[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Hacker-Abwehr und Behördenstreit in USA
Cyberwar Foundering on Feuds?
By Michelle Delio
2:00 a.m. Oct. 9, 2001 PDT
Some government agency workers charged with protecting critical
computer systems are increasingly becoming entangled in
counterproductive, time-wasting power plays, according to sources inside
and outside of the agencies.
Political power plays aren't news, but the struggle between the FBI-led
National Infrastructure Protection Center (NIPC) and the newly formed
Homeland Security Office has many doubting that either agency will be
able to perform at peak levels over the next few months.
The NIPC, established in February 1998, was assigned to protect U.S.
critical systems against terrorism and other attacks, duties that have
now also been assigned to the Homeland Security Office (HSO), formed in
response to the Sept. 11 terrorist attacks.
Over the years the NIPC has increasingly focused on computer security,
but the HSO also has a new cyber-security division.
"Homeland Defense wants the NIPC to report to them, but the NIPC
believes they should be the cyber-security office," said Rob Rosenberger
of security news site Vmyths.
"Fights have started to break out over the lines and boxes on Homeland
Security's organization chart. The Bush administration will waste a lot
of time and effort over the next few months while offices jockey for
Sources inside the agencies confirmed there has been some confusion and
tension over who will report to whom but insist that the majority of
employees in both agencies remain focused.
"This isn't the time to play political slap and tickle with each other.
We need to get focused fast," said an FBI agent who requested anonymity.
But security experts are divided over whether the agencies can put power
President Bush installed former Pennsylvania Gov. Tom Ridge as head of
the Office of Homeland Security on Monday, pledging, "America is going
to be prepared."
Richard Clarke, who has served as counter terrorism chief at the White
House for more than a decade, will head the new Office of Cyberspace
Security and will report to Ridge. But according to the presidential
order that outlines his job, Ridge has little power, beyond persuasion,
to compel other agencies or officials to do anything.
"I'm just not impressed with the overall United States government
infrastructure assurance effort," said Richard Forno, chief technology
officer for Shadowlogic.
Forno has acted as an adviser to the Department of Defense on
information warfare. "Clarke actually has a clue about this stuff, but
given the environment he's charged with working in, he can't be
Ridge's office declined to comment on how or if Ridge will be able to
coordinate efforts between his staff and agencies that have historically
avoided working together.
"Yes, there are issues. Yes, Ridge can request but not compel. That will
be taken advantage of by some. Understand though, times are very
different now. Most people are putting all that previous pettiness
aside, at least for a while. Ridge is well respected here," said the FBI
agent previously quoted.
Others said that it would be difficult for the agencies to work
together, but felt that the situation would be swiftly sorted out.
"Will there be clashes between the agencies? Yes. Is that OK? Well, it's
normal," said security expert Fred Villella. "Like cyber-terrorism
itself, this situation isn't out of control; but it isn't under control
Villella was the executive secretary to the president's national
security adviser for emergency mobilization under the Clinton
administration. He now heads up New Dimensions International, a security
services company that recently introduced training against
"There will be big turf issues to be resolved with FEMA (Federal
Emergency management Agency), NIPC and all of the other 'letter'
agencies," said Villella. "That is inevitable. And for many, (computer)
skills and getting a grip on the dimensions of cyberspace and their
adversaries' capabilities are needed competencies that have yet to be
"But we do need a focus to direct attention to cyber-security. Richard
Clark and Tom Ridge's combined talents and drive in the right direction
will improve the approach," Villella said. "(It's) a very tough task....
They will have to screen who they are influenced by. There are those
selling products like me, and there are a lot of hacker types who focus
on cryptography solutions. Which of these approaches are right for the
cyber-terror task? Or is there more than one solution?"
Security experts said that basic measures, such as disconnecting entire
critical infrastructures from the Internet and ensuring that all
software meets stringent security guidelines, would go a long way toward
hardening U.S. cyber-defense.
Experts also pointed out that the government will most likely continue
to be led in their efforts to lock down computer systems by the private
computer security industry.
"The computer security industry guides the government, not the other way
around," Rosenberger said. "Face it: if a 'virus war' broke out, our
vaunted U.S. military would run like a helpless damsel to the anti-viral
Hackers or no hackers, Rosenberger and Forno don't hold out much hope
for governmental security experts.
"We'll see more meetings, taskforces, memos, reports etcetera," Forno
said. "Will it make a difference? It depends on how OHS is structured
and what authority Tom Ridge is given to force people in the government
to play ball. If, as it appears now, he is only to coordinate things, it
will never be effective."
"If the government does anything at all, it creates a bureaucracy,"
Rosenberger said. "Don't get me wrong, we need bureaucracies. And I
honestly believe the Feds will someday figure out what their bureaucracy
Rosenberger thinks that the NIPC will eventually come out on top of the
"I'd bet on the gun-toting agents to win this one, especially if
Congress does enact a law to sentence virus writers to life in prison
without possibility of parole."
A new bill called Patriot (Provide Appropriate Tools Required to
Intercept and Obstruct Terrorism) -- which legally classifies many hack
attacks as acts of terrorism -- is making its way through the House and
Senate this week.
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.