Predictions, Prevention Key to Cybersecurity

MASHANTUCKET, CONNECTICUT -- Though communication between the government and private sector in the area of cybersecurity has been good, the U.S. National Infrastructure Protection Center has areas in which it can improve, according to NIPC director Ronald Dick, whose keynote speech kicked off the CyberCrime 2002 conference here on Sunday.

Dick highlighted the prediction and warning of cyberattacks before they happen as being one of the main areas where improvement is needed. In order to be effective, the NIPC, which is the cybersecurity wing of the Federal Bureau of Investigation, has to be able to provide information that the private sector can act on, something it is now doing, Dick said.

"The NIPC has finally reached a level of capabilities that we are finally providing value-added products and information," he said.

Providing such information to the private sector is crucial, Dick said, because of how interdependent the nation's critical infrastructure systems have become.

"Future attacks against our infrastructure could have cascading effects," he said, noting that the banking systems relies on the smooth operations of telecommunication systems, which in turn requires a functioning electrical system.

Getting Organized

To that end, the NIPC has identified over 8000 entities that control critical infrastructure in the U.S. and has grouped them into three tiers--those with international impact, regional impact, and local impact, Dick said. Currently, the agency is working with the top tier of groups to develop contingency plans to use in case of an attack, Dick said, adding that those plans would later be applied to companies in the other tiers.

"Infrastructure protection can only be accomplished with the government and private sectors working together," Dick said.

One tool the NIPC relies on for such public/private sector communication is Infraguard, a nationwide set of cybersecurity groups in which government and company officials meet to discuss cybersecurity challenges. Infraguard has over 3000 members and is growing at 20 percent a month, Dick said, making it "one of the largest government/private sector joint partnerships for infrastructure protection in the world."

Problems Persist

Though the public/private cooperation has led to success for the NIPC, the organization is not without its shortcomings, Dick said.

"We've done a pretty good job of being reactive to events," he said, but the NIPC needs to "provide ... information that actively prevents these attacks before they occur."

The NIPC has been weak in strategic analysis and needs to build a better program in the area, he said.

Creating such a program is Dick's number one priority, as well as his most ambitious one, he said.

The NIPC's strategic analysis program will focus on four areas: prediction, prevention, detection, and mitigation, Dick said. The goal of this focus will be to better forecast cybersecurity incidents, he added.

As part of that effort, the organization is looking at creating a "cyberweather forecast" tool that those responsible for computer security could look at daily to see what kinds of cyberthreats are on the horizon, Dick said.

Despite the steady increase in the number of cyberattacks documented by the Computer Emergency Response Team Coordination Center, which Dick cited in his speech, he remains optimistic about U.S. cybersecurity.

"Although cyberattacks are on the rise, so is public awareness," Dick said. "We will not tire until this job is done."

The CyberCrime 2002 conference runs from February 3 to February 5.