NIPC leadership, protocol questioned

With the transfer of the National Infrastructure Protection Center (NIPC) from the U.S. Federal Bureau of Investigation (FBI) to the new U.S. Department of Homeland Security days away, top positions remain vacant at the fledgling agency and questions linger about its ability to work with other agencies and respond to cyber attacks.

The cutover will take place on March 1, when the four year-old NIPC becomes a part of the new Directorate for Information Analysis and Infrastructure Protection (IAIP) within the Department of Homeland Security (DHS), according to Commander David Wray, a spokesman for the NIPC.

Joining the NIPC in the IAIP will be groups from a number of other agencies, including the U.S. Department of Commerce's Critical Infrastructure Assurance Office and the General Services Administration's Federal Computer Incident Response Center (FedCIRC).

Chief among the challenges facing the NIPC and the new IAIP is the loss of critical computer investigative talent that resulted from the move.

Well before the legislation creating the DHS was signed, beginning in December 2001, the FBI undertook a major reorganization. Among other changes, a new Cyber Division was created to investigate computer crimes. The FBI is retaining approximately one third of the NIPC staff who specialized in criminal intrusion and forensics to work in the Cyber Division.

The remaining two thirds of the NIPC staff, scheduled to transfer to the DHS, will focus on "broad Internet issues" and technologies related to hard infrastructure such as dams and electrical power grids, according to Wray.

However, many of the NIPC agents serving functions that are being transferred have found other jobs within the FBI to avoid the move to the DHS.

"Of the FBI folks who could have come over [to the IAIP], only about a third to a half are coming over. The rest have transferred to positions within the FBI," said Wray. Including NIPC jobs as well as other functions, the IAIP will have more than 200 open positions to fill, according to Wray.

That level of attrition is not surprising, according to those familiar with the workings of the NIPC.

"I'd bet that 85 percent of those defections are people who built a career at the FBI and see themselves as FBI," said Allan Paller, director of research, Systems Administration, Networking and Security (SANS) Institute, a research and education organization for system administrators and security professionals.

Similar levels of defection are not the norm in the other agencies that will be joining the NIPC in the IAIP, according to Wray.

"It's predominantly a phenomenon that's particular to the culture of the FBI. It would be like, if tomorrow, I was told to show up in an army uniform because I had been traded. It would be difficult to get my arms around," said Wray, whose career was in the Navy.