Intelligence data began pouring in on a Thursday afternoon. The press hadn't picked up on it yet, but there was a problem brewing on the Internet. A computer worm had been uncovered that, if left unchecked, could begin to bog down Web sites and e-commerce around the country.

It was July 12. There were no reports yet of widespread failures or denial-of-service attacks stemming from what would eventually become known as the Code Red worm, but Ronald Dick knew his agency couldn't afford to wait. The National Infrastructure Protection Center (NIPC) had been criticized harshly in the past -- including once in a report by the General Accounting Office (GAO) shortly after Dick took over as director in March -- for not providing the type of advance warning and strategic analysis many in government expected from it.

A warning had been sent out in June outlining the vulnerability that the Code Red worm would later take advantage of. But now a private-sector analyst was telling Dick that there were signs that something was already spreading like a disease on the Internet. Dick sent the information to Robert Gerber, chief of analysis and warning at the NIPC. Gerber, a senior national intelligence officer on loan to the NIPC from the CIA, ordered an immediate intelligence "work-up."

Like medical specialists exchanging information on a patient's health, Gerber's analysts quickly began exchanging information via secure telephone and videoconferencing links with officials all over Washington. By July 19, the teleconferences had reached a frenzied pace. There were as many as 20 a day, and they involved the Defense Department, the National Security Agency (NSA), the Commerce Department, the CIA, the Secret Service and even private-sector groups, said Dick.

"We [still] don't know who is responsible for Code Red," said Dick on July 27, three days before holding a national press conference to urge Internet users to inoculate their systems against the worm (see story). "But my job is simply to stop it."

For Dick, a 23-year veteran of the FBI who spent five years marketing mainframe computers for Burroughs Corp. (which later became Unisys Corp.) before joining the FBI, stopping a worm outbreak would prove more challenging than he ever imagined. More than a half-dozen warnings had gone out a month in advance, including one from the NIPC. Yet more than 250,000 computers were infected in nine hours on July 19 alone.

And it wasn't over yet.

The second warning

On Friday, July 27, it became clear to the NIPC and some private-sector experts that the Code Red worm wasn't dead. Analysis showed a second variant of the worm was set to launch another round of infections beginning at 8 p.m. Eastern time July 31.

Dick sat in his office in FBI headquarters overlooking Pennsylvania Avenue. With him was Leslie Wiser, an investigator at the NIPC and the FBI agent responsible for nabbing Aldrich Ames, the most damaging mole in CIA history. They brainstormed ideas on how to get the word out to the hundreds of thousands of systems administrators who still hadn't patched their systems.

The conclusion was that the information-sharing partnership that had developed between the NIPC and various private-sector groups had worked. Early warnings helped the White House and other federal agencies sidestep the initial outbreak of the worm.

But there were still companies out there that thought their systems weren't important enough to be affected. More systems would almost certainly be victimized. And if the worm proved as damaging as some private-sector experts said it would be, Internet traffic could slow to a crawl.

Dick was at a loss. "Everybody issued warnings, and yet we didn't reach a significant number of people who utilize the software," he said. "How do we do it?"

They decided to hold a press conference. Dick acknowledged that he can't call a press conference every time a worm pops up. But in this case, he said, "there is reason for concern" that the performance of the Internet could be affected. So he held a press conference July 30, flanked by Gerber and six representatives from private industry. The decision attracted an unprecedented level of praise from industry groups, as well as criticism from security pundits who later called it FBI "hype."

The NIPC's critics have inflicted more wounds than Dick has the resources to attend to. However, Dick is assembling a top-notch interagency emergency team that includes Gerber; Wiser; Navy Admiral James Plehal, who took over as the center's deputy director in February; a new watch chief recently hired away from the NSA; and a Secret Service agent whose appointment to the NIPC is pending.