The General Accounting Office (GAO) undertook an audit and review of the National Infrastructure Protection Center (NIPC) following US government complaints that the unit was slow to respond to attacks such as the Love Bug virus.
The GAO told Congress that while virus warnings were issued, most attacks were already well underway by the time the alerts were dispatched.
The NIPC was established in 1998 under President Clinton after the GAO warned of the potential havoc that could be wreaked by hackers. Its main responsibilities are to monitor threats; co-ordinate the government response to computer attacks and assist the police with enforcing laws on computer security.
The nominal payroll is only 24 staff, but the unit has been operating at almost half strength with just 13 employees in place. The GAO also said that the unit lacked senior staff, including a chief of analysis and warning.
While the NIPC had been effective in helping the Federal Bureau of Investigation attack computer crime, according to the GAO, it was failing to develop a strategic analysis of threats to computer systems, and failing to identify systems that were particularly vulnerable to attack.