Agencies act to secure the future

In the charge to protect computer systems against cyberattacks, the National

Security Agency and the State Department are two prime examples of agencies

that have taken a proactive approach.

NSA is one of the federal agencies that have taken the lead in cooperation

between government and industry to advance cybersecurity.

NSA has formed alliances with more than 150 leading IT companies to help

identify emerging security solutions and has certified 14 academic institutions

as "centers of excellence" in security training, according to John Nagengast,

assistant deputy director for information systems security at NSA.

"We cannot [develop information assurance solutions] without the IT industry

being an integral part of [the process]," Nagengast said.

As for State, one high-ranking government official suggested

that the department develop a Future Concept Center, a specialized group

of visionaries to help define and prepare for future crises, including the

possibility of cyberattacks on the critical infrastructure.

During a State-sponsored panel discussion June 15, Ambassador

David Litt, political adviser to the president, said the department is too

shortsighted in preparing for crises and should follow the Defense Department's

example in studying and training for threats decades into the future.

"The United States military infrastructure is already preparing for the

requirements of the uncertain future. As time passes, non-state adversaries,

especially international criminal organizations, religious ethnic extremists,

[narcotics] traffickers and merchants of the technologies of weapons of

mass destruction will network among themselves using state-of-the-art communications

devices, as well as low-tech methods, in order to avoid detection," Litt

said.

Part of the problem, according to Litt, is that State historically

has been an organization designed to respond to crises as they arise, rather

than planning and training for them years in advance.

"This is part of our heritage. We pride ourselves in being predominantly

an operational agency, managing the problems and the crises of the day,"

Litt said. "At the same time, we face an alarming shortage of personnel,

which means that in times of crisis, our flexibility is reduced to the extreme.

The result is that the system rapidly becomes overloaded during major complex

emergencies."

Further cyberattack warnings came in a June 5 report by State's

National Commission on Terrorism. The panel recommended the secretary of

State push for an international convention to "improve multilateral cooperation

on preventing and responding to cyberattacks by terrorists."

"Certainly, terrorists are making extensive use of the new information technologies

and a conventional terrorist attack along with a coordinated cyberattack

could exponentially compound the damage," the report states.

The commission reported that groups posing the most danger to the United

States share some characteristics not seen among terrorist groups 10 or

20 years ago, including:

* They operate in the United States and abroad.

* Their funding and logistical networks cross borders.

* They are less dependent on state sponsors.

* They are harder to disrupt with economic sanctions.

* They make use of widely available technologies to communicate quickly

and securely.

* Their objectives are more deadly.

The conclusion from such a profile: "Without international cooperation,

the United States cannot protect its national infrastructure from the cyberthreat,"

the report states.