In late March, rumors surfaced that FBI Director Robert Mueller was on the verge of dismantling the National Infrastructure Protection Center (NIPC), which has been the government’s primary critical infrastructure threat assessment and response unit since its founding in February 1998. NIPC spokeswoman Debra Weierman insists that rumors of the center’s demise have been greatly exaggerated. However, Mueller’s April 2 appointment of Larry Medford?former head of the FBI’s San Francisco field office, which just completed a two-year undercover counterfeit-software sting?as assistant director in charge of a newly created Cyber Division, casts the NIPC’s future as we know it in doubt.
The Cyber Division’s charter is vague. An FBI press release says that the division will “supervise and facilitate the FBI’s investigation of federal violations in which the Internet, computer systems and networks are exploited as the principle instruments or targets of criminal activity.” Even a spokesperson admits that the new group’s role isn’t fully resolved.
Critics, including Sen. Charles Grassley (R-Iowa), interpret the Cyber Division’s charter to mean that it will be put in charge of the NIPC, a move that could prove fatal to the government and private sector collaboration that the NIPC was formed to foster. The new division is clearly intended to be a law enforcement organization?it’s even listed under the bureau’s criminal investigations wing. In a letter to Mueller, Grassley warned that burying the NIPC deeper within the FBI’s crime fighting bureaucracy would threaten the already-fragile trust between the center and the private sector, which controls 90 percent of the nation’s critical infrastructure. Companies are already wary of sharing security breaches, he writes, and could respond by cutting off the flow of infrastructure information to the FBI.
The creation of the Cyber Division has other ramifications for the private sector as well. Ari Schwartz, an analyst for the Washington, D.C.-based Center for Democracy and Technology, says that there will now be more agents to process cybercrime information?a classic double-edge sword. “The upside is that there are more resources to fight crime,” says Schwartz. “The downside is more people working without oversight. The USA Patriot Act [the omnibus antiterror legislation that sailed through Congress in the wake of Sept. 11] has a lot of demands on the private sector that were not well debated. There are companies that will be very surprised when the FBI comes knocking on their door, which they now have the resources to do.”
Paranoia or Prudence? Banning Foreign Workers
On March 7, the Los Angeles Times reported that the Department of Defense (DOD) planned to ban foreign-born IT professionals from working on sensitive projects by midsummer. The controversial policy prompted Information Technology Association of America (ITAA) President Harris Miller to write a letter to DOD Undersecretary for Acquisition, Technology and Logistics Edward Aldridge expressing his concern.
“Public policy must be based on real-world actions and tangible threats?not supposition and innuendo,” wrote Miller. In a press time interview, Miller told CIO that since his letter, the timetable for the ban has been pushed back, but that as far as he knows the DOD’s intentions haven’t changed.
Miller feels that the ban, which has yet to be debated publicly, would be a blow to small to midsize IT shops. The ban would cover all foreign-born employees, Indian programmers on H1-B visas and Canadian-born U.S. residents alike.
“It’s inconvenient, but a big company can shift its workers around,” says Miller. However, the implication is severe “if you are a small or medium-size business and 10 percent of your workforce is foreign,” he says.
One thing is clear to Miller, however. “The slower track is definitely good news,” he says.