The NIPC was chartered as the national center for gathering information on threats, evaluating cyberattack risks, facilitating government responses to computer-based incidents, coordinating corporate countermeasures and monitoring recovery after an infrastructure attack.

Three years have passed. There is now overwhelming evidence that our enemies are counting on information warfare as the most expedient way to inflict damage on the U.S. Our military command and control systems, power generation, telecommunications, transportation and energy supplies continue to be vulnerable to information-induced failures.

So, how well is the NIPC guarding the national infrastructure? How good is the assumption that your firm's computer systems will be guarded against major disruptions? How well can you count on your federal sentries to allow you to relax?

The FBI, following its traditions, has treated information warfare as a form of criminal activity in which a perpetrator must be caught, indicted, then brought to trial. Most of its activity to date has been tactical, chasing individual incidents, such as complaints about denial-of-service attacks.

The NIPC isn't yet capable of analyzing warning signs, assessing vulnerabilities and issuing advance warnings of pending attacks. It hasn't established information-sharing links with most government agencies and the private sector, as it was chartered to do. The NIPC's roles and responsibilities haven't been adequately defined and are still subject to bureaucratic disputes that have resulted in poor cooperation.

For instance, the Federal CIO Council directs government agencies to report security incidents to the General Services Administration, not the NIPC. The Secret Service isn't cooperating with the NIPC. The NIPC doesn't have access to essential industry data such as the identification of critical systems components, known systems vulnerabilities and the mapping of respective interdependencies.

Though the president established 2003 as the goal for putting all protective missions in operation, the NIPC doesn't have a schedule of priorities, milestones and program performance measures. Why? Largely because it's unclear who's directing its mission. Is it the National Security Council, the Treasury Department, the FBI director or the Department of Criminal Investigation at the Justice Department?

Though the FBI's 1998 strategic plan identified the protection of the national information infrastructure as one of its highest priorities, ensuing actions haven't reflected that. The NIPC is tucked away within the FBI's counterterrorism division, reporting to the assistant director of one of 11 divisions. So seasoned Washington bureaucrats don't recognize this as an indication of high priority.

Staffing at the NIPC is woefully inadequate, with fewer than 100 employees, many of them on temporary assignment. The position of chief of the Analysis and Warning Section (the key operating position) has been vacant for half of the organization's existence, while only 13 of the 24 budgeted analyst positions are filled. And repeated requests for more staff have been rejected. When the General Accounting Office interviewed the NIPC's analysts, most of them revealed negative attitudes about their work experiences.

When - not if - your lights go out and not even your uninterruptible power supply will revive your blue screens, don't always blame your power company or software supplier. You may have become a "collateral victim" (that's Pentagonspeak) of an information warfare attack. In such a case, you may have to revert to primitive ways of handling information. The best you can do is add "information warfare" to your list of contingencies for which to plan.