Feds must protect against cyberattacks, experts say

The federal government must carefully consider the policy issues for protecting the nation's critical infrastructure from cyberattacks—issues that the conflict in Yugoslavia has shown are more important today than ever before, according to federal and industry experts.

The United States must develop a coordinated national response to cyberattacks to adequately protect systems supporting the nation's critical infrastructures, such as the electrical, financial and transportation systems, said Roger Molander, senior research scientist at Rand Corp. and a former member of the White House's National Security Council.

The NATO-led bombing campaign in Yugoslavia, including the bombing of the Chinese embassy, showed how cyberattacks on federal World Wide Web sites—such as attacks affecting the Web sites operated by the White House, the Senate and the FBI—can be a part of warfare. While these attacks are only one type of information warfare, the attacks have demonstrated the reality of cyberattacks and emphasized the need for warning and response coordination at the federal level, Molander said.

The FBI is heavily involved in the national response to cyberattacks and critical infrastructure protection, mostly because the law cannot keep up with the technology, Michael Vatis, chief of the FBI's National Infrastructure Protection Center, said at the American Association for the Advancement of Science's Spring 1999 Professional Society Ethics Group meeting today.

The FBI and the NIPC are almost always the first to respond to a network intrusion because technology cannot tell agencies whether the intrusion was a benign mistake, was done for a criminal purpose or was an act of terrorism, Vatis said. In today's legal environment, law enforcement, not security organizations, must make the first move, he said.