Asst. FBI Director, Counter Terrorism Division Ronald L. Dick
Terrorism: Are America's Water Resources and Environment at Risk
House Committee on Transportation and Infrastructure
October 10, 2001
Mr. Chairman, Congressman DeFazio, and members of the committee, thank you for
inviting me here today to testify on the topic, "Terrorism: Are America's
Water Resources and Environment at Risk?" Holding this hearing demonstrates
your individual commitments to improving the security of our critical infrastructures
and this committee's leadership on this issue in Congress. Our work here is
vitally important because the stakes involved are enormous. The September 11
attacks on the World Trade Center, Pentagon and Pennsylvania have demonstrated
how a significant disruption to the transportation industry or any other critical
infrastructure will certainly have a cascading effect on others. My testimony
today will address our role in protecting the Nation's infrastructures, our
progress relating to water infrastructure issues, and the need for continued
trust and cooperation.
The FBI and America's Water Resource Infrastructure
Federal Government Role
With the signing of an executive order, the new Office of Homeland Security
will be responsible for coordinating a wide variety of federal, state and local
security activities to combat terrorism. In the event of a terrorist incident,
the FBI is the lead federal agency for crisis management and Federal Emergency
Management Administration (FEMA) is the lead for consequence management of the
incident. Both agencies are tasked with the coordination of overall federal
support to the affected state and local jurisdictions. During a terrorist event
involving a water/wastewater facility, the Environmental Protection Agency (EPA),
the lead federal agency for the water sector, will support either the FBI or
FEMA in response to the incident. The FBI also maintains close coordination
with EPA in order to facilitate response planning for terrorist incidents at
facilities under the purview of EPA. The National Infrastructure Protection
Center (NIPC)/FBI will continue to provide the water sector with timely, substantive,
and actionable information on specific threats to their sector.
Based upon available intelligence and investigative information, there are no
specific credible threats to major water ways or distribution networks at this
time. Due to the vital importance of water to all life forms, however, the FBI
considers all threats to attack the water supply as serious threats.
The FBI coordinates a robust and well exercised threat assessment process in
order to assess the credibility of communicated threats involving chemical,
biological and radiological/nuclear materials, including any directed against
the water infrastructure. This credibility process utilizes specialized, technical,
internal FBI assets as well as technical experts from a number of other Federal
agencies, including, but not limited to: Department of Defense (DoD), Department
of Energy (DOE), Health and Human Services (HHS), the EPA and FEMA. Communicated
threats are normally assessed from three viewpoints: operational practicality,
technical feasibility, and the behavioral resolve of the individual(s) communicating
the threat. A threat assessment may be conducted via conference call, and a
preliminary assessment will be made within one hour of receipt of the threat
at FBI Headquarters.
Depending on the circumstances, a threat assessment conference call involving
a specific water/wastewater facility threat may include facility management/security
personnel as well. Upon assessment of the threat as credible, the FBI will make
appropriate notifications to other Federal agencies, as appropriate, to initiate
deployment, if necessary, of assets to address the threat. The on-scene commander
(OSC) will also receive information on a recommended course of action to address
Each FBI Field Office has a Weapons of Mass Destruction (WMD) Coordinator whose
primary function is to coordinate the assessment of and response to incidents
involving the use or threatened use of chemical, biological, and radiological/nuclear
materials. Each WMD Coordinator is tasked with establishing appropriate liaison
with regional, state and local emergency response personnel as well as with
critical facilities within each Field Office's jurisdiction in order to facilitate
notification and response to WMD incidents. As a result of recent events, each
FBI Field Office has been instructed to reach out to critical facilities to
re-establish liaison contacts and ensure prompt notification and appropriate
With regard to contamination by biological agents, the Nation's water supply
may seem to be a logical target for a terrorist attack. In reality, targeting
the water supply may prove difficult. In order to be successful, a terrorist
would have to have large amounts of agent, and some knowledge of the water supply
network and access to critical locations within the network. It is important
to stress however, that the FBI has no general or specific threat information
of a planned attack on the Nation's water supply. To summarize the most important
The contamination of a water supply with a biological agent that causes
illness or death of victims is possible, but not probable.
Contamination of a water reservoir with a biological agent would likely
not produce a large risk to public health because of the dilution effect,
filtration and disinfection of the water.
A successful attack would require knowledge of, and access to, critical
nodes of the water supply network.
A successful attack would likely involve either disruption of the water
treatment process (e.g., destruction of plumbing or release of disinfectants)
or post-treatment contamination near the target.
In order to prevent contamination of a water supply, local water works
or utilities should maintain a secure perimeter around the source (if possible)
and the treatment facility. In addition, security should be maintained around
critical nodes such as tunnels, pumping facilities, storage facilities,
and the network of water mains and subsidiary pipes should be enhanced.
Biological agents can cause disease through ingestion, but are not as deadly
as they would be if they were inhaled. Microorganisms vary in their stability
in water. Most bacteria and viruses are inactivated by the chlorination process
at water treatment facilities.
Most of the water supply threats received in the last several years involve
the threatened release of a biological organism or toxin into a reservoir. In
order for this to be successful (i.e., to cause illness or death), a terrorist
would have to overcome the dilution provided by the large volume of water in
the reservoir. For some organisms that require high doses to cause illness,
producing enough organisms can become a formidable task.
Contamination of a water storage tower requires less material to cause disease,
but would affect only a small area. Enhanced physical security of critical nodes
in the network (such as water storage towers) and maintenance and monitoring
of adequate chlorine levels would reduce this risk.
With regard to cyber-manipulation, there are growing numbers of water supply
systems that use Supervisory Control And Data Acquisition (SCADA) systems, the
digital controls for pumps and treatment facilities. There are vulnerabilities
in this system that could lead to water supply problems. In addition, more water
system operators are being given access to the Internet via the SCADA systems
local area network (LAN). As a result, water systems are more likely to encounter
denial of service attacks, viruses, and other malicious programs, which could
severely disrupt the operation of these systems. However, most of the systems
also have the capability to run the treatment plant without using these digital
systems, if needed to protect public health.
Affecting a city-sized population by a hazardous industrial chemical attack
on a drinking water supply is not credible. A hazardous industrial chemical
attack on a post-purification drinking water storage facility in a small municipality
or a building-specific target is likely to be more credible but difficult to
carry out with out site-specific knowledge and access. To summarize the key
The amount of hazardous industrial chemical needed to contaminate the
drinking water supply of a city-sized population center is enormous ("truck
Quality control procedures in place at water treatment facilities involve
monitoring, filtration and treatment of the water before it enters the distribution
Only 1 to 2% of the total water consumption is used for drinking and preparation
Contaminated sources can be isolated from the distribution infrastructure.
Furthermore dilution, evaporation, and chemical and biological degradation
will also lessen the impact of a pre-treatment assault.
Dependence on Other Key Infrastructures
There is a great deal of interdependency between water and other infrastructures,
the most important being the electric power sector. If power is interrupted
or withdrawn, it affects the entire water system. To a lesser degree, telecommunications
service outages or system degradations could affect remote control access to
pivotal systems, and a disruption to the nation's transportation infrastructure
could delay the delivery of needed chemicals for water purification.
Security Planning and Coordination Efforts
The FBI continues to provide leadership in its Presidentially-mandated mission
to anticipate, prevent, respond to, and resolve any terrorist incident. At the
national level, the FBI coordinates with its Federal agency partners in various
aspects of counter terrorism planning. A number of initiatives have been underway
within the last several years at the federal level in order to increase domestic
preparedness for a terrorist incident, particularly one involving WMD. These
initiatives have included training and equipping state and local "first
responders", i.e., fire, police, emergency medical services personnel who
would be the first to arrive on the scene of a WMD incident. While not specifically
designed for water infrastructure facilities, these types of initiatives only
serve to improve the coordination of any type of WMD response. Water infrastructure
facilities should contact their local FBI field office in order to discuss planning
issues and to implement procedures to ensure effective integration of national-level
response assets, should an incident occur at a facility.
Every state has its own Emergency Response Plan (ERP) that coordinates entities
to respond to emergencies. These entities have routine practice drills and utilize
simulated scenarios in training. Within each agency, there are emergency response
teams that deal with chemical contamination, spills, etc. All of these efforts
are coordinated closely with FEMA. The largest of the local utilities have ERPs
and the smaller ones are beginning to create them as well. These ERPs deal most
specifically with power outages and loss of service. There is also a robust
informal network between the agencies.
Each FBI field office has a WMD Incident Contingency Plan (WMDICP) which is
prepared by the WMD coordinator. These plans were designed to quickly identify
field office, as well as state, local and regional Federal assets that can be
called upon by the field office to assist in the response to any type of WMD
event. In formulation of these plans, field offices have been instructed to
identify critical facilities as well as appropriate security contacts at these
facilities. While individual field office WMDICPs may not include facilities
such as water/wastewater facilities, they would include regional assets (EPA
and FEMA regional offices, state and local public health labs, etc.) which would
greatly assist in the response to incidents at such facilities. Local facilities
should also be strongly encouraged to reach out to their local FBI field offices
for further coordination and security planning assistance.
At this time, the water sector is at heightened alert, which means companies
have taken additional security measures such as increasing security patrols
of physical facilities and regular checks of gates and locks. All large systems
have ERP's in place and are well connected with state emergency response personnel.
Plans vary from system to system; however, they all deal with such matters as
evacuation, closing the water supply to affected areas, providing public notice,
and providing bottled water and other uncontaminated alternatives. The Association
of Metropolitan Water Agencies (AMWA) also provides NIPC's warnings to the Association
of Metropolitan Sewer Agencies (AMSA) which then notifies its constituency.
The NIPC/FBI currently disseminates warning messages to AMWA, the prospective
water sector Information Sharing and Analysis Center (ISAC), in order to notify
the water sector as early as possible, of threats to facilities, systems and
networks. The timeliness and actionable content of NIPC/FBI warning messages
will be measurably enhanced when the NIPC and the water sector establish a comprehensive,
two-way information-sharing program. The NIPC and AMWA, in fact, are currently
drafting standard operating procedures for such an information-sharing effort.
The NIPC-AMWA information sharing program sets up, among other things, mechanisms
for sending water company incident reports to the NIPC/FBI and for more expeditiously
issuing substantive warning messages and threat assessments to the water sector.
In response to a threat, the FBI, as lead federal agency, coordinates the United
States Government's response. The response begins with a threat assessment coordinated
by the Weapons of Mass Destruction Operations Unit (WMDOU). This is initiated
when the FBI receives notification of an incident or threat. WMDOU immediately
notifies subject matter experts and federal agencies with relevant authorities
to conduct a real-time assessment and determine the credibility of the threat.
Based on the credibility and scope of the threat, WMDOU will coordinate an appropriate
and tailored response by federal assets and the owners and operators of the
facility to meet the requirements of the on-scene responders, and will oversee
the investigation to its successful conclusion.
The FBI currently manages a number of programs in order to enhance real-time
information sharing, intelligence gathering, and provide timely dissemination
of threat warnings:
The NIPC's Watch and Warning Unit provides strategic analysis and warnings.
The NIPC's InfraGard program gathers information from InfraGard members, creates
a report, and disseminates it to other members.
The NIPC's Key Asset Initiative has identified over 5,700 entities vital to
our national security. 404 of those are water supply and treatment companies.
The FBI Domestic Terrorism/Counter Terrorism Planning Section works to enhance
operational cooperation and information sharing within the U.S. Intelligence
and law enforcement Community (USIC). Representatives from 20 federal agencies
participate in the Center. Detailees work their daily shifts side by side with
FBI special agents and analysts.
The FBI currently heads Joint Terrorism Task Forces (JTTFs) in 35 field offices
across the United States. JTTFs integrate the resources of federal, state and
local agencies in combating terrorism at the state, local, and regional level.
The JTTFs represent a valuable resource for information regarding the local
The FBI manages the National Threat Warning System (NTWS) to ensure that vital
information regarding terrorism reaches those in the U.S. counter terrorism
and law enforcement communities. Alert, advisory or assessment messages are
transmitted. Currently over 34 federal agencies involved in the U.S. government's
counter terrorism effort receive information via secure teletype using this
system. The messages are also transmitted to all FBI Field Offices and Foreign
Liaison Posts. If the threat information requires nationwide dissemination to
all federal, state and local law enforcement agencies, the FBI transmits messages
via the National Law Enforcement Telecommunications System (NLETS), which reaches
over 18,000 agencies.
The FBI disseminates appropriate threat warnings to over 40,000 companies in
the private sector via the unclassified Awareness of National Security Issues
and Response (ANSIR) Program.
National Infrastructure Protection Center (NIPC)
The mission of the NIPC is to provide "a national focal point for gathering
information on threats to the infrastructures" and to provide "the
principal means of facilitating and coordinating the Federal Government's response
to an incident, mitigating attacks, investigating threats and monitoring reconstitution
efforts." Current guidelines defines critical infrastructures to include
"those physical and cyber-based systems essential to the minimum operations
of the economy and government," to include, without limitation, "telecommunications,
energy, banking and finance, transportation, water systems and emergency services,
both governmental and private." The NIPC is the only organization in the
federal government with such a comprehensive national infrastructure protection
mission. The NIPC gathers together under one roof representatives from, among
others, the law enforcement, intelligence, and defense communities, who collectively
provide a unique analytical, deterrence, and response perspective to threat
and incident information obtained from investigation, intelligence collection,
foreign liaison, and private sector cooperation. This perspective ensures that
no single "community" addresses threats to critical infrastructures
in a vacuum; rather, all information is examined from a multi-discipline perspective
for potential impact as a security, defense, counterintelligence, terrorism
or law enforcement matter, and an appropriate response is developed and implemented.
While developing our infrastructure protection capabilities, the NIPC has held
firm to two basic tenets that grew from extensive study by the President's Commission
on Critical Infrastructure Protection. First, the government can only respond
effectively to threats by focusing on protecting assets against attack while
simultaneously identifying and responding to those who nonetheless would attempt
or succeed in launching those attacks. And second, the government can only help
protect this nation's most critical infrastructures by building and promoting
a coalition of trust, one . . . amongst all government agencies, two . . . between
the government and the private sector, three . . . amongst the different business
interests within the private sector itself, and four . . . in concert with the
greater international community. Therefore, the NIPC has focused on developing
its capacity to warn, investigate, respond to, and build partnerships, all at
the same time. As our techniques continue to mature and our trusted partnerships
gel, we will continue to witness ever-better results.
NIPC Watch Center and Multi-Agency Staffing
The NIPC's Watch Center operates around the clock and communicates daily with
the DoD and its Joint Task Force for Computer Network Operations (JTF-CNO).
The Watch Center is also connected to the watch centers of several of our close
allies. U.S. Army Major General Dave Bryan, Commander of the JTF-CNO, recently
remarked that, "The NIPC and JTF-CNO have established an outstanding working
relationship. We have become interdependent, with each realizing that neither
can totally achieve its mission without the other." I couldn't agree more.
The NIPC's ability to fulfill the expectations and needs of its Department of
Defense component is achieved by the inter-agency structure of the Center, which
includes the NIPC's Deputy Director Rear Admiral James Plehal, USNR, and the
NIPC's Executive Director, Steven Kaplan, a Supervisory Special Agent from the
Air Force Office of Special Investigations. The staffing of these positions
indicates the FBI's desire for broad, high-level, multi-agency ownership of
the NIPC and our collective commitment to achieve meaningful and effective coordination
across the law enforcement, intelligence, defense, and other critical government
Within the Center, the NIPC has full-time representatives from a dozen federal
government agencies, led in number by the FBI and the Department of Defense,
as well as from three foreign partners: the United Kingdom, Canada, and Australia.
We are partners with the General Services Administration's Federal Computer
Incident Response Capability (FedCIRC), in order to further secure our government
technology systems and services. We also team up regularly with the EPA, CIA,
and NSA to work on matters of common concern.
Cooperative Relationships Among Federal Agencies
The placement of the NIPC under the jurisdiction of the FBI endows the Center
with both the authorities and the ability to combine law enforcement information
flowing into the NIPC from the FBI field offices with other information streams
derived from open, confidential, and classified sources. This capability is
unique in the federal government for reasons of privacy and civil rights.
The NIPC has established effective information sharing and cooperative investigative
relationships across the U.S. Government. A written protocol was signed with
the Department of Transportation's (DOT) Federal Aviation Administration (FAA)
which will reinforce how information is shared between FAA and NIPC and how
that information will be communicated. This protocol documents a long-standing
informal process of information sharing between NIPC and FAA. Informal arrangements
have already been established with the Federal Communications Commission, Department
of Transportation's (DOT) National Response Center, DOT Office of Pipeline Safety,
Department of Energy's Office of Emergency Management, and others, which allow
the NIPC to receive detailed sector-specific incident reports in a timely manner.
Formal information sharing procedures should soon be completed with several
other agencies, including the National Coordinating Center for Telecommunications
and the FEMA's National Fire Administration.
The NIPC functions in a task force-like way, coordinating investigations in
a multitude of jurisdictions, both domestically and internationally. This is
essential due to the transnational nature of cyber intrusions and other critical
Interagency Coordination Cell
To instill further cooperation and establish an essential process to resolve
conflicts among investigative agencies, the NIPC asserted a leadership role
by forming an Interagency Coordination Cell (IACC) at the Center. The IACC meets
on a monthly basis and includes representation from U.S. Secret Service, NASA,
U.S. Postal Service, Department of Defense Criminal Investigative Organizations,
U.S. Customs, Departments of Energy, State and Education, Social Security Administration,
Treasury Inspector General for Tax Administration and the CIA. The cell works
to resolve conflicts regarding investigative and operational matters among agencies
and assists agencies in combining resources on matters of common interest. The
NIPC anticipates that this cell will expand to include all investigative agencies
and inspectors general in the federal government having cyber or other critical
infrastructure responsibilities. As we noted in various Congressional hearings,
including a Senate hearing last week, the IACC has led to the formation of several
task forces and prevented intrusions and compromises of U.S. Government systems.
The IACC was instrumental in coordinating the augmentation of the PENTTBOM investigation
in the aftermath of the September 11 attacks.
Warnings and Advisories
The NIPC sends out infrastructure information to address cyber or infrastructure
events with possible significant impact. These are distributed to partners in
the private and public sectors. A number of recent advisories sent out by the
NIPC (see, for example, Advisory 01-022, titled "Mass Mailing Worm W32.Nimda.A@mm")
serve to demonstrate the continued collaboration between the NIPC and its partner,
FedCIRC. The NIPC serves as a member of FedCIRC's Senior Advisory Council and
has daily contact with that entity as well as a number of others including NSA
and DoD's Joint Task Force - Computer Network Operations (JTF-CNO). On issues
of national concern, the recent incidents involving the Leaves, Code Red and
Nimda worms are good examples of the NIPC's success in working with the National
Security Council and our partner agencies to disseminate information and coordinate
strategic efforts in a timely and effective manner.
Over the past three years, the FBI cultivated a number of initiatives that have
developed into increased capabilities, all of which are being actively used
to mitigate the terrorist threat and to prepare our response to the events of
September 11th. The NIPC has developed InfraGard into the largest government/private
sector joint partnership for infrastructure protection in the world. We have
taken it from its humble roots of a few dozen members in just two states to
its current membership of over 2,000 partners, 31of which are associated with
aspects of the nation's water infrastructure. It is the most extensive government-private
sector partnership for infrastructure protection in the world, and it is a service
we provide to InfraGard members free of charge. InfraGard expands direct contacts
with the private sector infrastructure owners and operators and shares information
about cyber intrusions and other critical infrastructure vulnerabilities through
the formation of local InfraGard chapters within the jurisdiction of each of
the 56 FBI Field Offices and several of their Resident Agencies (subdivisions
of the larger field offices).
A key element of the InfraGard initiative is the confidentiality of reporting
by members. The reporting entities edit out the identifying information about
themselves on the notices that are sent to other members of the InfraGard network.
This process is called sanitization and it protects the information provided
by the victim of a cyber attack. Much of the information provided by the private
sector is proprietary and is treated as such. InfraGard provides its membership
the capability to write an encrypted sanitized report for dissemination to other
members. This measure helps to build a trusted relationship with the private
sector and at the same time encourages other private sector companies to report
cyber attacks to law enforcement.
Key Asset Initiative
Since 1998, the NIPC has been developing the FBI's Key Asset Initiative, identifying
over 5,700 entities vital to our national security, including our economic well-being.
The information is maintained in a database to support the broader effort to
protect the critical infrastructures against both physical and cyber threats.
This initiative benefits national security planning efforts by providing a better
understanding of the location, importance, contact information and crisis management
for critical infrastructure assets across the country. We have worked with the
DoD, EPA, and the Critical Infrastructure Assurance Office (CIAO) in this regard.
Following the September 11, 2001, events and at the request of the National
Security Council, the NIPC has leveraged the Key Asset Initiative to undertake
an all-agency effort to prepare a comprehensive, centralized database of critical
infrastructure assets in the United States.
Information Sharing and Analysis Centers
Our multi-agency team works with current and soon to be established Information
ISAC's, which represent the critical infrastructures identified in PDD-63, including
those that represent the water, financial services, electric power, telecommunications,
and information technology sectors. Since September 11th, we have provided threat
assessments on an ongoing basis for ISAC representatives from those sectors.
We are also connected with the18,000 police departments and Sheriff's offices
that bravely serve our nation daily and in times of crisis. This past March,
the NIPC and the Emergency Law Enforcement Services Sector Forum completed the
nation's Emergency Law Enforcement Sector Plan together with a "Guide for
State and Local Law Enforcement Agencies." This significant achievement
represents the nation's first and only completed sector plan and is being used
as a model by the other critical infrastructure sectors. Taken together, the
Plan and the Guide provide our emergency law enforcement first responders with
procedures that are immediately useful to enhance the security of their data
and communications systems.
We have established four strategic directions for our capability growth through
2005: prediction, prevention, detection, and mitigation. None of these are new
concepts, but NIPC has renewed its focus on each of them in order to strengthen
our strategic analysis capabilities. NIPC has worked to further strengthen its
longstanding efforts in the early detection and mitigation of cyber attacks.
These strategic directions will be significantly advanced by our intensified
cooperation with federal agencies and the private sector. Our most ambitious
strategic directions, prediction and prevention, are intended to forestall attacks
before they occur. We are seeking ways to forecast or predict hostile capabilities
in much the same way that the military forecasts weapons threats. The goal here
is to forecast these threats with sufficient warning to prevent them. A key
to success in these areas will be strengthened cooperation with intelligence
collectors and the application of sophisticated new analytic tools to better
learn from day-to-day trends. The strategy of prevention is reminiscent of traditional
community policing programs but with our infrastructure partners and key system
As we work on these strategic directions, we will have many opportunities to
stretch our capabilities. With respect to all of these, the NIPC is committed
to continuous improvement through a sustained process of documenting "lessons
learned" from significant events. The NIPC also remains committed to achieving
all of its objectives while upholding the fundamental Constitutional rights
of our citizens.
The NIPC is also enhancing its strategic analysis capability through the "data
warehousing and data mining" project. This will allow the NIPC to retrieve
incident data originating from multiple sources. Data warehousing includes the
ability to conduct real-time all-source analysis and report generation.
Improving Information Sharing
The NIPC actively exchanges information with private sector companies, the ISACs,
members of the InfraGard Initiative, and the public as part of the NIPC's outreach
and information sharing activities. Through NIPC's aggressive outreach efforts,
we receive incident reports from the private sector. The NIPC has proven that
it can properly safeguard their information and disseminate warning messages
and useful information in return. Private sector reporting of infrastructure
incidents is partially responsible for the issuance of more warnings each year.
Over the past two years the NIPC and the North American Electric Reliability
Council (NERC)the ISAC for the electric power sectorhave established
an indications, analysis and warning program (IAW) program, which makes possible
the timely exchange of information valued by both the NIPC and the electric
power sector. This relationship is possible because of a commitment both on
the part of NERC and the NIPC to build cooperative relations. Since the September
11 attacks, NIPC and NERC have held daily conference calls. The close NERC-NIPC
relationship is no accident, but the result of two interrelated sets of actions.
First, as Eugene Gorzelnik, Director of Communications for the NERC, stated
in his prepared statement at the May 22, 2001 hearing before the Senate Judiciary
Committee's Subcommittee on Technology and Terrorism:
The NERC Board of Trustees in the late 1980s resolved that each electric utility
should develop a close working relationship with its local Federal Bureau of
Investigation (FBI) office, if it did not already have such a relationship.
The Board also said the NERC staff should establish and maintain a working relationship
with the FBI at the national level.
Second, the NIPC and NERC worked for over two years on building the successful
partnership that now exists. It took dedicated individuals in both organizations
to make it happen. The same type of relationship is now building with the Water
Resources Sector and the Association of Metropolitan Water Agencies (AMWA).
It is this success and dedication to achieving results that the NIPC is working
to emulate with the other ISACs.
The NIPC also continues to meet regularly with current and prospective ISACs
from other sectors, particularly the financial services (FS-ISAC), information
technology, water supply, and telecommunications (NCC-ISAC) sectors, to develop
and implement more formal information sharing arrangements, drawing largely
on the model developed with the electric power sector. In the past, information
exchanges with these ISACs have consisted of a one-way flow of NIPC warning
messages and products being provided to the ISACs. However, in recent months
the NIPC has received greater participation from sector companies as they become
increasingly aware that reporting to the NIPC enhances the value and timeliness
of NIPC warning products disseminated to their sector. Productive discussions
held more recently with the FS-ISAC and IT-ISAC, in particular, should significantly
advance a two-way information exchange with the financial services industry.
The NIPC is currently working with the FS-ISAC, NCC-ISAC and prospective ISACs
to develop and test secure communication mechanisms, which will facilitate the
sharing of high-threshold, near real-time incident information. In March 2001,
we were commended by the FS-ISAC for our advisory on e-commerce vulnerabilities
(NIPC Advisory 01-003). According to the FS-ISAC, that advisory, coupled with
the NIPC press conference on March 8, 2001, stopped over 1600 attempted exploitations
by hackers the day immediately following the press conference.
Over the past three years, NIPC has provided training for more than 2,500 participants
from federal, state, local and foreign law enforcement and security agencies.
The NIPC's training program complements training offered by the FBI's Training
Division as well as training offered by the DoD and the National Cyber Crime
Training Partnership. Trained investigators are essential to our successfully
combating computer intrusions.
The FBI and NIPC provide a national focal point for gathering information on
threats to the infrastructures, and the principal means of facilitating and
coordinating the Federal Government's response to an incident. The FBI and NIPC
have been staffed with personnel from across a broad spectrum of federal agencies,
and undertaken several initiatives to include the private sector as a principal
partner in infrastructure protection. The Water Supply Infrastructure is used
by all Americans every day, and we will continue our efforts to improve trust
and increase cooperation with the water sector and all our public and private
partners. We will continually improve in the coming years in order to master
the perpetually evolving challenges involved with infrastructure protection
and information assurance. Thank you for inviting me here today, and I welcome
any questions you have.