White House resurrects plan to track computer break-ins

White House cybersecurity adviser Richard Clarke would like to revive a plan for tracking patterns of computer activity and attempted intrusions at all government agencies, though the plan has been controversial in the past.

The plan, called the Federal Intrusion Detection Network (FIDNet), was proposed under the Clinton administration in 1999 but dropped after a firestorm of criticism from civil liberties groups. In an interview with National Journal's Technology Daily at his office last week, Clarke said the Defense Department is the only agency that has implemented the FIDNet concept, and he would like to extend the program to civilian agencies.

"It's not among my top five priorities, but I do think it is something we need to do," said Clarke, who developed the plan when he was at the National Security Council under the Clinton administration. "[I]n the absence of knowing what the patterns are across departments, we are somewhat in the blind about understanding the threat" of cyberattack.

Clarke, now a part of the Bush administration, defended FIDNet as being misunderstood by the civil liberties groups that attacked it.

"The critics of [FIDNet] defined it on their own without any relationship of the definition we gave it and then attacked it. And if it were what they said it was, I'd have attacked it, too," he said. "It was a rather simple concept, which the Defense Department has already implemented, and no one has attacked that."

He explained that FIDNet would compile information gathered by existing intrusion-detection systems in every agency into one database. That information then could be analyzed to determine patterns on: who is attacking government agencies based on their Internet protocol addresses; the time of day the attacks are occurring; the techniques the attackers are using; the vulnerabilities they are trying to exploit; and the type of sites they are attacking.

But in the near future, other issues surpass FIDNet in priority, Clarke said. His top priorities are: developing a national strategy for cybersecurity; creating a secure, government-wide intranet called Govnet; developing an emergency priority system for cell phones; expanding cyber-security education programs; creating a national infrastructure simulation and analysis center, and creating an early-warning detection network for cyberattacks.

On Monday, private-sector representatives from each portion of the nation's critical infrastructure, such as banking, information technology and energy, are meeting in Washington to help draft the national strategy for cybersecurity. Clarke said the Bush administration wants the "stakeholders" in critical infrastructure to write a portion of the plan to ensure that there is "buy-in" from the private sector.

On Tuesday, the White House Critical Infrastructure Protection Board (CIPB), which aims to coordinate government wide cyber security and increase accountability among agencies, will hold its charter meeting. Mark Forman, associate director for e-government and information technology at the White House Office of Management and Budget, is a member of the CIPB and will be tasked with prodding agencies to improve their computer security, Clarke said.