Slow response to Slammer worm points to NIPC woes

IDG News Service - A slow response from the FBI to Saturday's outbreak of a virulent new computer worm may have been the result of the recent government reorganization creating the U.S. Department of Homeland Security and increased concerns about threats of cyberterrorism.

The FBI came under scrutiny after it appeared that the agency had moved slowly to respond on Saturday as the W32.Slammer worm rocketed around the world, infecting hundreds of thousands of systems within the first few hours of surfacing (see story).

The FBI's cyberthreat arm, the National Infrastructure Protection Center (NIPC), stayed silent for much of the day as prominent antivirus companies such as Internet Security Systems Inc. and Network Associates Inc.'s McAfee AVERT (Anti-Virus Emergency Response Team) division issued alerts about the spread of the Slammer worm.

Reporters who called the agency asking for comment during that time were told only that the NIPC was "monitoring the situation," but official statements weren’t forthcoming.

It wasn’t until 1:41 p.m. EST on Saturday, more than 13 hours after the initial appearance of Slammer, that the NIPC issued its first advisory on the worm on its Web page. By then, many organizations had already identified the threat and taken steps to stop it.

In a webcast yesterday hosted by the nonprofit SANS Institute that featured security experts and representatives from the federal government and Microsoft Corp., Marcus Sachs, director for communication infrastructure protection at the White House Office of Cyberspace Security, said a combination of bad timing and the recent folding of the NIPC and other government cyberagencies into the Department of Homeland Security may have played a role in the lackluster response to the outbreak.

"The worm couldn't have come at a better time," Sachs joked.

The inauguration of the new department was celebrated Friday. In addition, NIPC staffers were coordinating with other federal computer security personnel on what was described as an issue stemming from tensions with Iraq.

As a result, most NIPC researchers were home when Slammer broke, and the agency had trouble getting "the right personnel" to respond, Sachs said.

"They're going through a transition now, and I don't know where it's going to come out," said Allan Paller, research director of the Bethesda, Md.-based SANS Institute. He said indecision during the past year about the NIPC's future and senior staff defections in recent months have taken their toll.

But an NIPC spokesman denied there was any delay in responding to the Slammer threat. "The NIPC puts out alerts and advisories when it's sure that the information is correct and complete," said Bill Murray, a public affairs officer at the NIPC.