FBI Hints at Dismantling Cyberthreat Arm

Private-sector trust at stake, say critics


A decision by FBI Director Robert Mueller is expected this week on a plan to dismantle the FBI's cyberthreat warning arm, the National Infrastructure Protection Center (NIPC). Such a move could reverse years of progress made toward improving information-sharing between the private sector and the government, critics warned.

Mueller is poised to decide whether to break up the NIPC and transfer pieces of the organization to the FBI's criminal, counterterrorism and counterintelligence, law enforcement services and administration divisions. The FBI wouldn't comment on the plan, which Mueller first outlined last month in private meetings with members of Congress.

Ronald Dick, the NIPC's director, said any word of a final decision is speculation. Dick said Mueller "is a strong supporter of the NIPC and hasn't made a final decision on what will be in the new cybercrime division, nor how that will impact the NIPC, if at all."

In a March 19 letter to the FBI director that was obtained by Computerworld and The Associated Press, Sen. Charles Grassley (R-Iowa), a member of the Judiciary Committee, told Mueller that the plan "would destroy the fragile trust between NIPC and the private sector, which controls 90% of the nation's critical infrastructure." He also urged Mueller not to dismantle the NIPC by burying it within the "heavy-handed management and culture" of the FBI's criminal division.

"To deepen the association of NIPC with the most powerful law enforcement agency in the nation would only exacerbate the fear the private sector has about sharing critical information necessary for the success of NIPC," Grassley wrote. "Even worse, I have been informed by members of the private sector that many companies and other organizations, including [information-sharing and analysis centers], would immediately cut off the flow of infrastructure information to the FBI if NIPC is dismantled."

The Senate Budget Committee handed Grassley a tactical victory last week by passing a sense-of-the-Senate resolution denying the FBI additional money for the NIPC should the bureau move to subsume the agency.

Although they are nonbinding, such sense resolutions carry influence with appropriators on Capitol Hill. In a statement, Grassley called the committee's resolution a "positive step toward ensuring that the [NIPC] remains intact."

Established in February 1998, the NIPC's mission is "to detect, deter, assess and warn" the government and the private sector of significant threats to Internet security.

However, the role of the NIPC remains a contentious issue on Capitol Hill, where the national security community has complained of what it sees as the NIPC's inability to share strategic warning information in a timely manner. Also, many companies remain hesitant to share sensitive or proprietary data without assurances that the information won't be inadvertently disclosed to competitors.

Phyllis Schneck, a vice president at Atlanta-based security consulting firm SecureWorks Inc. and co-chairwoman of the FBI's InfraGard program, said that regardless of any reorganization, "at the top of the priority list for the private sector is continuing to work closely with the NIPC to exchange as much information as possible."

The InfraGard program, a public/private cybercrime security initiative with chapters managed out of the FBI's 56 field offices, currently has more than 3,500 private-sector members.


NIPC Timeline

Feb. 1998
NIPC established by U.S. Department of Justice and FBI as a government/private-sector partnership.
March 2001
Ronald Dick appointed director of NIPC; he inherits an organization still in start-up mode and lacking staff expertise.
Dec. 2001
FBI announces a reorganization, including a new cybercrime division within its Criminal Investigation Division.
Jan. 2002
Dick initiates plan to restructure NIPC along the lines of Centers for Disease Control.
Feb. 2002
FBI outlines plans to break up NIPC and merge organization into various FBI divisions.

Copyright © 2002 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon