NIPC cyberdefense vision blurred

NIPC home page

The federal government's efforts to protect agencies against cyberthreats are severely hampered by a lack of experienced personnel and disagreement about the roles of the organizations involved, according to officials.

A yearlong General Accounting Office review of the National Infrastructure Protection Center at the FBI found that the organization has been unable to truly fulfill the Clinton administration's vision of "a national focal point" for critical infrastructure protection.

Clinton formally established the protection effort in May 1998 with Presidential Decision Directive 63, which requires federal agencies to secure the systems that support the nation's critical infrastructure, such as electric power and transportation. PDD 63 established that the NIPC "will provide the principal means of facilitating and coordinating the federal government's response to an incident, mitigating attacks, investigating threats and monitoring reconstitution efforts."

However, the NIPC is often missing key leadership for long periods, GAO found. And the center's staff, which is supposed to be enhanced by workers on detail from other agencies, is operating with only 13 of the 24 analysts necessary.

Representatives from the defense and intelligence communities are key missing members, said Ronald Dick, director of the NIPC, in his written testimony for Tuesday's hearing before the Senate Judiciary Committee's Technology, Terrorism and Government Affairs Subcommittee.

Because of the Senate's insistence on passing the president's tax cut bill by Tuesday afternoon, Sen. Jon Kyl (R-Ariz.), chairman of the subcommittee, accepted all the written testimony for the record and closed the hearing without any oral statements.

The NIPC also is missing much private-sector information about the vulnerabilities of key infrastructure segments, and it has been unable to form two-way information sharing practices with all but one of the industry centers established to share vulnerability data, the report found.

But the major underlying problem is that "the NIPC's roles and responsibilities have not been fully defined and are not consistently interpreted by other entities involved in the government's broader critical infrastructure protection strategy," wrote Robert Dacey, director of information security issues at GAO, in a testimony.

Indeed, GAO found that there is much disagreement among the many organizations involved in the federal critical infrastructure protection effort — such as the National Security Council and the Federal Computer Incident Response Center — about which group should take the lead. This disagreement includes the Office of Management and Budget's statement that the NIPC's focus "was to be on law enforcement, as indicated by its placement within the FBI," according to the report.

Dick is developing a "rudimentary vision" that will soon become a full-fledged strategic plan for the center.

This vision includes three elements:

* Rather than focusing on improving alerts during attacks, the NIPC will introduce forecasts, similar to the National Weather Service's severe-weather warnings.

* The NIPC's analysis will address broader critical infrastructure protection issues, such as the increasing threat of integrated cyber- and physical attacks on critical infrastructure.

* The NIPC will develop a more active partnership with other intelligence collectors across government and the private sector.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.