funding and logistical networks cross borders.
* They are less dependent on state sponsors.
* They are harder to disrupt with economic sanctions.
* They make use of widely available technologies to communicate quickly
* Their objectives are more deadly.
The conclusion from such a profile: "Without international cooperation,
the United States cannot protect its national infrastructure from the cyberthreat,"
the report states.