[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Hinter den Kulissen beim NIPC
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
... und ihren Versuchen, mit Code Red fertig zu werden. RB
Computerworld, 13.8.2001
Taking a Look Behind The Scenes at the NIPC
How Ronald Dick is waging a war to rid the nation of computer security
threats
By DAN VERTON
Ronald Dick, director of the NIPC
(August 13, 2001) Intelligence data began pouring in on a Thursday
afternoon. The press hadn't picked up on it yet, but there was a problem
brewing on the Internet. A computer worm had been uncovered that, if
left unchecked, could begin to bog down Web sites and e-commerce around
the country.
It was July 12. There were no reports yet of widespread failures or
denial-of-service attacks stemming from what would eventually become
known as the Code Red worm, but Ronald Dick knew his agency couldn't
afford to wait. The National Infrastructure Protection Center (NIPC) had
been criticized harshly in the past - including once in a report by the
General Accounting Office (GAO) shortly after Dick took over as director
in March - for not providing the type of advance warning and strategic
analysis many in government expected from it.
A warning had been sent out in June outlining the vulnerability that the
Code Red worm would later take advantage of. But now a private-sector
analyst was telling Dick that there were signs that something was
already spreading like a disease on the Internet. Dick sent the
information to Robert Gerber, chief of analysis and warning at the NIPC.
Gerber, a senior national intelligence officer on loan to the NIPC from
the CIA, ordered an immediate intelligence "work-up."
Like medical specialists exchanging information on a patient's health,
Gerber's analysts quickly began exchanging information via secure
telephone and videoconferencing links with officials all over
Washington. By July 19, the teleconferences had reached a frenzied pace.
There were as many as 20 a day, and they involved the Defense
Department, the National Security Agency (NSA), the Commerce Department,
the CIA, the Secret Service and even private-sector groups, said Dick.
JUST THE FACTS
Ronald Dick
Highlights of the NIPC director?s résumé:
Qualifications:
Certified Public Accountant; FBI special agent, 23 years.
--------------------------------------------------------------------------------
1981 - 1991 Worked antidrug operations. Helped break the Cali drug
cartel?s operations in South Carolina.
--------------------------------------------------------------------------------
1992 Served as member of FBI institutional fraud unit.
--------------------------------------------------------------------------------
1995 Helped create first national computer crime squad.
--------------------------------------------------------------------------------
1998 Chief of training and outreach programs. Helped create FBI
InfraGuard program.
--------------------------------------------------------------------------------
1999 Coordinated national computer crime investigations.
--------------------------------------------------------------------------------
2001 Named director of the NIPC.
"We [still] don't know who is responsible for Code Red," said Dick on
July 27, three days before holding a national press conference to urge
Internet users to inoculate their systems against the worm. "But my job
is simply to stop it."
For Dick, a 23-year veteran of the FBI who spent five years marketing
mainframe computers for Burroughs Corp. (which later became Unisys
Corp.) before joining the FBI, stopping a worm outbreak would prove more
challenging than he ever imagined. More than a half-dozen warnings had
gone out a month in advance, including one from the NIPC. Yet more than
250,000 computers were infected in nine hours on July 19 alone.
And it wasn't over yet.
The Second Warning
On Friday, July 27, it became clear to the NIPC and some private-sector
experts that the Code Red worm wasn't dead. Analysis showed a second
variant of the worm was set to launch another round of infections
beginning at 8 p.m. Eastern time July 31.
Dick sat in his office in FBI headquarters overlooking Pennsylvania
Avenue. With him was Leslie Wiser, an investigator at the NIPC and the
FBI agent responsible for nabbing Aldrich Ames, the most damaging mole
in CIA history. They brainstormed ideas on how to get the word out to
the hundreds of thousands of systems administrators who still hadn't
patched their systems.
The conclusion was that the information-sharing partnership that had
developed between the NIPC and various private-sector groups had worked.
Early warnings helped the White House and other federal agencies
sidestep the initial outbreak of the worm.
But there were still companies out there that thought their systems
weren't important enough to be affected. More systems would almost
certainly be victimized. And if the worm proved as damaging as some
private-sector experts said it would be, Internet traffic could slow to
a crawl.
Dick was at a loss. "Everybody issued warnings, and yet we didn't reach
a significant number of people who utilize the software," he said. "How
do we do it?"
They decided to hold a press conference. Dick acknowledged that he can't
call a press conference every time a worm pops up. But in this case, he
said, "there is reason for concern" that the performance of the Internet
could be affected. So he held a press conference July 30, flanked by
Gerber and six representatives from private industry. The decision
attracted an unprecedented level of praise from industry groups, as well
as criticism from security pundits who later called it FBI "hype."
The NIPC's critics have inflicted more wounds than Dick has the
resources to attend to. However, Dick is assembling a top-notch
interagency emergency team that includes Gerber; Wiser; Navy Admiral
James Plehal, who took over as the center's deputy director in February;
a new watch chief recently hired away from the NSA; and a Secret Service
agent whose appointment to the NIPC is pending.
"When I got here, we were basically a start-up," said Dick. "There
wasn't a staff here, there weren't facilities here and no dedicated
source of funding.
"We basically had to build those capabilities from the ground up," said
Dick. "It takes time."
Established in February 1998, the NIPC's mission is "to detect, deter,
assess and warn" the government and the private sector of significant
threats to Internet security. The NIPC is a joint center made up of
representatives from various agencies.
Two areas in which the NIPC has been criticized by the GAO - and
rightfully so, according to Dick - are strategic analysis and data
mining. The GAO report "was fair" and an accurate reflection of what was
happening at the NIPC when the report was published in May, Dick said.
And the GAO offered more praise than criticism for the NIPC in its
report - something the media ignored, according to Dick and Wiser.
"It's disheartening at the end of the day for people who are working 14
to 15 hours a day and trying to put out a good product to read some of
the headlines that come out," said Dick. "If [the GAO and Congress] came
to NIPC today they would not find the same issues bogging the agency
down."
Things are getting better, especially in strategic analysis and data
mining, thanks to Gerber and a new data warehouse and data mining pilot
project being put together by McLean, Va.-based Mitre Corp. and several
national research laboratories.
But Dick, who is using the Centers for Disease Control as a model for
the new NIPC, needs specialists for his surgical team. He acknowledges
that part of the NIPC's problem has been the lack of expertise in the IT
aspects of critical infrastructure protection. "I need people who know
gas and water, people who know electric power and the transportation
system," he said.
"It's not going to be a quick fix," said Gerber. "Frankly, one of my
goals is to build the kind of place that if you were an intelligence
officer you couldn't imagine not working here," he said. "I'm of the
mind that two years from now, we'll need to look back and ask, 'Did we
stretch far enough?' "
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.