Senate committee tackles IT protection

On 4 October US legislators brought together the various heads of critical infrastructure groups to assess the level of...

On 4 October US legislators brought together the various heads of critical infrastructure groups to assess the level of cross-sector coordination following the 11 September terrorist attacks.

"Are we prepared for an attack on our vital computer systems?" asked Senator Fred Thompson in prepared remarks.

Other questions floated at the hearing centred on the degree of cooperation between government and industry, and the tie between physical and cyber protection efforts.

Appearing before the Senate Governmental Affairs Committee were groups orchestrating information sharing on threats, attacks and prevention.

Kenneth Watson, who leads the private sector group Partnership for Critical Infrastructure Security, told lawmakers that there was no single force leading coordination efforts.

"What you will actually discover is an architecture that requires distributed leadership, cooperation and partnership to accomplish that goal," he suggested in written remarks.

Watson argued that it would make sense not to have a single entity to coordinate public-private efforts to safeguard critical infrastructures.

"Distribution of control is actually safer than centralisation and builds resilience into the architecture," he said.

But there are already many entities working to collect and disseminate information on real or perceived attacks and to educate private companies.

Among those represented at the hearing were the FBI's National Infrastructure Protection Centre (NIPC), the General Services Administration's Federal Computer Incident Response Centre (FedCIRC) and the Commerce Department's Critical Infrastructure Assurance Office (CAIO).

Some experts have suggested that although cybersecurity efforts are by nature distributed endeavours, there should be more government coordination.

"Critical to the federal government effort is having at its apex a single individual or group endowed with the requisite powers and responsibilities to make the system work," said Frank Cilluffo, co-chairman of the Cyber Threats Task force Homeland Defence Project at the Centre for Strategic & International Studies in Washington DC.

Cilluffo suggested that the National Security Adviser, or the evolving post of Director of the Office of Homeland Security could preside over a reporting structure for dispersed organisations.

But the White House has yet to spell out the specifics of President Bush's Homeland Security office.

In recent press briefings, White House press secretary Ari Fleischer described a coordinating role for the office.

"Clearly, various agencies continue to have their vital functions, which are much more operational and mission-oriented," Fleischer told reporters on 2 October.

Read more on Data centre hardware