STAFFING shortages hamper anti-cyberterrorism unit

Tuesday, May 22nd 2001, 12:00 am
By: News On 6

WASHINGTON (AP) _ Staff shortages and vacancies in key positions kept a government anti-computer-crime unit from alerting the public of dangerous computer viruses until the damage was already done, Congress was told Tuesday.

``While some warnings were issued in time to avert damage, most of the warnings, especially those related to viruses, pertained to attacks underway,'' the General Accounting Office said in an audit of the National Infrastructure Protection Center.

The investigative arm of Congress blamed a lack of a system to share information government-wide and a shortage of skilled staff for the delays.

The center, created in 1998, has been operating with just 13 of the 24 employees that NIPC officials say are needed to fulfill the center's responsibilities, the GAO said.

The agency has also been hindered by leadership vacancies, such as the Chief of the Analysis and Warning Section, a position that has only been filled for about half of the center's three-year existence.

The GAO review was requested by Sens. Jon Kyl, R-Ariz., Dianne Feinstein, D-Calif., and Charles Grassley, R-Iowa, because of complaints from experts in the government and private sector that the agency was slow to respond to security threats, such as the spread of the ``I Love You'' virus.

In a letter responding to the GAO report, Ronald Dick, director of the NIPC, said his staff has been committed to their ``oftentimes heroic and anonymous efforts on behalf of all Americans.

``Yet, without an increased staff ... the NIPC simply cannot reach its full capacity to assess, warn and protect,'' he said.

Former President Clinton created the NIPC in 1998 in response to warnings from the GAO and others about the damage that could be done by hackers.

The center was assigned to analyze threats to computer security, coordinate the government's response to security breaches, help law enforcement and promote public outreach.

The GAO report said the center has been effective in helping the FBI investigate computer crime and helped establish small special squads in all 56 of the FBI's field offices.

But its biggest shortcoming was its failure to develop a strategic analysis of threats to computer systems and identify vulnerable systems, the GAO said.