Nation's Cybercops Criticized

Just days after the Code Red worm crawls toward the White House, a Senate committee complains.

Lauren Dunn, Medill News Service

WASHINGTON-- As the Code Red worm lies dormant awaiting its next attack, the federal agency that is supposed to protect the nation against cyberterrorism took heat for not doing its job.

The National Infrastructure Protection Center was created three years ago, to protect the government and the private sector from cybercriminals. The criticism, echoed by a Senate Judiciary subcommittee, stems from a General Accounting Office report that calls the NIPC's efforts inadequate.

The Code Red worm is a recent example of a digital attack, and this one specifically targeted the White House's Web site. It takes advantage of a flaw in Microsoft Internet Information Server, used by many Web sites, and seeds malicious worms throughout the Net. These particular worms are on a timer that cause them to periodically launch a distributed denial of service attack on the White House site.

The agency "has a broad mission to prevent, warn against, analyze, and respond to cyberattacks," says Sen. Dianne Feinstein, D-California. "However, many experts within both the government and the private sector have suggested that NIPC has not fulfilled this mission."

Few Resources

According to the GAO's report, the center has done a poor job of analyzing and warning against cyberthreats and attacks. It cites the "ILove You" virus, which attacked thousands of computers in May 2000.

The center, which is conducting 1200 investigations, also lacks an adequate staff and has done a poor job at sharing information about potential threats and warnings with other federal agencies and private companies, the report states. The NIPC has faced such criticism previously.

Ronald Dick, the center's director, acknowledges the report's findings but stresses the progress made since the NIPC's inception.

Challenging Job

A computer security expert says the center has done all it can within its resources to protect the nation from cybercriminals.

"I would like to point out that NIPC has made great strides," says Chris Klaus, founder of Internet Security Systems, which provides computer security for the private sector. "NIPC makes every effort to craft its information into meaningful warning messages suitable for distribution to the widest possible audience."

The GAO suggests that the center create a better system to ensure that it can share necessary information with other federal agencies and private companies. The center also should develop better relationships with these groups, and build a database of information critical to cybercrime fighting, according to the report.