THE FBI LAST week officially announced the formation of its InfraGard program, a cybercrime security initiative designed to improve cooperation between federal law enforcement officials and the private sector, after completing the process of setting up InfraGard "chapters" at its 56 field offices.

The National Infrastructure Protection Center (NIPC), an FBI affiliate that's based at the agency's headquarters in Washington, started the InfraGard program five years ago as a pilot project in the Cleveland area. An FBI spokesman Monday said that the last local chapter, comprised of information security experts from companies and academic institutions, was put in place last month in New York.

According to FBI officials, InfraGard offers companies an intrusion-alert network based on encrypted e-mail messages plus a secure Web site for communicating with law enforcement agencies about suspicious network activity or attacks. The program "allows law enforcement and industry to work together and share information regularly, including information that could prevent potential intrusions into our national infrastructure," said Attorney General Janet Reno in a statement.

But the NIPC has been criticized in the past for what some have called a "fundamental inability to communicate" with the rest of the national security community. The problem, according to sources, has been that the FBI treats all potential cybercrimes as law enforcement investigations first and foremost -- a stance that effectively bars access to information by other government security agencies.

John Pescatore, a security analyst at Stamford, Conn.-based Gartner, said the timing of the announcement may be a sign that the FBI is jockeying for budget influence in a future Bush administration. The InfraGard program "hasn't had much of an impact" on corporate users thus far, he added.

"It seems like the different chapters are very personality-driven," Pescatore said. "But the FBI hasn't really institutionalized [InfraGard] or funded it to be anything very meaningful. The general feeling ... is that it is all input to the FBI and no output from them."

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists in Washington, called the InfraGard announcement "one of several rather belated efforts by the Clinton administration to create new security structures." For example, President Clinton last Friday also announced a plan to better coordinate federal counterintelligence efforts -- a move aimed partly at improving the response of agencies such as the FBI and the CIA to information security attacks against companies.

But InfraGard's prospects could still be very much in question after George W. Bush takes over as president, Aftergood said. "All of these initiatives could die if the Bush administration wants to place its own imprint on the issues or simply decides to take a different tack," he said. "These new programs will have a better chance of survival if they can demonstrate that they're already accomplishing useful objectives."

The FBI spokesman said the agency plans "to expand and perfect" InfraGard as it goes forward. But more than 500 businesses have already signed up to participate in the program, he added, and the FBI is "still getting applications daily from companies that want to be part of [a chapter]."

And InfraGard does have its supporters. Bill Malik, another analyst at Gartner, said the program has had a beneficial impact because it letss companies share information on security vulnerabilities without creating the levels of hysteria that usually accompany highly publicized reports of hacking attacks and other cybercrimes.

"It's actually working," Malik said. "There's an awful lot of industry support behind it." And he added that he hasn't "seen any indications that a Bush administration would be pro-crime."

For more enterprise computing news, go to www.computerworld.com . Copyright (c) 2000 Computerworld. All rights reserved.

InfoWorld

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine