Meet America's new top cybercop

New NIPC chief steps away from 'electronic Pearl Harbor' rhetoric

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

The new head of the National Infrastructure Protection Center (NIPC) says it takes time to turn FBI agents into a cyber defense team.

"One of the things that gets lost in the translation of where we started and where we are now, is there's a lack of realization that this entity is only three years old," NIPC Director Ronald Dick told us. "And unlike in a lot of organizations....the center was created without a startup period to get people on board and to get operational."

Created by Presidential directive in February 1998, the NIPC was intended to be a multi-agency command center for evaluating, investigating and responding to physical and cyber attacks on the nation's "critical infrastructures," including telecommunications networks, the power grid and financial systems. It was a new role for law enforcement, says Dick.

"The center was created with a priority other than investigations," Dick says. "We had a whole new area in which the FBI, and a lot of our partners, hadn't previously been involved in."

Since then, the NIPC's grown to a staff of approximately 100, and has fostered a broad array of public/private partnerships, including the Electrical Power Indications and Warning System -- a plan to defend the North American power grid from attack -- and two Information Sharing and Analysis Centers (ISACs) that allow carefully screened information on cyber attacks to pass back and forth between the government and the private sector.

But when Dick, a 24-year veteran of the FBI, took the NIPC helm from founding director Michael Vatis last month, he inherited an organization that's been dogged by criticism and controversy almost since inception.

Cooperation problems

The most frequent complaint is that the FBI, which houses and heads the center, doesn't play well with other law enforcement agencies, the intelligence community and the Department of Defense (DoD), all of which were meant to have significant roles in the NIPC. Last year, that criticism compelled a Senate subcommittee to order a General Accounting Office review of NIPC's effectiveness, which is still pending.

"NIPC was meant to be a focal point to coordinate the investigations of various federal law enforcement agencies," said US Senator Charles Grassley (Republican, Iowa), in a statement to a subcommittee in June of last year. "Instead, it has become a cash cow for the FBI to fund its computer crime cases. It's nothing more than a computer crime squad of the FBI. That's not what was ever envisioned."

It was probably to counter such criticism that the new director's second-in-command was picked from the Defense Department, rather than the FBI, and has ties to the intelligence community; Rear Admiral James Plehal is a naval reserve commander and a former National Security Agency (NSA) department head.

"We've added a two-star admiral from DoD as deputy director," said Dick. "He and I are very much in concert with trying to dispel those kinds of perceptions. I don't particularly think those perceptions are true, but perception is reality."

Another perception Dick may have to battle centers on the NIPC's judgment in issuing public advisories. The center sometimes appears to focus on trivial matters -- one recent assessment reported that "intruders" had been spotted abusing an open FTP server to play interactive computer games -- while responding slowly to more important developments, like last year's LoveLetter virus.

"There's not a terrible amount of analysis that's going on," says one security professional, speaking on condition of anonymity. "It's sort of summarizing information that other people publish."

But Dick says any perception that NIPC's advisories are arbitrary or hyped stems from a misunderstanding of the center's criteria.

"The only time that we're going to engage in issuing an assessment or a warning or an alert is where we can add value, where we can add information from law enforcement, or the intelligence community or sanitized information from an ISAC," Dick says. "If we can't provide value added, then I don't feel that it's appropriate for us to engage... For us to speak as often as antivirus companies would detract from our mission."

The NIPC also issues public warnings when a vulnerability is so significant that it would affect national security, says Dick. "Then it's incumbent upon us to add to the volume of the noise so that system administrators will fix it."

Russian attacks

By way of example, Dick points to NIPC's public warning last month that a Russian hacker ring was penetrating e-commerce sites, stealing credit card numbers and extorting financial institutions. The NIPC publicly identified specific vulnerabilities the intruders were exploiting, while adding information about the perpetrators' modus operandi gathered from an FBI investigation. (The FBI recently arrested two Russian men in Seattle on charges apparently related to the NIPC warning.)

"The financial services ISAC was able to identify 1600 attempts on systems that they helped protect right after the announcement," says Dick.

Dick says the Russian case is part of an ongoing devolution in the character of computer intrusions.

"I think that what we're seeing is a movement," Dick says. "The number of intrusions that are coming into the public eyes are not just young hackers... doing it for adventure and notoriety... [Now] greed motivates some intruders. Or reprisal by disgruntled employees... It's a swing that is not unlike what we've seen in other tools to commit crimes."

Of course, the NIPC was formed, not just to fight crime, but also to combat cyber terrorism and state-sponsored information warfare-- threats that despite years of warnings, have not yet materialized. Dick believes the danger is real, though he's seemingly more optimistic than high-profile cyber defense hawks like Rep. Curt Weldon (Republican, Pennsylvania), who frequently claims that an "electronic Pearl Harbor" is unavoidable.

"Hopefully, there will never be a cyber Pearl Harbor, because we've done our job right and people have used appropriate due diligence," said Dick. "We'll see some minor things, but not the catastrophes that have been portrayed in the past."

Meanwhile, America's top cybercop says there's much work to be done in his new post. "Michael [Vatis], I think, did a good job of building the foundation," says Dick. "My role is to finish the rest of the building."

© 2001 SecurityFocus.com, all rights reserved.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
prev story


Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.