National Infrastructure Protection Center (NIPC)

views updated

NATIONAL INFRASTRUCTURE PROTECTION CENTER (NIPC)

A federal agency based in Washington, D.C., the National Infrastructure Protection Center (NIPC) is the primary governmental organization charged with safeguarding the infrastructure networks and systems of the United States from attack, including computer-generated attacks such as hacking and viruses. The NIPC, housed in the headquarters of the Federal Bureau of Investigations (FBI), defends from compromise everything from telecommunications networks and financial systems to energy, transportation, and governmental infrastructures. As more and more of the nation's infrastructure, as well as the management of industrial and financial activities, comes under the control of computer networks and information technology, the government has recognized the need to build new lines of defense to stave off threats to the nation's critical infrastructures from the next generations of attack. The NICP thus spots vulnerabilities in existing infrastructures with an eye toward their eventual fortification.

NIPC was founded in February 1998 on the heels of the 1997 report on the President's Commission on Critical Infrastructure Protection, also known as the Marsh Report after commission chairman Robert Marsh, a former Air Force General. The Marsh Commission itself grew out of a recommendation by the Critical Infrastructure Working Group (CWIG) that new vulnerabilities in the nation's infrastructure be studied and addressed. The Marsh Report identified computer-based infrastructure attacks as a new and serious threat, issuing a proposal for a government-industry partnership to protect key infrastructures.

The agency was built out of a conglomeration of elements of several federal agencies that maintained key roles in the defense of the national infrastructure, including the departments of Transportation, Energy, and Defense, along with the National Security Agency, the CIA, and the FBI. The NIPC also brought into closer coordination the intelligence and security operations of the FBI and the U.S. military. In addition, since the bulk of the national infrastructure was in the hands of private corporations, they were also invited into the fold to form a public-private governmental agency.

NIPC is divided into three divisions: Computer Investigations and Operations; Training, Administration, and Outreach; and Analysis and Warning. These organizations cover the wide range of NIPC's responsibilities pertaining to infrastructure protection, which include spotting incoming threats, identifying existing systems to pinpoint vulnerabilities, devising response strategies to particular threats as they happen, fostering preventive awareness and technologies, and investigating attacks and helping bring perpetrators to justice. In addition, the NIPC was charged with devising training programs for state and local agencies for the detection, tracking, and investigation of cyberattacks in their jurisdiction.

NIPC's first two years were particularly embattled as a number of high-profile viruses swept computer networks, propelling NIPC into action to try to find those responsible. In May 1999, even the FBI's and Senate's Web sites were hacked into, the perpetrators leaving behind messages directly challenging the FBI. NIPC director Michael Vatis was convinced that the nation's infrastructure was likely to fall victim to more frequent and more sophisticated cyberattacks in the future. Hackers and even national enemies aiming to attack the United States, in these scenarios, will target major infrastructure computer systems, thereby shutting down vital elements of U.S. society, rather than simply breaking into and disrupting Web sites or email servers.

NIPC's investigative procedures, however, came under fire in the early 2000s, as critics inside and outside the government criticized the agency for its alleged unwillingness to work with other organizations and share information about particular investigations. In addition, NIPC was attacked for its failure to issue prompt warnings to prevent the spreading of the crippling "I Love You" virus in May 2000. These kinds of criticisms generated more widespread consideration of just what role the NIPC should play in investigations and how it should relate not only to the rest of the government but to private companies as well. For instance, since NIPC, in the course of its investigations, needed to access the internal workings of company systems, firms were increasingly concerned about their ability to avoid having their own secrets compromised.

Another area of tension was the availability of strong and complex encryption systems. While the NIPC and the federal government generally was reticent about allowing such encryptions schemes into the general public for fear that they would be harder pressed to decode criminal transmissions, industry groups increasingly coveted state-of-the-art encryption schemes in order to secure e-commerce transactions and alleviate public fears over engaging in online commerce.