Testimony of Ronald L. Dick, Deputy Assistant Director,
Counter Terrorism Division,
and Director, National Infrastructure Protection Center,
FBI
Before
the House Committee on Transportation and Infrastructure,
Subcommittee on Water Resources and Environment
October 10, 2001
"Terrorism: Are America's Water Resources and Environment
at Risk"
Mr. Chairman,
Congressman DeFazio, and members of the committee, thank you
for inviting me here today to testify on the topic, "Terrorism:
Are America's Water Resources and Environment at Risk?"
Holding this hearing demonstrates your individual commitments
to improving the security of our critical infrastructures
and this committee's leadership on this issue in Congress.
Our work here is vitally important because the stakes involved
are enormous. The September 11 attacks on the World Trade
Center, Pentagon and Pennsylvania have demonstrated how a
significant disruption to the transportation industry or any
other critical infrastructure will certainly have a cascading
effect on others. My testimony today will address our role
in protecting the Nation's infrastructures, our progress relating
to water infrastructure issues, and the need for continued
trust and cooperation.
The
FBI and America's Water Resource Infrastructure
Federal
Government Role
With
the signing of an executive order, the new Office of Homeland
Security will be responsible for coordinating a wide variety
of federal, state and local security activities to combat
terrorism. In the event of a terrorist incident, the FBI is
the lead federal agency for crisis management and Federal
Emergency Management Administration (FEMA) is the lead for
consequence management of the incident. Both agencies are
tasked with the coordination of overall federal support to
the affected state and local jurisdictions. During a terrorist
event involving a water/wastewater facility, the Environmental
Protection Agency (EPA), the lead federal agency for the water
sector, will support either the FBI or FEMA in response to
the incident. The FBI also maintains close coordination with
EPA in order to facilitate response planning for terrorist
incidents at facilities under the purview of EPA. The National
Infrastructure Protection Center (NIPC)/FBI will continue
to provide the water sector with timely, substantive, and
actionable information on specific threats to their sector.
Threat
Environment
Based
upon available intelligence and investigative information,
there are no specific credible threats to major water ways
or distribution networks at this time. Due to the vital importance
of water to all life forms, however, the FBI considers all
threats to attack the water supply as serious threats.
The FBI
coordinates a robust and well exercised threat assessment
process in order to assess the credibility of communicated
threats involving chemical, biological and radiological/nuclear
materials, including any directed against the water infrastructure.
This credibility process utilizes specialized, technical,
internal FBI assets as well as technical experts from a number
of other Federal agencies, including, but not limited to:
Department of Defense (DoD), Department of Energy (DOE), Health
and Human Services (HHS), the EPA and FEMA. Communicated threats
are normally assessed from three viewpoints: operational practicality,
technical feasibility, and the behavioral resolve of the individual(s)
communicating the threat. A threat assessment may be conducted
via conference call, and a preliminary assessment will be
made within one hour of receipt of the threat at FBI Headquarters.
Depending
on the circumstances, a threat assessment conference call
involving a specific water/wastewater facility threat may
include facility management/security personnel as well. Upon
assessment of the threat as credible, the FBI will make appropriate
notifications to other Federal agencies, as appropriate, to
initiate deployment, if necessary, of assets to address the
threat. The on-scene commander (OSC) will also receive information
on a recommended course of action to address the situation.
Each
FBI Field Office has a Weapons of Mass Destruction (WMD) Coordinator
whose primary function is to coordinate the assessment of
and response to incidents involving the use or threatened
use of chemical, biological, and radiological/nuclear materials.
Each WMD Coordinator is tasked with establishing appropriate
liaison with regional, state and local emergency response
personnel as well as with critical facilities within each
Field Office's jurisdiction in order to facilitate notification
and response to WMD incidents. As a result of recent events,
each FBI Field Office has been instructed to reach out to
critical facilities to re-establish liaison contacts and ensure
prompt notification and appropriate response.
With
regard to contamination by biological agents, the Nation's
water supply may seem to be a logical target for a terrorist
attack. In reality, targeting the water supply may prove difficult.
In order to be successful, a terrorist would have to have
large amounts of agent, and some knowledge of the water supply
network and access to critical locations within the network.
It is important to stress however, that the FBI has no general
or specific threat information of a planned attack on the
Nation's water supply. To summarize the most important points:
- The
contamination of a water supply with a biological agent
that causes illness or death of victims is possible, but
not probable.
- Contamination
of a water reservoir with a biological agent would likely
not produce a large risk to public health because of the
dilution effect, filtration and disinfection of the water.
- A
successful attack would require knowledge of, and access
to, critical nodes of the water supply network.
- A
successful attack would likely involve either disruption
of the water treatment process (e.g., destruction of plumbing
or release of disinfectants) or post-treatment contamination
near the target.
In order
to prevent contamination of a water supply, local water works
or utilities should maintain a secure perimeter around the
source (if possible) and the treatment facility. In addition,
security should be maintained around critical nodes such as
tunnels, pumping facilities, storage facilities, and the network
of water mains and subsidiary pipes should be enhanced.
Biological
agents can cause disease through ingestion, but are not as
deadly as they would be if they were inhaled. Microorganisms
vary in their stability in water. Most bacteria and viruses
are inactivated by the chlorination process at water treatment
facilities.
Most
of the water supply threats received in the last several years
involve the threatened release of a biological organism or
toxin into a reservoir. In order for this to be successful
(i.e., to cause illness or death), a terrorist would have
to overcome the dilution provided by the large volume of water
in the reservoir. For some organisms that require high doses
to cause illness, producing enough organisms can become a
formidable task.
Contamination
of a water storage tower requires less material to cause disease,
but would affect only a small area. Enhanced physical security
of critical nodes in the network (such as water storage towers)
and maintenance and monitoring of adequate chlorine levels
would reduce this risk.
With
regard to cyber-manipulation, there are growing numbers of
water supply systems that use Supervisory Control And Data
Acquisition (SCADA) systems, the digital controls for pumps
and treatment facilities. There are vulnerabilities in this
system that could lead to water supply problems. In addition,
more water system operators are being given access to the
Internet via the SCADA systems local area network (LAN). As
a result, water systems are more likely to encounter denial
of service attacks, viruses, and other malicious programs,
which could severely disrupt the operation of these systems.
However, most of the systems also have the capability to run
the treatment plant without using these digital systems, if
needed to protect public health.
Affecting
a city-sized population by a hazardous industrial chemical
attack on a drinking water supply is not credible. A hazardous
industrial chemical attack on a post-purification drinking
water storage facility in a small municipality or a building-specific
target is likely to be more credible but difficult to carry
out with out site-specific knowledge and access. To summarize
the key facts:
- The
amount of hazardous industrial chemical needed to contaminate
the drinking water supply of a city-sized population center
is enormous ("truck loads").
- Quality
control procedures in place at water treatment facilities
involve monitoring, filtration and treatment of the water
before it enters the distribution infrastructure.
- Only
1 to 2% of the total water consumption is used for drinking
and preparation of food.
- Contaminated
sources can be isolated from the distribution infrastructure.
Furthermore dilution, evaporation, and chemical and biological
degradation will also lessen the impact of a pre-treatment
assault.
Dependence
on Other Key Infrastructures
There
is a great deal of interdependency between water and other
infrastructures, the most important being the electric power
sector. If power is interrupted or withdrawn, it affects the
entire water system. To a lesser degree, telecommunications
service outages or system degradations could affect remote
control access to pivotal systems, and a disruption to the
nation's transportation infrastructure could delay the delivery
of needed chemicals for water purification.
Security
Planning and Coordination Efforts
The FBI
continues to provide leadership in its Presidentially-mandated
mission to anticipate, prevent, respond to, and resolve any
terrorist incident. At the national level, the FBI coordinates
with its Federal agency partners in various aspects of counter
terrorism planning. A number of initiatives have been underway
within the last several years at the federal level in order
to increase domestic preparedness for a terrorist incident,
particularly one involving WMD. These initiatives have included
training and equipping state and local "first responders",
i.e., fire, police, emergency medical services personnel who
would be the first to arrive on the scene of a WMD incident.
While not specifically designed for water infrastructure facilities,
these types of initiatives only serve to improve the coordination
of any type of WMD response. Water infrastructure facilities
should contact their local FBI field office in order to discuss
planning issues and to implement procedures to ensure effective
integration of national-level response assets, should an incident
occur at a facility.
Every
state has its own Emergency Response Plan (ERP) that coordinates
entities to respond to emergencies. These entities have routine
practice drills and utilize simulated scenarios in training.
Within each agency, there are emergency response teams that
deal with chemical contamination, spills, etc. All of these
efforts are coordinated closely with FEMA. The largest of
the local utilities have ERPs and the smaller ones are beginning
to create them as well. These ERPs deal most specifically
with power outages and loss of service. There is also a robust
informal network between the agencies.
Each
FBI field office has a WMD Incident Contingency Plan (WMDICP)
which is prepared by the WMD coordinator. These plans were
designed to quickly identify field office, as well as state,
local and regional Federal assets that can be called upon
by the field office to assist in the response to any type
of WMD event. In formulation of these plans, field offices
have been instructed to identify critical facilities as well
as appropriate security contacts at these facilities. While
individual field office WMDICPs may not include facilities
such as water/wastewater facilities, they would include regional
assets (EPA and FEMA regional offices, state and local public
health labs, etc.) which would greatly assist in the response
to incidents at such facilities. Local facilities should also
be strongly encouraged to reach out to their local FBI field
offices for further coordination and security planning assistance.
Threat
Notification
At this
time, the water sector is at heightened alert, which means
companies have taken additional security measures such as
increasing security patrols of physical facilities and regular
checks of gates and locks. All large systems have ERP's in
place and are well connected with state emergency response
personnel. Plans vary from system to system; however, they
all deal with such matters as evacuation, closing the water
supply to affected areas, providing public notice, and providing
bottled water and other uncontaminated alternatives. The Association
of Metropolitan Water Agencies (AMWA) also provides NIPC's
warnings to the Association of Metropolitan Sewer Agencies
(AMSA) which then notifies its constituency.
The NIPC/FBI
currently disseminates warning messages to AMWA, the prospective
water sector Information Sharing and Analysis Center (ISAC),
in order to notify the water sector as early as possible,
of threats to facilities, systems and networks. The timeliness
and actionable content of NIPC/FBI warning messages will be
measurably enhanced when the NIPC and the water sector establish
a comprehensive, two-way information-sharing program. The
NIPC and AMWA, in fact, are currently drafting standard operating
procedures for such an information-sharing effort. The NIPC-AMWA
information sharing program sets up, among other things, mechanisms
for sending water company incident reports to the NIPC/FBI
and for more expeditiously issuing substantive warning messages
and threat assessments to the water sector.
In response
to a threat, the FBI, as lead federal agency, coordinates
the United States Government's response. The response begins
with a threat assessment coordinated by the Weapons of Mass
Destruction Operations Unit (WMDOU). This is initiated when
the FBI receives notification of an incident or threat. WMDOU
immediately notifies subject matter experts and federal agencies
with relevant authorities to conduct a real-time assessment
and determine the credibility of the threat. Based on the
credibility and scope of the threat, WMDOU will coordinate
an appropriate and tailored response by federal assets and
the owners and operators of the facility to meet the requirements
of the on-scene responders, and will oversee the investigation
to its successful conclusion.
The FBI
currently manages a number of programs in order to enhance
real-time information sharing, intelligence gathering, and
provide timely dissemination of threat warnings:
- The
NIPC's Watch and Warning Unit provides strategic analysis
and warnings.
- The
NIPC's InfraGard program gathers information from InfraGard
members, creates a report, and disseminates it to other
members.
- The
NIPC's Key Asset Initiative has identified over 5,700 entities
vital to our national security. 404 of those are water supply
and treatment companies.
- The
FBI Domestic Terrorism/Counter Terrorism Planning Section
works to enhance operational cooperation and information
sharing within the U.S. Intelligence and law enforcement
Community (USIC). Representatives from 20 federal agencies
participate in the Center. Detailees work their daily shifts
side by side with FBI special agents and analysts.
- The
FBI currently heads Joint Terrorism Task Forces (JTTFs)
in 35 field offices across the United States. JTTFs integrate
the resources of federal, state and local agencies in combating
terrorism at the state, local, and regional level. The JTTFs
represent a valuable resource for information regarding
the local threat environment.
- The
FBI manages the National Threat Warning System (NTWS) to
ensure that vital information regarding terrorism reaches
those in the U.S. counter terrorism and law enforcement
communities. Alert, advisory or assessment messages are
transmitted. Currently over 34 federal agencies involved
in the U.S. government's counter terrorism effort receive
information via secure teletype using this system. The messages
are also transmitted to all FBI Field Offices and Foreign
Liaison Posts. If the threat information requires nationwide
dissemination to all federal, state and local law enforcement
agencies, the FBI transmits messages via the National Law
Enforcement Telecommunications System (NLETS), which reaches
over 18,000 agencies.
- The
FBI disseminates appropriate threat warnings to over 40,000
companies in the private sector via the unclassified Awareness
of National Security Issues and Response (ANSIR) Program.
National
Infrastructure Protection Center (NIPC)
The mission
of the NIPC is to provide "a national focal point for
gathering information on threats to the infrastructures"
and to provide "the principal means of facilitating and
coordinating the Federal Government's response to an incident,
mitigating attacks, investigating threats and monitoring reconstitution
efforts." Current guidelines defines critical infrastructures
to include "those physical and cyber-based systems essential
to the minimum operations of the economy and government,"
to include, without limitation, "telecommunications,
energy, banking and finance, transportation, water systems
and emergency services, both governmental and private."
The NIPC is the only organization in the federal government
with such a comprehensive national infrastructure protection
mission. The NIPC gathers together under one roof representatives
from, among others, the law enforcement, intelligence, and
defense communities, who collectively provide a unique analytical,
deterrence, and response perspective to threat and incident
information obtained from investigation, intelligence collection,
foreign liaison, and private sector cooperation. This perspective
ensures that no single "community" addresses threats
to critical infrastructures in a vacuum; rather, all information
is examined from a multi-discipline perspective for potential
impact as a security, defense, counterintelligence, terrorism
or law enforcement matter, and an appropriate response is
developed and implemented.
While
developing our infrastructure protection capabilities, the
NIPC has held firm to two basic tenets that grew from extensive
study by the President's Commission on Critical Infrastructure
Protection. First, the government can only respond effectively
to threats by focusing on protecting assets against attack
while simultaneously identifying and responding to those who
nonetheless would attempt or succeed in launching those attacks.
And second, the government can only help protect this nation's
most critical infrastructures by building and promoting a
coalition of trust, one . . . amongst all government agencies,
two . . . between the government and the private sector, three
. . . amongst the different business interests within the
private sector itself, and four . . . in concert with the
greater international community. Therefore, the NIPC has focused
on developing its capacity to warn, investigate, respond to,
and build partnerships, all at the same time. As our techniques
continue to mature and our trusted partnerships gel, we will
continue to witness ever-better results.
NIPC
Watch Center and Multi-Agency Staffing
The NIPC's
Watch Center operates around the clock and communicates daily
with the DoD and its Joint Task Force for Computer Network
Operations (JTF-CNO). The Watch Center is also connected to
the watch centers of several of our close allies. U.S. Army
Major General Dave Bryan, Commander of the JTF-CNO, recently
remarked that, "The NIPC and JTF-CNO have established
an outstanding working relationship. We have become interdependent,
with each realizing that neither can totally achieve its mission
without the other." I couldn't agree more. The NIPC's
ability to fulfill the expectations and needs of its Department
of Defense component is achieved by the inter-agency structure
of the Center, which includes the NIPC's Deputy Director Rear
Admiral James Plehal, USNR, and the NIPC's Executive Director,
Steven Kaplan, a Supervisory Special Agent from the Air Force
Office of Special Investigations. The staffing of these positions
indicates the FBI's desire for broad, high-level, multi-agency
ownership of the NIPC and our collective commitment to achieve
meaningful and effective coordination across the law enforcement,
intelligence, defense, and other critical government operations
communities.
Within
the Center, the NIPC has full-time representatives from a
dozen federal government agencies, led in number by the FBI
and the Department of Defense, as well as from three foreign
partners: the United Kingdom, Canada, and Australia. We are
partners with the General Services Administration's Federal
Computer Incident Response Capability (FedCIRC), in order
to further secure our government technology systems and services.
We also team up regularly with the EPA, CIA, and NSA to work
on matters of common concern.
Cooperative
Relationships Among Federal Agencies
The placement
of the NIPC under the jurisdiction of the FBI endows the Center
with both the authorities and the ability to combine law enforcement
information flowing into the NIPC from the FBI field offices
with other information streams derived from open, confidential,
and classified sources. This capability is unique in the federal
government for reasons of privacy and civil rights.
The NIPC
has established effective information sharing and cooperative
investigative relationships across the U.S. Government. A
written protocol was signed with the Department of Transportation's
(DOT) Federal Aviation Administration (FAA) which will reinforce
how information is shared between FAA and NIPC and how that
information will be communicated. This protocol documents
a long-standing informal process of information sharing between
NIPC and FAA. Informal arrangements have already been established
with the Federal Communications Commission, Department of
Transportation's (DOT) National Response Center, DOT Office
of Pipeline Safety, Department of Energy's Office of Emergency
Management, and others, which allow the NIPC to receive detailed
sector-specific incident reports in a timely manner. Formal
information sharing procedures should soon be completed with
several other agencies, including the National Coordinating
Center for Telecommunications and the FEMA's National Fire
Administration.
The NIPC
functions in a task force-like way, coordinating investigations
in a multitude of jurisdictions, both domestically and internationally.
This is essential due to the transnational nature of cyber
intrusions and other critical infrastructure threats.
Interagency
Coordination Cell
To instill
further cooperation and establish an essential process to
resolve conflicts among investigative agencies, the NIPC asserted
a leadership role by forming an Interagency Coordination Cell
(IACC) at the Center. The IACC meets on a monthly basis and
includes representation from U.S. Secret Service, NASA, U.S.
Postal Service, Department of Defense Criminal Investigative
Organizations, U.S. Customs, Departments of Energy, State
and Education, Social Security Administration, Treasury Inspector
General for Tax Administration and the CIA. The cell works
to resolve conflicts regarding investigative and operational
matters among agencies and assists agencies in combining resources
on matters of common interest. The NIPC anticipates that this
cell will expand to include all investigative agencies and
inspectors general in the federal government having cyber
or other critical infrastructure responsibilities. As we noted
in various Congressional hearings, including a Senate hearing
last week, the IACC has led to the formation of several task
forces and prevented intrusions and compromises of U.S. Government
systems. The IACC was instrumental in coordinating the augmentation
of the PENTTBOM investigation in the aftermath of the September
11 attacks.
Warnings
and Advisories
The NIPC
sends out infrastructure information to address cyber or infrastructure
events with possible significant impact. These are distributed
to partners in the private and public sectors. A number of
recent advisories sent out by the NIPC (see, for example,
Advisory 01-022, titled "Mass Mailing Worm W32.Nimda.A@mm")
serve to demonstrate the continued collaboration between the
NIPC and its partner, FedCIRC. The NIPC serves as a member
of FedCIRC's Senior Advisory Council and has daily contact
with that entity as well as a number of others including NSA
and DoD's Joint Task Force - Computer Network Operations (JTF-CNO).
On issues of national concern, the recent incidents involving
the Leaves, Code Red and Nimda worms are good examples of
the NIPC's success in working with the National Security Council
and our partner agencies to disseminate information and coordinate
strategic efforts in a timely and effective manner.
InfraGard
Initiative
Over
the past three years, the FBI cultivated a number of initiatives
that have developed into increased capabilities, all of which
are being actively used to mitigate the terrorist threat and
to prepare our response to the events of September 11th. The
NIPC has developed InfraGard into the largest government/private
sector joint partnership for infrastructure protection in
the world. We have taken it from its humble roots of a few
dozen members in just two states to its current membership
of over 2,000 partners, 31of which are associated with aspects
of the nation's water infrastructure. It is the most extensive
government-private sector partnership for infrastructure protection
in the world, and it is a service we provide to InfraGard
members free of charge. InfraGard expands direct contacts
with the private sector infrastructure owners and operators
and shares information about cyber intrusions and other critical
infrastructure vulnerabilities through the formation of local
InfraGard chapters within the jurisdiction of each of the
56 FBI Field Offices and several of their Resident Agencies
(subdivisions of the larger field offices).
A key
element of the InfraGard initiative is the confidentiality
of reporting by members. The reporting entities edit out the
identifying information about themselves on the notices that
are sent to other members of the InfraGard network. This process
is called sanitization and it protects the information provided
by the victim of a cyber attack. Much of the information provided
by the private sector is proprietary and is treated as such.
InfraGard provides its membership the capability to write
an encrypted sanitized report for dissemination to other members.
This measure helps to build a trusted relationship with the
private sector and at the same time encourages other private
sector companies to report cyber attacks to law enforcement.
Key
Asset Initiative
Since
1998, the NIPC has been developing the FBI's Key Asset Initiative,
identifying over 5,700 entities vital to our national security,
including our economic well-being. The information is maintained
in a database to support the broader effort to protect the
critical infrastructures against both physical and cyber threats.
This initiative benefits national security planning efforts
by providing a better understanding of the location, importance,
contact information and crisis management for critical infrastructure
assets across the country. We have worked with the DoD, EPA,
and the Critical Infrastructure Assurance Office (CIAO) in
this regard. Following the September 11, 2001, events and
at the request of the National Security Council, the NIPC
has leveraged the Key Asset Initiative to undertake an all-agency
effort to prepare a comprehensive, centralized database of
critical infrastructure assets in the United States.
Information
Sharing and Analysis Centers
Our multi-agency
team works with current and soon to be established Information
ISAC's, which represent the critical infrastructures identified
in PDD-63, including those that represent the water, financial
services, electric power, telecommunications, and information
technology sectors. Since September 11th, we have provided
threat assessments on an ongoing basis for ISAC representatives
from those sectors. We are also connected with the18,000 police
departments and Sheriff's offices that bravely serve our nation
daily and in times of crisis. This past March, the NIPC and
the Emergency Law Enforcement Services Sector Forum completed
the nation's Emergency Law Enforcement Sector Plan together
with a "Guide for State and Local Law Enforcement Agencies."
This significant achievement represents the nation's first
and only completed sector plan and is being used as a model
by the other critical infrastructure sectors. Taken together,
the Plan and the Guide provide our emergency law enforcement
first responders with procedures that are immediately useful
to enhance the security of their data and communications systems.
Strategic
Analysis
We have
established four strategic directions for our capability growth
through 2005: prediction, prevention, detection, and mitigation.
None of these are new concepts, but NIPC has renewed its focus
on each of them in order to strengthen our strategic analysis
capabilities. NIPC has worked to further strengthen its longstanding
efforts in the early detection and mitigation of cyber attacks.
These strategic directions will be significantly advanced
by our intensified cooperation with federal agencies and the
private sector. Our most ambitious strategic directions, prediction
and prevention, are intended to forestall attacks before they
occur. We are seeking ways to forecast or predict hostile
capabilities in much the same way that the military forecasts
weapons threats. The goal here is to forecast these threats
with sufficient warning to prevent them. A key to success
in these areas will be strengthened cooperation with intelligence
collectors and the application of sophisticated new analytic
tools to better learn from day-to-day trends. The strategy
of prevention is reminiscent of traditional community policing
programs but with our infrastructure partners and key system
vendors.
As we
work on these strategic directions, we will have many opportunities
to stretch our capabilities. With respect to all of these,
the NIPC is committed to continuous improvement through a
sustained process of documenting "lessons learned"
from significant events. The NIPC also remains committed to
achieving all of its objectives while upholding the fundamental
Constitutional rights of our citizens.
The NIPC
is also enhancing its strategic analysis capability through
the "data warehousing and data mining" project.
This will allow the NIPC to retrieve incident data originating
from multiple sources. Data warehousing includes the ability
to conduct real-time all-source analysis and report generation.
Improving
Information Sharing
The NIPC
actively exchanges information with private sector companies,
the ISACs, members of the InfraGard Initiative, and the public
as part of the NIPC's outreach and information sharing activities.
Through NIPC's aggressive outreach efforts, we receive incident
reports from the private sector. The NIPC has proven that
it can properly safeguard their information and disseminate
warning messages and useful information in return. Private
sector reporting of infrastructure incidents is partially
responsible for the issuance of more warnings each year.
Over
the past two years the NIPC and the North American Electric
Reliability Council (NERC)the ISAC for the electric
power sectorhave established an indications, analysis
and warning program (IAW) program, which makes possible the
timely exchange of information valued by both the NIPC and
the electric power sector. This relationship is possible because
of a commitment both on the part of NERC and the NIPC to build
cooperative relations. Since the September 11 attacks, NIPC
and NERC have held daily conference calls. The close NERC-NIPC
relationship is no accident, but the result of two interrelated
sets of actions. First, as Eugene Gorzelnik, Director of Communications
for the NERC, stated in his prepared statement at the May
22, 2001 hearing before the Senate Judiciary Committee's Subcommittee
on Technology and Terrorism:
[The
NERC Board of Trustees in the late 1980s resolved that each
electric utility should develop a close working relationship
with its local Federal Bureau of Investigation (FBI) office,
if it did not already have such a relationship. The Board
also said the NERC staff should establish and maintain a
working relationship with the FBI at the national level.
Second,
the NIPC and NERC worked for over two years on building the
successful partnership that now exists. It took dedicated
individuals in both organizations to make it happen. The same
type of relationship is now building with the Water Resources
Sector and the Association of Metropolitan Water Agencies
(AMWA). It is this success and dedication to achieving results
that the NIPC is working to emulate with the other ISACs.
The NIPC
also continues to meet regularly with current and prospective
ISACs from other sectors, particularly the financial services
(FS-ISAC), information technology, water supply, and telecommunications
(NCC-ISAC) sectors, to develop and implement more formal information
sharing arrangements, drawing largely on the model developed
with the electric power sector. In the past, information exchanges
with these ISACs have consisted of a one-way flow of NIPC
warning messages and products being provided to the ISACs.
However, in recent months the NIPC has received greater participation
from sector companies as they become increasingly aware that
reporting to the NIPC enhances the value and timeliness of
NIPC warning products disseminated to their sector. Productive
discussions held more recently with the FS-ISAC and IT-ISAC,
in particular, should significantly advance a two-way information
exchange with the financial services industry. The NIPC is
currently working with the FS-ISAC, NCC-ISAC and prospective
ISACs to develop and test secure communication mechanisms,
which will facilitate the sharing of high-threshold, near
real-time incident information. In March 2001, we were commended
by the FS-ISAC for our advisory on e-commerce vulnerabilities
(NIPC Advisory 01-003). According to the FS-ISAC, that advisory,
coupled with the NIPC press conference on March 8, 2001, stopped
over 1600 attempted exploitations by hackers the day immediately
following the press conference.
Training
Over
the past three years, NIPC has provided training for more
than 2,500 participants from federal, state, local and foreign
law enforcement and security agencies. The NIPC's training
program complements training offered by the FBI's Training
Division as well as training offered by the DoD and the National
Cyber Crime Training Partnership. Trained investigators are
essential to our successfully combating computer intrusions.
Conclusion
The FBI
and NIPC provide a national focal point for gathering information
on threats to the infrastructures, and the principal means
of facilitating and coordinating the Federal Government's
response to an incident. The FBI and NIPC have been staffed
with personnel from across a broad spectrum of federal agencies,
and undertaken several initiatives to include the private
sector as a principal partner in infrastructure protection.
The Water Supply Infrastructure is used by all Americans every
day, and we will continue our efforts to improve trust and
increase cooperation with the water sector and all our public
and private partners. We will continually improve in the coming
years in order to master the perpetually evolving challenges
involved with infrastructure protection and information assurance.
Thank you for inviting me here today, and I welcome any questions
you have.
|