IT Security Experts Weigh Potential Threats To Nation’s Infrastructure5:13 PM EST Wed. Aug. 21, 2002
In the year since the Sept. 11 terrorist attacks, the government has made strides in terms of preparing for threats against U.S. interests, both the cyber and noncyber types, said IT security experts from federal agencies gathered here for Gartner's Sector 5 conference Wednesday.
"There is truly a huge effort going on to leverage" and share data among agencies, said Ronald Dick, director of the National Infrastructure Protection Center (NIPC), a division of the FBI.
Dick described the growth of what he called a "fusion point," to which information about potential threats and risks flows from multiple departments and agencies.
The NIPC is one of a multitude of federal agencies slated to be housed under the Department of Homeland Security, which is still being shaped by the Congress and the White House.
One audience participant who works at the Federal Aviation Administration said the agency is more regularly running three-hour mock cyberattacks, training FAA IT people to react in realtime.
"We're doing this all over the country," said the FAA representative, who declined to give his name.
Some of the panelists said that the demand for qualified IT experts continues to surge.
"We have a shortage of IT professionals, and we have a greater shortage of IT security professionals," said Howard Schmidt, vice chair of President Bush's critical infrastructure protection board.
Others pointed to the emerging National Information Assurance Partnership (NIAP) standards as a way to gauge the quality of a security consultant or product.
Last year, the federal government launched the NIAP, which is developing a program that gauges the security qualifications of consulting firms hired and products used to conduct system certifications for federal agencies.
Systems integrators or system administrators in federal departments can "insist that products are certified by NIAP," said Richard Marshall, principle deputy director of the U.S. Critical Infrastructure Assurance Office.
NIAP is a joint initiative of the National Institute of Standards and Technology and the National Security Agency.