  |
 |
|
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: | ||
 |
|
NIPC NOT LIVING UP TO ITS MISSION --YETSource: Security Wire DigestPosted on May 24, 2001 The National Infrastructure Protection Center (NIPC) frequently doesn't issue security alerts until cyberattacks are well under way, mainly because it lacks the staff and strategic analysis needed to fully do its job, according to a new US government report. An audit conducted by the General Accounting Office (GAO) found that the NIPC, a division of the FBI, has operated with only 13 of the 24 staffers the NIPC says it needs to fulfill its mission. The agency also has been slow to fill key leadership positions, such as hiring the chief of the analysis and warning section 18 months after the unit's creation in 1998. There also are too few infosecurity experts on staff to develop adequate analysis and warning capabilities, the GAO concluded. Many FBI agents assigned to the NIPC have spent much of their time helping the 56 FBI field offices establish cybercrime units. The GAO praised the NIPC for setting up those satellite operations but noted security threats still aren't promptly disseminated to the public and private industry. "While some warnings were issued in time to avert damage, most of the warnings, especially those related to viruses, pertained to attacks underway," the report states. The NIPC's main duties are to analyze computer security threats, coordinate the U.S. government's response to breaches and promote public infosec awareness. In a written response, NIPC Director Ronald Dick blamed other agencies lack of support for much of the agency's shortcomings, particularly staff shortages and slow warnings. He also expressed frustration with the business community's reluctance to share threat information with the FBI. The GAO noted a lack of cooperation from the departments of Defense and Treasury. "It is most important that the NIPC receive more adequate staffing, particularly from the defense and intelligence communities, in order to remedy the principal shortcoming identified by the GAO -- the lack of strategic analysis," says Dick. Dick also reminded the GAO that the NIPC, which currently runs on a $27 million budget, is relatively young. "It is a startup organization less than three years old, which has accomplished admirable results despite the fact that it began with no dedicated source of funding and no ready group of personnel to staff it." The GAO audit was requested by members of the U.S. Senate Subcommittee on Technology, Terrorism and Government Information after the "LoveLetter" virus outbreak in May 2000. Businesses complained the FBI warning came only after there was widespread damage to e-mail systems. The GAO did, however, praise the NIPC in its early alerts for the 1999 Melissa virus and distributed denial-of-service attacks against major commercial Web sites in February 2000. For a copy of the GAO report, go to www.gao.gov/. The report is No. GAO-01-323.
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
|
ALERT  WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |