Reno unveils center to protect infrastructure

and TORSTEN BUSSE

Attorney General Janet Reno last week announced an interagency effort to track and analyze electronic threats to the nation's critical infrastructure, such as the private computer systems used to manage the financial, electrical and transportation industries.

The new National Infrastructure Protection Center (NIPC), headed by Michael Vatis, associate deputy attorney general, will include the FBI' Computer Investigations and Infrastructure Threat Assessment Center (CITAC) and will add real-time intrusion-detection "watch-and-warning" capabilities so that officials can identify who is attacking the infrastructure's systems and trace the attacks back to a source.

Initially, the center, which will be housed at FBI headquarters, will employ 85 FBI agents and 40 employees from the Secret Service and the departments of Defense, Transportation and Energy. Eventually, the center will add employees from other federal agencies and the private sector. Funding mechanisms have not been completed.

Our telecommunications systems are more vulnerable than ever before as we rely on technology more than ever before," Reno said.

In October the president's Commission on Critical Infrastructure Protection recommended that the government field a real-time warning capability modeled after the military's air defense and missile-warning system. While the commission found no evidence of an impending cyberattack on the nation's infrastructure, its members warned that the capability to exploit weaknesses in the country's power, telecommunications, transportation and financial segments does exist.

Reno will ask Congress for $64 million for the NIPC in fiscal 1999, a sum that would allow the establishment of six additional computer investigation centers in cities throughout the nation.

The private sector also will have a vital role to play in the electronic defense, Reno said. She called for direct electronic links between the private sector and law enforcement agencies in what she termed a "significant departure" from past behavior. The closer links, however, must be set up within the confines of the Constitution and cannot infringe on individual rights and confidentiality.

The dimensions of the threat also will require international collaboration, given the possibility that someone "can sit in a kitchen in St. Petersburg, Russia, and can steal money from a bank in New York," she said. "Cyberspace crosses borders."

Winn Schwartau, who writes about information warfare and is president of Interpact Inc., a security consulting company, questioned the Justice Department taking the lead for national infrastructure protection. "Does Justice really have enough capability, manpower [and] technical knowledge to take the lead?" he said. "The Defense Department has a much stronger skill set to manage something like this."

The NIPC officials may use the nation's Arms Control Treaty monitoring system as a model for its system. DOE's Sandia National Laboratory is designing a computer system that could become the backbone for a national information warfare indication and warning center. Kenneth Geide, deputy chief of NIPC, said CITAC officials have been following the work at Sandia, but a warning-and-detection method has not yet been selected.

Sandia, whose work has been partially funded by the Defense Information Systems Agency, is exploring ways to embed sensors in the computer systems of the nation's critical infrastructure, said Sam Varnado, Sandia's director of the energy and critical infrastructure technology center. The sensors would send intrusion or attack information back to a central command center, where officials could determine the nature of the incident and then trace the intrusion back to the perpetrator.

Sandia officials soon will begin using a powerful supercomputer to model the consequences of an attack on a specific critical system. "We're really concerned about the interdependence of the infrastructures," Varnado said. "If the telecommunications network would go down, then banking and finance would go down. Then you can look at systems and say what would cause that consequence. Now you can start to get at a cost-benefit approach. We need to get industry involved. They don't see a business case because no one can tell them exactly what the threat is."

Busse is a reporter with IDG News Service.