Select seating at the table
- By Diane Frank
- Aug 28, 2000
The federal government proposes coordinating its response to cyberattacks
with a structure in which agency officials know exactly who should be involved
and the responsibilities of each.
A "working agreement" from the National Security Council sets out ground
rules for two new groups of federal security officials that will be called
together to handle operations and policy issues whenever there is a significant
cyberattack, according to documents detailing the agreement. By naming the
members of a Critical Infrastructure Working Group and a Critical Infrastructure
Steering Group and detailing their responsibilities, the government has
taken a big step toward being able to respond more effectively to incidents,
"The single most important lesson that people who have been through
attacks have learned is that the actions in advance to establish the lines
of communication and responsibility levels...are the biggest determination
of whether this is a catastrophe or something you get through," said Alan
Paller, director of research at the SANS Institute, a security education
and research organization in Bethesda, Md.
"We really haven't had a structure, and this would allow us to convene
the right folks, to take the correct actions," said John Gilligan, co-chair
of the CIO Council's security committee. He will be serving as the representative
of the CIOs, the technology users and providers, and working to incorporate
a new process the agencies themselves are working on to share cyber incident
information, he said.
Membership in the two groups will vary as government employees who focus
on the protection of critical infrastructure change. But having a list of
key security players launches a process that can be used and learned from
over time, said Mark Montgomery, director of transnational threats at the
In the past year, both the General Accounting Office and Congress have
called for better coordination among the many agencies and organizations
involved in federal cyber incident response. As can be seen by just the
core organizations in the working group — the National Infrastructure Protection
Center, the DOD Joint Task Force for Computer Network Defense, the Federal
Computer Incident Response Capability, the National Security Agency and
the Justice Department — members cover all areas of government and represent
Until now, no formal procedure existed for coordinating this expertise.
That has left many agencies vulnerable to incidents such as the May attack
of the "I Love You" e-mail virus. Future viruses and attacks could cause
even more harm, according to the GAO.
The working group, which sits under the Critical Infrastructure Coordination
Group, will come together when there are attacks or "seemingly unrelated
cyber events" that affect national security, the national economy, public
safety or military operations; in the event of an attack sponsored by another
nation or state that affects U.S. security or interests; or in the case
of an attack that may require coordination with another nation.
The agreement — designed to be a work in progress — outlines not only
who is to be called in the event of a cyberattack, but also their responsibilities,
including how to share information on the incident with private-sector response
groups and other countries. It also attempts to ensure that each agency
makes a valuable contribution to the process, whether that is technical
know-how at the National Institute of Standards and Technology or the worldwide
reach of the Defense Department.
The steering group will be called into action only to review the analysis
efforts of the working group, or to recommend interagency responses to reduce
vulnerability and ensure that the appropriate response is taken. But its
members will then take the coordinated efforts and information directly
to the president and the NSC to enable governmentwide decisions and action,
The creation of these groups, and efforts at the CIO Council and other
organizations to coordinate cyber-incident response, puts federal agencies
on much better footing than they were in May, but there is still plenty
that can be done and much that must be learned, Gilligan said.
"I don't think we're there yet...but I think we've now outlined the
key steps," he said. "We now have some concepts, we now have the processes
outlined, and now we have to do the experiencing."