Feds shape cyberwarning strategy

Under pressure from Congress to better coordinate the government's response

to computer viruses and other cyberattacks, the National Security Council

has developed a plan outlining roles and responsibilities for federal cybersecurity

organizations.

Under the plan — sent out to those organizations and federal agencies

late last month — the National Infrastructure Protection Center, working

with the General Services Administration's Federal Computer Incident Response

Capability office, will take the lead in alerting agencies to cyberattacks

and will coordinate any immediate response.

The memo identifies the organizations and agencies to be involved in

various kinds of attacks and defines the criteria for NIPC to call a meeting

of the full cybersecurity community.

NSC — working with Richard Clarke, the national coordinator for security,

infrastructure protection and counter- terrorism — will step in whenever

a security response requires a broad policy decision, according to the plan.

"This institutionalizes how we will share information both at an operations

level and a policy level when cyber-incidents occur," said Mark Montgomery,

director of transnational threats at NSC.

Many observers have called for coordination among organizations such

as NIPC, the Critical Infrastructure Assurance Office (CIAO) and NSC itself.

NIPC, based at the FBI, was established in 1998 to serve as the government's

central organization to assess cyberthreats, issue warnings and coordinate

responses. The CIAO was set up to help agencies develop and coordinate

security policies and plans.

"The proliferation of organizations with overlapping oversight and assistance

responsibilities is a source of potential confusion among agency personnel

and may be an inefficient use of scarce technical resources," said Jack

Brock, director of governmentwide and defense information systems at the

General Accounting Office, speaking before Congress in February.

The calls for coordination became louder after the "I Love You" virus

in May affected almost every federal e-mail server and taxed many agencies'

resources. The lack of formal coordination and communication led to many

more agencies being affected by the incident than necessary, according to

GAO.

Although the many warning and response organizations work together,

the NSC memo lays out a standard process for coordination, said John Tritak,

director of the CIAO.

In the past, that type of coordination happened an ad hoc basis, an

administration official said. Now, as laid out in the memo, the process

is set so that it can last through the November election and into the next

administration, he said.

"Some of the formal mechanisms that existed were frankly ineffective

in the tasks they were meant to do," another administration official said.

"For circumstances that are extraordinary, we now have a process where the

NIPC will coordinate the operational response, and the National Security

Council will head the policy response."