General Accounting Office Says NIPC Must Step Up EffortsGeneral Accounting Office Says NIPC Must Step Up Efforts

Between the difficulty in getting advance warning of cyber attacks and creating effective communication with other federal entities, the infrastructure security agency has its work cut out for it

information Staff, Contributor

May 22, 2001

2 Min Read
information logo in a gray background | information

Security professionals already knew that the National Infrastructure Protection Center has been largely ineffectual. Now the rest of the world knows it, too. In a wide-ranging critique released Tuesday, the General Accounting Office identified a number of shortcomings that the NIPC must overcome to be effective. The list of includes staff shortages, ineffective interagency reporting, and the FBI's reluctance to share sensitive information on potential cyber attacks.

Formed in 1998 to provide advance notice on possible security threats that could jeopardize the infrastructure of such critical industries as banking and finance, telecommunications, water, and energy, the NIPC has yet to offer the kind of buffer that was intended. For instance, the GAO report notes that the NIPC has issued 81 security alerts and other notices since its inception, but that all of the breaches already were under way by the time a notice was posted.

Bob Dacey, director of information security issues for the GAO, acknowledges that the NIPC's charter poses inherent challenges because of the difficulty in identifying potential cyber attacks--either viruses or coordinated attacks--before they occur. Dacey also says the NIPC should not take sole responsibility for making the system work. "They've got some significant challenges," he says, "and some of those are out of their control." Chief among those is establishing more formalized information-exchange practices between the NIPC and other federal agencies, including the FBI.

Gartner analyst John Pescatore says he supports the GAO's criticism of the NIPC. Pescatore says that until now, the NIPC has basically echoed alerts that security professionals had already discovered through other channels, such as Cert. "If we're going to devote public tax dollars to something like the NIPC, those dollars should be used on something private industry hasn't already done," he says. "It's had zero impact in increasing anybody's awareness. That's not a metric for success."

Read more about:

20012001

About the Author

information Staff

information Staff

Contributor

See more from information Staff
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports