Testimony of Ronald L. Dick, Deputy Assistant Director,
Counter Terrorism Division,
and Director, National Infrastructure Protection Center,
FBI
Before the House
Committee on Transportation and Infrastructure, Subcommittee
on Water Resources and Environment
October 10, 2001
"Terrorism: Are America's
Water Resources and Environment at Risk"
Mr. Chairman, Congressman DeFazio,
and members of the committee, thank you for inviting me here
today to testify on the topic, "Terrorism: Are America's
Water Resources and Environment at Risk?" Holding this
hearing demonstrates your individual commitments to improving
the security of our critical infrastructures and this committee's
leadership on this issue in Congress. Our work here is vitally
important because the stakes involved are enormous. The September
11 attacks on the World Trade Center, Pentagon and Pennsylvania
have demonstrated how a significant disruption to the transportation
industry or any other critical infrastructure will certainly
have a cascading effect on others. My testimony today will
address our role in protecting the Nation's infrastructures,
our progress relating to water infrastructure issues, and
the need for continued trust and cooperation.
The FBI and America's
Water Resource Infrastructure
Federal Government
Role
With the signing of an executive
order, the new Office of Homeland Security will be responsible
for coordinating a wide variety of federal, state and local
security activities to combat terrorism. In the event of a
terrorist incident, the FBI is the lead federal agency for
crisis management and Federal Emergency Management Administration
(FEMA) is the lead for consequence management of the incident.
Both agencies are tasked with the coordination of overall
federal support to the affected state and local jurisdictions.
During a terrorist event involving a water/wastewater facility,
the Environmental Protection Agency (EPA), the lead federal
agency for the water sector, will support either the FBI or
FEMA in response to the incident. The FBI also maintains close
coordination with EPA in order to facilitate response planning
for terrorist incidents at facilities under the purview of
EPA. The National Infrastructure Protection Center (NIPC)/FBI
will continue to provide the water sector with timely, substantive,
and actionable information on specific threats to their sector.
Threat Environment
Based upon available intelligence
and investigative information, there are no specific credible
threats to major water ways or distribution networks at this
time. Due to the vital importance of water to all life forms,
however, the FBI considers all threats to attack the water
supply as serious threats.
The FBI coordinates a robust
and well exercised threat assessment process in order to assess
the credibility of communicated threats involving chemical,
biological and radiological/nuclear materials, including any
directed against the water infrastructure. This credibility
process utilizes specialized, technical, internal FBI assets
as well as technical experts from a number of other Federal
agencies, including, but not limited to: Department of Defense
(DoD), Department of Energy (DOE), Health and Human Services
(HHS), the EPA and FEMA. Communicated threats are normally
assessed from three viewpoints: operational practicality,
technical feasibility, and the behavioral resolve of the individual(s)
communicating the threat. A threat assessment may be conducted
via conference call, and a preliminary assessment will be
made within one hour of receipt of the threat at FBI Headquarters.
Depending on the circumstances,
a threat assessment conference call involving a specific water/wastewater
facility threat may include facility management/security personnel
as well. Upon assessment of the threat as credible, the FBI
will make appropriate notifications to other Federal agencies,
as appropriate, to initiate deployment, if necessary, of assets
to address the threat. The on-scene commander (OSC) will also
receive information on a recommended course of action to address
the situation.
Each FBI Field Office has a
Weapons of Mass Destruction (WMD) Coordinator whose primary
function is to coordinate the assessment of and response to
incidents involving the use or threatened use of chemical,
biological, and radiological/nuclear materials. Each WMD Coordinator
is tasked with establishing appropriate liaison with regional,
state and local emergency response personnel as well as with
critical facilities within each Field Office's jurisdiction
in order to facilitate notification and response to WMD incidents.
As a result of recent events, each FBI Field Office has been
instructed to reach out to critical facilities to re-establish
liaison contacts and ensure prompt notification and appropriate
response.
With regard to contamination
by biological agents, the Nation's water supply may seem to
be a logical target for a terrorist attack. In reality, targeting
the water supply may prove difficult. In order to be successful,
a terrorist would have to have large amounts of agent, and
some knowledge of the water supply network and access to critical
locations within the network. It is important to stress however,
that the FBI has no general or specific threat information
of a planned attack on the Nation's water supply. To summarize
the most important points:
- The contamination of a water
supply with a biological agent that causes illness or death
of victims is possible, but not probable.
- Contamination of a water
reservoir with a biological agent would likely not produce
a large risk to public health because of the dilution effect,
filtration and disinfection of the water.
- A successful attack would
require knowledge of, and access to, critical nodes of the
water supply network.
- A successful attack would
likely involve either disruption of the water treatment
process (e.g., destruction of plumbing or release of disinfectants)
or post-treatment contamination near the target.
In order to prevent contamination
of a water supply, local water works or utilities should maintain
a secure perimeter around the source (if possible) and the
treatment facility. In addition, security should be maintained
around critical nodes such as tunnels, pumping facilities,
storage facilities, and the network of water mains and subsidiary
pipes should be enhanced.
Biological agents can cause
disease through ingestion, but are not as deadly as they would
be if they were inhaled. Microorganisms vary in their stability
in water. Most bacteria and viruses are inactivated by the
chlorination process at water treatment facilities.
Most of the water supply threats
received in the last several years involve the threatened
release of a biological organism or toxin into a reservoir.
In order for this to be successful (i.e., to cause illness
or death), a terrorist would have to overcome the dilution
provided by the large volume of water in the reservoir. For
some organisms that require high doses to cause illness, producing
enough organisms can become a formidable task.
Contamination of a water storage
tower requires less material to cause disease, but would affect
only a small area. Enhanced physical security of critical
nodes in the network (such as water storage towers) and maintenance
and monitoring of adequate chlorine levels would reduce this
risk.
With regard to cyber-manipulation,
there are growing numbers of water supply systems that use
Supervisory Control And Data Acquisition (SCADA) systems,
the digital controls for pumps and treatment facilities. There
are vulnerabilities in this system that could lead to water
supply problems. In addition, more water system operators
are being given access to the Internet via the SCADA systems
local area network (LAN). As a result, water systems are more
likely to encounter denial of service attacks, viruses, and
other malicious programs, which could severely disrupt the
operation of these systems. However, most of the systems also
have the capability to run the treatment plant without using
these digital systems, if needed to protect public health.
Affecting a city-sized population
by a hazardous industrial chemical attack on a drinking water
supply is not credible. A hazardous industrial chemical attack
on a post-purification drinking water storage facility in
a small municipality or a building-specific target is likely
to be more credible but difficult to carry out with out site-specific
knowledge and access. To summarize the key facts:
- The amount of hazardous industrial
chemical needed to contaminate the drinking water supply
of a city-sized population center is enormous ("truck
loads").
- Quality control procedures
in place at water treatment facilities involve monitoring,
filtration and treatment of the water before it enters the
distribution infrastructure.
- Only 1 to 2% of the total
water consumption is used for drinking and preparation of
food.
- Contaminated sources can
be isolated from the distribution infrastructure. Furthermore
dilution, evaporation, and chemical and biological degradation
will also lessen the impact of a pre-treatment assault.
Dependence on Other
Key Infrastructures
There is a great deal of interdependency
between water and other infrastructures, the most important
being the electric power sector. If power is interrupted or
withdrawn, it affects the entire water system. To a lesser
degree, telecommunications service outages or system degradations
could affect remote control access to pivotal systems, and
a disruption to the nation's transportation infrastructure
could delay the delivery of needed chemicals for water purification.
Security Planning and
Coordination Efforts
The FBI continues to provide
leadership in its Presidentially-mandated mission to anticipate,
prevent, respond to, and resolve any terrorist incident. At
the national level, the FBI coordinates with its Federal agency
partners in various aspects of counter terrorism planning.
A number of initiatives have been underway within the last
several years at the federal level in order to increase domestic
preparedness for a terrorist incident, particularly one involving
WMD. These initiatives have included training and equipping
state and local "first responders", i.e., fire,
police, emergency medical services personnel who would be
the first to arrive on the scene of a WMD incident. While
not specifically designed for water infrastructure facilities,
these types of initiatives only serve to improve the coordination
of any type of WMD response. Water infrastructure facilities
should contact their local FBI field office in order to discuss
planning issues and to implement procedures to ensure effective
integration of national-level response assets, should an incident
occur at a facility.
Every state has its own Emergency
Response Plan (ERP) that coordinates entities to respond to
emergencies. These entities have routine practice drills and
utilize simulated scenarios in training. Within each agency,
there are emergency response teams that deal with chemical
contamination, spills, etc. All of these efforts are coordinated
closely with FEMA. The largest of the local utilities have
ERPs and the smaller ones are beginning to create them as
well. These ERPs deal most specifically with power outages
and loss of service. There is also a robust informal network
between the agencies.
Each FBI field office has a
WMD Incident Contingency Plan (WMDICP) which is prepared by
the WMD coordinator. These plans were designed to quickly
identify field office, as well as state, local and regional
Federal assets that can be called upon by the field office
to assist in the response to any type of WMD event. In formulation
of these plans, field offices have been instructed to identify
critical facilities as well as appropriate security contacts
at these facilities. While individual field office WMDICPs
may not include facilities such as water/wastewater facilities,
they would include regional assets (EPA and FEMA regional
offices, state and local public health labs, etc.) which would
greatly assist in the response to incidents at such facilities.
Local facilities should also be strongly encouraged to reach
out to their local FBI field offices for further coordination
and security planning assistance.
Threat Notification
At this time, the water sector
is at heightened alert, which means companies have taken additional
security measures such as increasing security patrols of physical
facilities and regular checks of gates and locks. All large
systems have ERP's in place and are well connected with state
emergency response personnel. Plans vary from system to system;
however, they all deal with such matters as evacuation, closing
the water supply to affected areas, providing public notice,
and providing bottled water and other uncontaminated alternatives.
The Association of Metropolitan Water Agencies (AMWA) also
provides NIPC's warnings to the Association of Metropolitan
Sewer Agencies (AMSA) which then notifies its constituency.
The NIPC/FBI currently disseminates
warning messages to AMWA, the prospective water sector Information
Sharing and Analysis Center (ISAC), in order to notify the
water sector as early as possible, of threats to facilities,
systems and networks. The timeliness and actionable content
of NIPC/FBI warning messages will be measurably enhanced when
the NIPC and the water sector establish a comprehensive, two-way
information-sharing program. The NIPC and AMWA, in fact, are
currently drafting standard operating procedures for such
an information-sharing effort. The NIPC-AMWA information sharing
program sets up, among other things, mechanisms for sending
water company incident reports to the NIPC/FBI and for more
expeditiously issuing substantive warning messages and threat
assessments to the water sector.
In response to a threat, the
FBI, as lead federal agency, coordinates the United States
Government's response. The response begins with a threat assessment
coordinated by the Weapons of Mass Destruction Operations
Unit (WMDOU). This is initiated when the FBI receives notification
of an incident or threat. WMDOU immediately notifies subject
matter experts and federal agencies with relevant authorities
to conduct a real-time assessment and determine the credibility
of the threat. Based on the credibility and scope of the threat,
WMDOU will coordinate an appropriate and tailored response
by federal assets and the owners and operators of the facility
to meet the requirements of the on-scene responders, and will
oversee the investigation to its successful conclusion.
The FBI currently manages a
number of programs in order to enhance real-time information
sharing, intelligence gathering, and provide timely dissemination
of threat warnings:
- The NIPC's Watch and Warning
Unit provides strategic analysis and warnings.
- The NIPC's InfraGard program
gathers information from InfraGard members, creates a report,
and disseminates it to other members.
- The NIPC's Key Asset Initiative
has identified over 5,700 entities vital to our national
security. 404 of those are water supply and treatment companies.
- The FBI Domestic Terrorism/Counter
Terrorism Planning Section works to enhance operational
cooperation and information sharing within the U.S. Intelligence
and law enforcement Community (USIC). Representatives from
20 federal agencies participate in the Center. Detailees
work their daily shifts side by side with FBI special agents
and analysts.
- The FBI currently heads Joint
Terrorism Task Forces (JTTFs) in 35 field offices across
the United States. JTTFs integrate the resources of federal,
state and local agencies in combating terrorism at the state,
local, and regional level. The JTTFs represent a valuable
resource for information regarding the local threat environment.
- The FBI manages the National
Threat Warning System (NTWS) to ensure that vital information
regarding terrorism reaches those in the U.S. counter terrorism
and law enforcement communities. Alert, advisory or assessment
messages are transmitted. Currently over 34 federal agencies
involved in the U.S. government's counter terrorism effort
receive information via secure teletype using this system.
The messages are also transmitted to all FBI Field Offices
and Foreign Liaison Posts. If the threat information requires
nationwide dissemination to all federal, state and local
law enforcement agencies, the FBI transmits messages via
the National Law Enforcement Telecommunications System (NLETS),
which reaches over 18,000 agencies.
- The FBI disseminates appropriate
threat warnings to over 40,000 companies in the private
sector via the unclassified Awareness of National Security
Issues and Response (ANSIR) Program.
National Infrastructure
Protection Center (NIPC)
The mission of the NIPC is to
provide "a national focal point for gathering information
on threats to the infrastructures" and to provide "the
principal means of facilitating and coordinating the Federal
Government's response to an incident, mitigating attacks,
investigating threats and monitoring reconstitution efforts."
Current guidelines defines critical infrastructures to include
"those physical and cyber-based systems essential to
the minimum operations of the economy and government,"
to include, without limitation, "telecommunications,
energy, banking and finance, transportation, water systems
and emergency services, both governmental and private."
The NIPC is the only organization in the federal government
with such a comprehensive national infrastructure protection
mission. The NIPC gathers together under one roof representatives
from, among others, the law enforcement, intelligence, and
defense communities, who collectively provide a unique analytical,
deterrence, and response perspective to threat and incident
information obtained from investigation, intelligence collection,
foreign liaison, and private sector cooperation. This perspective
ensures that no single "community" addresses threats
to critical infrastructures in a vacuum; rather, all information
is examined from a multi-discipline perspective for potential
impact as a security, defense, counterintelligence, terrorism
or law enforcement matter, and an appropriate response is
developed and implemented.
While developing our infrastructure
protection capabilities, the NIPC has held firm to two basic
tenets that grew from extensive study by the President's Commission
on Critical Infrastructure Protection. First, the government
can only respond effectively to threats by focusing on protecting
assets against attack while simultaneously identifying and
responding to those who nonetheless would attempt or succeed
in launching those attacks. And second, the government can
only help protect this nation's most critical infrastructures
by building and promoting a coalition of trust, one . . .
amongst all government agencies, two . . . between the government
and the private sector, three . . . amongst the different
business interests within the private sector itself, and four
. . . in concert with the greater international community.
Therefore, the NIPC has focused on developing its capacity
to warn, investigate, respond to, and build partnerships,
all at the same time. As our techniques continue to mature
and our trusted partnerships gel, we will continue to witness
ever-better results.
NIPC Watch Center and
Multi-Agency Staffing
The NIPC's Watch Center operates
around the clock and communicates daily with the DoD and its
Joint Task Force for Computer Network Operations (JTF-CNO).
The Watch Center is also connected to the watch centers of
several of our close allies. U.S. Army Major General Dave
Bryan, Commander of the JTF-CNO, recently remarked that, "The
NIPC and JTF-CNO have established an outstanding working relationship.
We have become interdependent, with each realizing that neither
can totally achieve its mission without the other." I
couldn't agree more. The NIPC's ability to fulfill the expectations
and needs of its Department of Defense component is achieved
by the inter-agency structure of the Center, which includes
the NIPC's Deputy Director Rear Admiral James Plehal, USNR,
and the NIPC's Executive Director, Steven Kaplan, a Supervisory
Special Agent from the Air Force Office of Special Investigations.
The staffing of these positions indicates the FBI's desire
for broad, high-level, multi-agency ownership of the NIPC
and our collective commitment to achieve meaningful and effective
coordination across the law enforcement, intelligence, defense,
and other critical government operations communities.
Within the Center, the NIPC
has full-time representatives from a dozen federal government
agencies, led in number by the FBI and the Department of Defense,
as well as from three foreign partners: the United Kingdom,
Canada, and Australia. We are partners with the General Services
Administration's Federal Computer Incident Response Capability
(FedCIRC), in order to further secure our government technology
systems and services. We also team up regularly with the EPA,
CIA, and NSA to work on matters of common concern.
Cooperative Relationships
Among Federal Agencies
The placement of the NIPC under
the jurisdiction of the FBI endows the Center with both the
authorities and the ability to combine law enforcement information
flowing into the NIPC from the FBI field offices with other
information streams derived from open, confidential, and classified
sources. This capability is unique in the federal government
for reasons of privacy and civil rights.
The NIPC has established effective
information sharing and cooperative investigative relationships
across the U.S. Government. A written protocol was signed
with the Department of Transportation's (DOT) Federal Aviation
Administration (FAA) which will reinforce how information
is shared between FAA and NIPC and how that information will
be communicated. This protocol documents a long-standing informal
process of information sharing between NIPC and FAA. Informal
arrangements have already been established with the Federal
Communications Commission, Department of Transportation's
(DOT) National Response Center, DOT Office of Pipeline Safety,
Department of Energy's Office of Emergency Management, and
others, which allow the NIPC to receive detailed sector-specific
incident reports in a timely manner. Formal information sharing
procedures should soon be completed with several other agencies,
including the National Coordinating Center for Telecommunications
and the FEMA's National Fire Administration.
The NIPC functions in a task
force-like way, coordinating investigations in a multitude
of jurisdictions, both domestically and internationally. This
is essential due to the transnational nature of cyber intrusions
and other critical infrastructure threats.
Interagency Coordination
Cell
To instill further cooperation
and establish an essential process to resolve conflicts among
investigative agencies, the NIPC asserted a leadership role
by forming an Interagency Coordination Cell (IACC) at the
Center. The IACC meets on a monthly basis and includes representation
from U.S. Secret Service, NASA, U.S. Postal Service, Department
of Defense Criminal Investigative Organizations, U.S. Customs,
Departments of Energy, State and Education, Social Security
Administration, Treasury Inspector General for Tax Administration
and the CIA. The cell works to resolve conflicts regarding
investigative and operational matters among agencies and assists
agencies in combining resources on matters of common interest.
The NIPC anticipates that this cell will expand to include
all investigative agencies and inspectors general in the federal
government having cyber or other critical infrastructure responsibilities.
As we noted in various Congressional hearings, including a
Senate hearing last week, the IACC has led to the formation
of several task forces and prevented intrusions and compromises
of U.S. Government systems. The IACC was instrumental in coordinating
the augmentation of the PENTTBOM investigation in the aftermath
of the September 11 attacks.
Warnings and Advisories
The NIPC sends out infrastructure
information to address cyber or infrastructure events with
possible significant impact. These are distributed to partners
in the private and public sectors. A number of recent advisories
sent out by the NIPC (see, for example, Advisory 01-022, titled
"Mass Mailing Worm W32.Nimda.A@mm") serve to demonstrate
the continued collaboration between the NIPC and its partner,
FedCIRC. The NIPC serves as a member of FedCIRC's Senior Advisory
Council and has daily contact with that entity as well as
a number of others including NSA and DoD's Joint Task Force
- Computer Network Operations (JTF-CNO). On issues of national
concern, the recent incidents involving the Leaves, Code Red
and Nimda worms are good examples of the NIPC's success in
working with the National Security Council and our partner
agencies to disseminate information and coordinate strategic
efforts in a timely and effective manner.
InfraGard Initiative
Over the past three years, the
FBI cultivated a number of initiatives that have developed
into increased capabilities, all of which are being actively
used to mitigate the terrorist threat and to prepare our response
to the events of September 11th. The NIPC has developed InfraGard
into the largest government/private sector joint partnership
for infrastructure protection in the world. We have taken
it from its humble roots of a few dozen members in just two
states to its current membership of over 2,000 partners, 31of
which are associated with aspects of the nation's water infrastructure.
It is the most extensive government-private sector partnership
for infrastructure protection in the world, and it is a service
we provide to InfraGard members free of charge. InfraGard
expands direct contacts with the private sector infrastructure
owners and operators and shares information about cyber intrusions
and other critical infrastructure vulnerabilities through
the formation of local InfraGard chapters within the jurisdiction
of each of the 56 FBI Field Offices and several of their Resident
Agencies (subdivisions of the larger field offices).
A key element of the InfraGard
initiative is the confidentiality of reporting by members.
The reporting entities edit out the identifying information
about themselves on the notices that are sent to other members
of the InfraGard network. This process is called sanitization
and it protects the information provided by the victim of
a cyber attack. Much of the information provided by the private
sector is proprietary and is treated as such. InfraGard provides
its membership the capability to write an encrypted sanitized
report for dissemination to other members. This measure helps
to build a trusted relationship with the private sector and
at the same time encourages other private sector companies
to report cyber attacks to law enforcement.
Key Asset Initiative
Since 1998, the NIPC has been
developing the FBI's Key Asset Initiative, identifying over
5,700 entities vital to our national security, including our
economic well-being. The information is maintained in a database
to support the broader effort to protect the critical infrastructures
against both physical and cyber threats. This initiative benefits
national security planning efforts by providing a better understanding
of the location, importance, contact information and crisis
management for critical infrastructure assets across the country.
We have worked with the DoD, EPA, and the Critical Infrastructure
Assurance Office (CIAO) in this regard. Following the September
11, 2001, events and at the request of the National Security
Council, the NIPC has leveraged the Key Asset Initiative to
undertake an all-agency effort to prepare a comprehensive,
centralized database of critical infrastructure assets in
the United States.
Information Sharing
and Analysis Centers
Our multi-agency team works
with current and soon to be established Information ISAC's,
which represent the critical infrastructures identified in
PDD-63, including those that represent the water, financial
services, electric power, telecommunications, and information
technology sectors. Since September 11th, we have provided
threat assessments on an ongoing basis for ISAC representatives
from those sectors. We are also connected with the18,000 police
departments and Sheriff's offices that bravely serve our nation
daily and in times of crisis. This past March, the NIPC and
the Emergency Law Enforcement Services Sector Forum completed
the nation's Emergency Law Enforcement Sector Plan together
with a "Guide for State and Local Law Enforcement Agencies."
This significant achievement represents the nation's first
and only completed sector plan and is being used as a model
by the other critical infrastructure sectors. Taken together,
the Plan and the Guide provide our emergency law enforcement
first responders with procedures that are immediately useful
to enhance the security of their data and communications systems.
Strategic Analysis
We have established four strategic
directions for our capability growth through 2005: prediction,
prevention, detection, and mitigation. None of these are new
concepts, but NIPC has renewed its focus on each of them in
order to strengthen our strategic analysis capabilities. NIPC
has worked to further strengthen its longstanding efforts
in the early detection and mitigation of cyber attacks. These
strategic directions will be significantly advanced by our
intensified cooperation with federal agencies and the private
sector. Our most ambitious strategic directions, prediction
and prevention, are intended to forestall attacks before they
occur. We are seeking ways to forecast or predict hostile
capabilities in much the same way that the military forecasts
weapons threats. The goal here is to forecast these threats
with sufficient warning to prevent them. A key to success
in these areas will be strengthened cooperation with intelligence
collectors and the application of sophisticated new analytic
tools to better learn from day-to-day trends. The strategy
of prevention is reminiscent of traditional community policing
programs but with our infrastructure partners and key system
vendors.
As we work on these strategic
directions, we will have many opportunities to stretch our
capabilities. With respect to all of these, the NIPC is committed
to continuous improvement through a sustained process of documenting
"lessons learned" from significant events. The NIPC
also remains committed to achieving all of its objectives
while upholding the fundamental Constitutional rights of our
citizens.
The NIPC is also enhancing its
strategic analysis capability through the "data warehousing
and data mining" project. This will allow the NIPC to
retrieve incident data originating from multiple sources.
Data warehousing includes the ability to conduct real-time
all-source analysis and report generation.
Improving Information
Sharing
The NIPC actively exchanges
information with private sector companies, the ISACs, members
of the InfraGard Initiative, and the public as part of the
NIPC's outreach and information sharing activities. Through
NIPC's aggressive outreach efforts, we receive incident reports
from the private sector. The NIPC has proven that it can properly
safeguard their information and disseminate warning messages
and useful information in return. Private sector reporting
of infrastructure incidents is partially responsible for the
issuance of more warnings each year.
Over the past two years the
NIPC and the North American Electric Reliability Council (NERC)the
ISAC for the electric power sectorhave established an
indications, analysis and warning program (IAW) program, which
makes possible the timely exchange of information valued by
both the NIPC and the electric power sector. This relationship
is possible because of a commitment both on the part of NERC
and the NIPC to build cooperative relations. Since the September
11 attacks, NIPC and NERC have held daily conference calls.
The close NERC-NIPC relationship is no accident, but the result
of two interrelated sets of actions. First, as Eugene Gorzelnik,
Director of Communications for the NERC, stated in his prepared
statement at the May 22, 2001 hearing before the Senate Judiciary
Committee's Subcommittee on Technology and Terrorism:
[The NERC Board of Trustees
in the late 1980s resolved that each electric utility should
develop a close working relationship with its local Federal
Bureau of Investigation (FBI) office, if it did not already
have such a relationship. The Board also said the NERC staff
should establish and maintain a working relationship with
the FBI at the national level.
Second, the NIPC and NERC worked
for over two years on building the successful partnership
that now exists. It took dedicated individuals in both organizations
to make it happen. The same type of relationship is now building
with the Water Resources Sector and the Association of Metropolitan
Water Agencies (AMWA). It is this success and dedication to
achieving results that the NIPC is working to emulate with
the other ISACs.
The NIPC also continues to meet
regularly with current and prospective ISACs from other sectors,
particularly the financial services (FS-ISAC), information
technology, water supply, and telecommunications (NCC-ISAC)
sectors, to develop and implement more formal information
sharing arrangements, drawing largely on the model developed
with the electric power sector. In the past, information exchanges
with these ISACs have consisted of a one-way flow of NIPC
warning messages and products being provided to the ISACs.
However, in recent months the NIPC has received greater participation
from sector companies as they become increasingly aware that
reporting to the NIPC enhances the value and timeliness of
NIPC warning products disseminated to their sector. Productive
discussions held more recently with the FS-ISAC and IT-ISAC,
in particular, should significantly advance a two-way information
exchange with the financial services industry. The NIPC is
currently working with the FS-ISAC, NCC-ISAC and prospective
ISACs to develop and test secure communication mechanisms,
which will facilitate the sharing of high-threshold, near
real-time incident information. In March 2001, we were commended
by the FS-ISAC for our advisory on e-commerce vulnerabilities
(NIPC Advisory 01-003). According to the FS-ISAC, that advisory,
coupled with the NIPC press conference on March 8, 2001, stopped
over 1600 attempted exploitations by hackers the day immediately
following the press conference.
Training
Over the past three years, NIPC
has provided training for more than 2,500 participants from
federal, state, local and foreign law enforcement and security
agencies. The NIPC's training program complements training
offered by the FBI's Training Division as well as training
offered by the DoD and the National Cyber Crime Training Partnership.
Trained investigators are essential to our successfully combating
computer intrusions.
Conclusion
The FBI and NIPC provide a national
focal point for gathering information on threats to the infrastructures,
and the principal means of facilitating and coordinating the
Federal Government's response to an incident. The FBI and
NIPC have been staffed with personnel from across a broad
spectrum of federal agencies, and undertaken several initiatives
to include the private sector as a principal partner in infrastructure
protection. The Water Supply Infrastructure is used by all
Americans every day, and we will continue our efforts to improve
trust and increase cooperation with the water sector and all
our public and private partners. We will continually improve
in the coming years in order to master the perpetually evolving
challenges involved with infrastructure protection and information
assurance. Thank you for inviting me here today, and I welcome
any questions you have.
|
|