Critical Infrastructure ProtectionChallenges to Building a Comprehensive Strategy for Information Sharing and Coordination Gao ID: T-AIMD-00-268 July 26, 2000
The unprecedented growth in use of the Internet has revolutionized the way much of the world communicates and conducts business. Without proper safeguards, this widespread interconnectivity poses enormous risks to America's computer systems and to the critical operations and infrastructures they support. For example, hostile nations or terrorists could use cyber-based tools and techniques to disrupt military operations and communications networks. According to the National Security Agency, potential adversaries are developing a body of knowledge about U.S. systems and about methods to attack these systems. Information sharing and coordination among organizations are central to producing comprehensive and practical approaches and solutions to these threats. The "ILOVEYOU" virus is a case in point Because information sharing mechanisms were unable to provide timely warnings, many entities were caught off guard and forced to take their networks off-line for hours. Data on possible threats--viruses, hoaxes, random threats, news events, and computer intrusions--must be continually collected and analyzed. Appropriate warnings and response actions must be effectively coordinated by strong partnerships to ensure that the right data are in the right place at the right time. Jointly designed, built, and staffed mechanisms among involved parties is most likely to obtain critical buy-in and acceptance. After determining what information to collect and report, guidelines and procedures must be established. At present, there is a shortage of persons with the knowledge, skills, and abilities to undertake these efforts.
GAO noted that: (1) developing the information sharing and coordination capabilities needed to effectively deal with computer threats and actual incidents is complex and challenging but essential; (2) data on possible threats--ranging from viruses, to hoaxes, to random threats, to news events, and computer intrusions--must be continually collected and analyzed from a wide spectrum of globally distributed sources; (3) once an imminent threat is identified, appropriate warnings and response actions must be effectively coordinated among government agencies, the private sector, and, when appropriate, other nations; (4) it is important that this function be carried out as effectively, efficiently, and quickly as possible in order to ensure continuity of operations as well as minimize disruptions; (5) at the same time, it is not possible to build an overall, comprehensive picture of activity on the global infrastructure; (6) networks themselves are too big, they are growing too quickly, and they are continually being reconfigured and reengineered; (7) as a result, it is essential that strong partnerships be developed between a wide range of stakeholders in order to ensure that the right data are at the right place at the right time; (8) creating partnerships for information sharing and coordination is a formidable task; (9) trust needs to be established among a broad range of parties with varying interests and expectations, procedures for gathering and sharing information need to be developed, and technical issues need to be addressed; (10) if the federal government itself is going to be a credible player in response coordination, it needs to have its own systems and assets well protected; (11) this means overcoming significant and pervasive security weaknesses at each of the major federal agencies and instituting governmentwide controls and mechanisms needed to provide effective oversight, guidance, and leadership; and (12) perhaps most importantly, this activity needs to be guided by a comprehensive strategy to ensure that it is effective, to avoid unnecessary duplication of effort, and to maintain continuity.