US Government watchdog the General Accounting Office (GAO) told politicians yesterday that, while some of the internet security alerts issued by the FBI's cyber security division were in time to avert damage, most of the warnings applied to attacks already underway.
In a testimony before a Senate Judiciary subcommittee, the GAO said that overall progress in developing the analysis, warning and information sharing capabilities has been mixed.
According to Robert Facet, director of Information Security Issues at the GAO, the FBI's National Infrastructure Protection Center (NIPC) is aware of the challenges it faces and has taken some steps to address them.
However, Facet pointed out three factors that have hindered the NIPC. First, there is no generally accepted method for analysing strategic cyber-based threats. He said, for instance, that there is no standard terminology and no established thresholds for determining the sophistication of attack techniques.
Second, the NIPC does not have adequate staff expertise and, third, it does not have industry-specific data on factors such as critical system components, known vulnerabilities and interdependencies.
Furthermore, Facet said he wanted to emphasise a more fundamental impediment. "Specifically the entities involved in the Government's critical infrastructure protection do not share a common interpretation of the NIPC's roles and responsibilities," he said.
"The relationships between the NIPC, the FBI and the National Co-ordinator for Security, Infrastructure Protection and Counter-Terrorism at the National Security Council are unclear regarding who has direct authority for setting NIPC priorities and procedures," he added.
In addition, the GAO reported that the NIPC, set up in 1998, has operated with just 13 of the 24 analysts that officials estimate are needed to assess and relay information on cyber threats.
In a responding letter, NIPC director Ron Dick said the GAO's criticism that the agency was late in responding to cyber attacks was based on the fast-moving virus model that he said is "extremely difficult to detect or predict because most viruses are typically released by lone wolf crackers".
HP and Centrica are the first industry partners to sign up to the government's new Code
New ice grows faster but is also more vulnerable to weather and wind
With a crackdown on cheats is coming in November, PUBG rushes to fix matchmaking problems introduced in Update #22
New material uses carbon dioxide from the air to repair and reinforce itself