 |
Patriot Resource Index
September 11, 2001 Index
Federal Response
Listings By Date:
October 10, 2001
Federal: Oct 10-12 '01
Justice Dept: Oct '01
September 11, 2001 Index
Background
International Response
Presidential Response
Timelines
Links & Other Resources
Search the Site
Site Map
Contact Us
PatriotResource.com:
Main Index
Film Index
Film: Gladiator
Film: National Treasure
Film: The Patriot
Film: Tombstone
Films: General
Films: Fantasy
Films: SciFi
History: 1775-1781
History: September 11th
Lord of the Rings
NORAM Road Trips
OtherWorld: Index
TV Series: Index
TV: Battlestar Galactica
TV: Caprica
TV: Deadliest Catch
TV: Lost
TV Series: Action
TV Series: Animated
TV: BBC Presentations
TV Series: Comedy
TV Series: Drama
TV: Fantasy/SciFi
TV Series: Western
TV Series: Reviews
September 11, 2001 IndexFederal ResponseListings By Date:
October 10, 2001
Federal: Oct 10-12 '01
Justice Dept: Oct '01
September 11, 2001 IndexBackgroundInternational ResponsePresidential ResponseTimelinesLinks & Other ResourcesSite Map
Contact Us
Main Index
Film Index
Film: Gladiator
Film: National Treasure
Film: The Patriot
Film: Tombstone
Films: General
Films: Fantasy
Films: SciFi
History: 1775-1781
History: September 11th
Lord of the Rings
NORAM Road Trips
OtherWorld: Index
TV Series: Index
TV: Battlestar Galactica
TV: Caprica
TV: Deadliest Catch
TV: Lost
TV Series: Action
TV Series: Animated
TV: BBC Presentations
TV Series: Comedy
TV Series: Drama
TV: Fantasy/SciFi
TV Series: Western
TV Series: Reviews
Dep. Asst. FBI Director, Counter Terrorism Division Ronald L. Dick
Terrorism: Are America's Water Resources and Environment at Risk
House Committee on Transportation and Infrastructure
Washington, D.C.
October 10, 2001
Mr. Chairman, Congressman DeFazio, and members of the committee, thank you for inviting me here today to testify on the topic, "Terrorism: Are America's Water Resources and Environment at Risk?" Holding this hearing demonstrates your individual commitments to improving the security of our critical infrastructures and this committee's leadership on this issue in Congress. Our work here is vitally important because the stakes involved are enormous. The September 11 attacks on the World Trade Center, Pentagon and Pennsylvania have demonstrated how a significant disruption to the transportation industry or any other critical infrastructure will certainly have a cascading effect on others. My testimony today will address our role in protecting the Nation's infrastructures, our progress relating to water infrastructure issues, and the need for continued trust and cooperation.
The FBI and America's Water Resource Infrastructure
Federal Government Role
With the signing of an executive order, the new Office of Homeland Security will be responsible for coordinating a wide variety of federal, state and local security activities to combat terrorism. In the event of a terrorist incident, the FBI is the lead federal agency for crisis management and Federal Emergency Management Administration (FEMA) is the lead for consequence management of the incident. Both agencies are tasked with the coordination of overall federal support to the affected state and local jurisdictions. During a terrorist event involving a water/wastewater facility, the Environmental Protection Agency (EPA), the lead federal agency for the water sector, will support either the FBI or FEMA in response to the incident. The FBI also maintains close coordination with EPA in order to facilitate response planning for terrorist incidents at facilities under the purview of EPA. The National Infrastructure Protection Center (NIPC)/FBI will continue to provide the water sector with timely, substantive, and actionable information on specific threats to their sector.
Threat Environment
Based upon available intelligence and investigative information, there are no specific credible threats to major water ways or distribution networks at this time. Due to the vital importance of water to all life forms, however, the FBI considers all threats to attack the water supply as serious threats.
The FBI coordinates a robust and well exercised threat assessment process in order to assess the credibility of communicated threats involving chemical, biological and radiological/nuclear materials, including any directed against the water infrastructure. This credibility process utilizes specialized, technical, internal FBI assets as well as technical experts from a number of other Federal agencies, including, but not limited to: Department of Defense (DoD), Department of Energy (DOE), Health and Human Services (HHS), the EPA and FEMA. Communicated threats are normally assessed from three viewpoints: operational practicality, technical feasibility, and the behavioral resolve of the individual(s) communicating the threat. A threat assessment may be conducted via conference call, and a preliminary assessment will be made within one hour of receipt of the threat at FBI Headquarters.
Depending on the circumstances, a threat assessment conference call involving a specific water/wastewater facility threat may include facility management/security personnel as well. Upon assessment of the threat as credible, the FBI will make appropriate notifications to other Federal agencies, as appropriate, to initiate deployment, if necessary, of assets to address the threat. The on-scene commander (OSC) will also receive information on a recommended course of action to address the situation.
Each FBI Field Office has a Weapons of Mass Destruction (WMD) Coordinator whose primary function is to coordinate the assessment of and response to incidents involving the use or threatened use of chemical, biological, and radiological/nuclear materials. Each WMD Coordinator is tasked with establishing appropriate liaison with regional, state and local emergency response personnel as well as with critical facilities within each Field Office's jurisdiction in order to facilitate notification and response to WMD incidents. As a result of recent events, each FBI Field Office has been instructed to reach out to critical facilities to re-establish liaison contacts and ensure prompt notification and appropriate response.
With regard to contamination by biological agents, the Nation's water supply may seem to be a logical target for a terrorist attack. In reality, targeting the water supply may prove difficult. In order to be successful, a terrorist would have to have large amounts of agent, and some knowledge of the water supply network and access to critical locations within the network. It is important to stress however, that the FBI has no general or specific threat information of a planned attack on the Nation's water supply. To summarize the most important points:
- The contamination of a water supply with a biological agent that causes
illness or death of victims is possible, but not probable.
- Contamination of a water reservoir with a biological agent would likely
not produce a large risk to public health because of the dilution effect,
filtration and disinfection of the water.
- A successful attack would require knowledge of, and access to, critical
nodes of the water supply network.
- A successful attack would likely involve either disruption of the water
treatment process (e.g., destruction of plumbing or release of disinfectants)
or post-treatment contamination near the target.
- In order to prevent contamination of a water supply, local water works or utilities should maintain a secure perimeter around the source (if possible) and the treatment facility. In addition, security should be maintained around critical nodes such as tunnels, pumping facilities, storage facilities, and the network of water mains and subsidiary pipes should be enhanced.
Most of the water supply threats received in the last several years involve the threatened release of a biological organism or toxin into a reservoir. In order for this to be successful (i.e., to cause illness or death), a terrorist would have to overcome the dilution provided by the large volume of water in the reservoir. For some organisms that require high doses to cause illness, producing enough organisms can become a formidable task.
Contamination of a water storage tower requires less material to cause disease, but would affect only a small area. Enhanced physical security of critical nodes in the network (such as water storage towers) and maintenance and monitoring of adequate chlorine levels would reduce this risk.
With regard to cyber-manipulation, there are growing numbers of water supply systems that use Supervisory Control And Data Acquisition (SCADA) systems, the digital controls for pumps and treatment facilities. There are vulnerabilities in this system that could lead to water supply problems. In addition, more water system operators are being given access to the Internet via the SCADA systems local area network (LAN). As a result, water systems are more likely to encounter denial of service attacks, viruses, and other malicious programs, which could severely disrupt the operation of these systems. However, most of the systems also have the capability to run the treatment plant without using these digital systems, if needed to protect public health.
Affecting a city-sized population by a hazardous industrial chemical attack on a drinking water supply is not credible. A hazardous industrial chemical attack on a post-purification drinking water storage facility in a small municipality or a building-specific target is likely to be more credible but difficult to carry out with out site-specific knowledge and access. To summarize the key facts:
- The amount of hazardous industrial chemical needed to contaminate the
drinking water supply of a city-sized population center is enormous ("truck
loads").
- Quality control procedures in place at water treatment facilities involve
monitoring, filtration and treatment of the water before it enters the distribution
infrastructure.
- Only 1 to 2% of the total water consumption is used for drinking and preparation
of food.
- Contaminated sources can be isolated from the distribution infrastructure. Furthermore dilution, evaporation, and chemical and biological degradation will also lessen the impact of a pre-treatment assault.
There is a great deal of interdependency between water and other infrastructures, the most important being the electric power sector. If power is interrupted or withdrawn, it affects the entire water system. To a lesser degree, telecommunications service outages or system degradations could affect remote control access to pivotal systems, and a disruption to the nation's transportation infrastructure could delay the delivery of needed chemicals for water purification.
Security Planning and Coordination Efforts
The FBI continues to provide leadership in its Presidentially-mandated mission to anticipate, prevent, respond to, and resolve any terrorist incident. At the national level, the FBI coordinates with its Federal agency partners in various aspects of counter terrorism planning. A number of initiatives have been underway within the last several years at the federal level in order to increase domestic preparedness for a terrorist incident, particularly one involving WMD. These initiatives have included training and equipping state and local "first responders", i.e., fire, police, emergency medical services personnel who would be the first to arrive on the scene of a WMD incident. While not specifically designed for water infrastructure facilities, these types of initiatives only serve to improve the coordination of any type of WMD response. Water infrastructure facilities should contact their local FBI field office in order to discuss planning issues and to implement procedures to ensure effective integration of national-level response assets, should an incident occur at a facility.
Every state has its own Emergency Response Plan (ERP) that coordinates entities to respond to emergencies. These entities have routine practice drills and utilize simulated scenarios in training. Within each agency, there are emergency response teams that deal with chemical contamination, spills, etc. All of these efforts are coordinated closely with FEMA. The largest of the local utilities have ERPs and the smaller ones are beginning to create them as well. These ERPs deal most specifically with power outages and loss of service. There is also a robust informal network between the agencies.
Each FBI field office has a WMD Incident Contingency Plan (WMDICP) which is prepared by the WMD coordinator. These plans were designed to quickly identify field office, as well as state, local and regional Federal assets that can be called upon by the field office to assist in the response to any type of WMD event. In formulation of these plans, field offices have been instructed to identify critical facilities as well as appropriate security contacts at these facilities. While individual field office WMDICPs may not include facilities such as water/wastewater facilities, they would include regional assets (EPA and FEMA regional offices, state and local public health labs, etc.) which would greatly assist in the response to incidents at such facilities. Local facilities should also be strongly encouraged to reach out to their local FBI field offices for further coordination and security planning assistance.
Threat Notification
At this time, the water sector is at heightened alert, which means companies have taken additional security measures such as increasing security patrols of physical facilities and regular checks of gates and locks. All large systems have ERP's in place and are well connected with state emergency response personnel. Plans vary from system to system; however, they all deal with such matters as evacuation, closing the water supply to affected areas, providing public notice, and providing bottled water and other uncontaminated alternatives. The Association of Metropolitan Water Agencies (AMWA) also provides NIPC's warnings to the Association of Metropolitan Sewer Agencies (AMSA) which then notifies its constituency.
The NIPC/FBI currently disseminates warning messages to AMWA, the prospective water sector Information Sharing and Analysis Center (ISAC), in order to notify the water sector as early as possible, of threats to facilities, systems and networks. The timeliness and actionable content of NIPC/FBI warning messages will be measurably enhanced when the NIPC and the water sector establish a comprehensive, two-way information-sharing program. The NIPC and AMWA, in fact, are currently drafting standard operating procedures for such an information-sharing effort. The NIPC-AMWA information sharing program sets up, among other things, mechanisms for sending water company incident reports to the NIPC/FBI and for more expeditiously issuing substantive warning messages and threat assessments to the water sector.
In response to a threat, the FBI, as lead federal agency, coordinates the United States Government's response. The response begins with a threat assessment coordinated by the Weapons of Mass Destruction Operations Unit (WMDOU). This is initiated when the FBI receives notification of an incident or threat. WMDOU immediately notifies subject matter experts and federal agencies with relevant authorities to conduct a real-time assessment and determine the credibility of the threat. Based on the credibility and scope of the threat, WMDOU will coordinate an appropriate and tailored response by federal assets and the owners and operators of the facility to meet the requirements of the on-scene responders, and will oversee the investigation to its successful conclusion.
The FBI currently manages a number of programs in order to enhance real-time information sharing, intelligence gathering, and provide timely dissemination of threat warnings:
- The NIPC's Watch and Warning Unit provides strategic analysis and warnings.
- The NIPC's InfraGard program gathers information from InfraGard members, creates
a report, and disseminates it to other members.
- The NIPC's Key Asset Initiative has identified over 5,700 entities vital to
our national security. 404 of those are water supply and treatment companies.
- The FBI Domestic Terrorism/Counter Terrorism Planning Section works to enhance
operational cooperation and information sharing within the U.S. Intelligence
and law enforcement Community (USIC). Representatives from 20 federal agencies
participate in the Center. Detailees work their daily shifts side by side with
FBI special agents and analysts.
- The FBI currently heads Joint Terrorism Task Forces (JTTFs) in 35 field offices
across the United States. JTTFs integrate the resources of federal, state and
local agencies in combating terrorism at the state, local, and regional level.
The JTTFs represent a valuable resource for information regarding the local
threat environment.
- The FBI manages the National Threat Warning System (NTWS) to ensure that vital
information regarding terrorism reaches those in the U.S. counter terrorism
and law enforcement communities. Alert, advisory or assessment messages are
transmitted. Currently over 34 federal agencies involved in the U.S. government's
counter terrorism effort receive information via secure teletype using this
system. The messages are also transmitted to all FBI Field Offices and Foreign
Liaison Posts. If the threat information requires nationwide dissemination to
all federal, state and local law enforcement agencies, the FBI transmits messages
via the National Law Enforcement Telecommunications System (NLETS), which reaches
over 18,000 agencies.
- The FBI disseminates appropriate threat warnings to over 40,000 companies in the private sector via the unclassified Awareness of National Security Issues and Response (ANSIR) Program.
The mission of the NIPC is to provide "a national focal point for gathering information on threats to the infrastructures" and to provide "the principal means of facilitating and coordinating the Federal Government's response to an incident, mitigating attacks, investigating threats and monitoring reconstitution efforts." Current guidelines defines critical infrastructures to include "those physical and cyber-based systems essential to the minimum operations of the economy and government," to include, without limitation, "telecommunications, energy, banking and finance, transportation, water systems and emergency services, both governmental and private." The NIPC is the only organization in the federal government with such a comprehensive national infrastructure protection mission. The NIPC gathers together under one roof representatives from, among others, the law enforcement, intelligence, and defense communities, who collectively provide a unique analytical, deterrence, and response perspective to threat and incident information obtained from investigation, intelligence collection, foreign liaison, and private sector cooperation. This perspective ensures that no single "community" addresses threats to critical infrastructures in a vacuum; rather, all information is examined from a multi-discipline perspective for potential impact as a security, defense, counterintelligence, terrorism or law enforcement matter, and an appropriate response is developed and implemented.
While developing our infrastructure protection capabilities, the NIPC has held firm to two basic tenets that grew from extensive study by the President's Commission on Critical Infrastructure Protection. First, the government can only respond effectively to threats by focusing on protecting assets against attack while simultaneously identifying and responding to those who nonetheless would attempt or succeed in launching those attacks. And second, the government can only help protect this nation's most critical infrastructures by building and promoting a coalition of trust, one . . . amongst all government agencies, two . . . between the government and the private sector, three . . . amongst the different business interests within the private sector itself, and four . . . in concert with the greater international community. Therefore, the NIPC has focused on developing its capacity to warn, investigate, respond to, and build partnerships, all at the same time. As our techniques continue to mature and our trusted partnerships gel, we will continue to witness ever-better results.
NIPC Watch Center and Multi-Agency Staffing
The NIPC's Watch Center operates around the clock and communicates daily with the DoD and its Joint Task Force for Computer Network Operations (JTF-CNO). The Watch Center is also connected to the watch centers of several of our close allies. U.S. Army Major General Dave Bryan, Commander of the JTF-CNO, recently remarked that, "The NIPC and JTF-CNO have established an outstanding working relationship. We have become interdependent, with each realizing that neither can totally achieve its mission without the other." I couldn't agree more. The NIPC's ability to fulfill the expectations and needs of its Department of Defense component is achieved by the inter-agency structure of the Center, which includes the NIPC's Deputy Director Rear Admiral James Plehal, USNR, and the NIPC's Executive Director, Steven Kaplan, a Supervisory Special Agent from the Air Force Office of Special Investigations. The staffing of these positions indicates the FBI's desire for broad, high-level, multi-agency ownership of the NIPC and our collective commitment to achieve meaningful and effective coordination across the law enforcement, intelligence, defense, and other critical government operations communities.
Within the Center, the NIPC has full-time representatives from a dozen federal government agencies, led in number by the FBI and the Department of Defense, as well as from three foreign partners: the United Kingdom, Canada, and Australia. We are partners with the General Services Administration's Federal Computer Incident Response Capability (FedCIRC), in order to further secure our government technology systems and services. We also team up regularly with the EPA, CIA, and NSA to work on matters of common concern.
Cooperative Relationships Among Federal Agencies
The placement of the NIPC under the jurisdiction of the FBI endows the Center with both the authorities and the ability to combine law enforcement information flowing into the NIPC from the FBI field offices with other information streams derived from open, confidential, and classified sources. This capability is unique in the federal government for reasons of privacy and civil rights.
The NIPC has established effective information sharing and cooperative investigative relationships across the U.S. Government. A written protocol was signed with the Department of Transportation's (DOT) Federal Aviation Administration (FAA) which will reinforce how information is shared between FAA and NIPC and how that information will be communicated. This protocol documents a long-standing informal process of information sharing between NIPC and FAA. Informal arrangements have already been established with the Federal Communications Commission, Department of Transportation's (DOT) National Response Center, DOT Office of Pipeline Safety, Department of Energy's Office of Emergency Management, and others, which allow the NIPC to receive detailed sector-specific incident reports in a timely manner. Formal information sharing procedures should soon be completed with several other agencies, including the National Coordinating Center for Telecommunications and the FEMA's National Fire Administration.
The NIPC functions in a task force-like way, coordinating investigations in a multitude of jurisdictions, both domestically and internationally. This is essential due to the transnational nature of cyber intrusions and other critical infrastructure threats.
Interagency Coordination Cell
To instill further cooperation and establish an essential process to resolve conflicts among investigative agencies, the NIPC asserted a leadership role by forming an Interagency Coordination Cell (IACC) at the Center. The IACC meets on a monthly basis and includes representation from U.S. Secret Service, NASA, U.S. Postal Service, Department of Defense Criminal Investigative Organizations, U.S. Customs, Departments of Energy, State and Education, Social Security Administration, Treasury Inspector General for Tax Administration and the CIA. The cell works to resolve conflicts regarding investigative and operational matters among agencies and assists agencies in combining resources on matters of common interest. The NIPC anticipates that this cell will expand to include all investigative agencies and inspectors general in the federal government having cyber or other critical infrastructure responsibilities. As we noted in various Congressional hearings, including a Senate hearing last week, the IACC has led to the formation of several task forces and prevented intrusions and compromises of U.S. Government systems. The IACC was instrumental in coordinating the augmentation of the PENTTBOM investigation in the aftermath of the September 11 attacks.
Warnings and Advisories
The NIPC sends out infrastructure information to address cyber or infrastructure events with possible significant impact. These are distributed to partners in the private and public sectors. A number of recent advisories sent out by the NIPC (see, for example, Advisory 01-022, titled "Mass Mailing Worm W32.Nimda.A@mm") serve to demonstrate the continued collaboration between the NIPC and its partner, FedCIRC. The NIPC serves as a member of FedCIRC's Senior Advisory Council and has daily contact with that entity as well as a number of others including NSA and DoD's Joint Task Force - Computer Network Operations (JTF-CNO). On issues of national concern, the recent incidents involving the Leaves, Code Red and Nimda worms are good examples of the NIPC's success in working with the National Security Council and our partner agencies to disseminate information and coordinate strategic efforts in a timely and effective manner.
InfraGard Initiative
Over the past three years, the FBI cultivated a number of initiatives that have developed into increased capabilities, all of which are being actively used to mitigate the terrorist threat and to prepare our response to the events of September 11th. The NIPC has developed InfraGard into the largest government/private sector joint partnership for infrastructure protection in the world. We have taken it from its humble roots of a few dozen members in just two states to its current membership of over 2,000 partners, 31of which are associated with aspects of the nation's water infrastructure. It is the most extensive government-private sector partnership for infrastructure protection in the world, and it is a service we provide to InfraGard members free of charge. InfraGard expands direct contacts with the private sector infrastructure owners and operators and shares information about cyber intrusions and other critical infrastructure vulnerabilities through the formation of local InfraGard chapters within the jurisdiction of each of the 56 FBI Field Offices and several of their Resident Agencies (subdivisions of the larger field offices).
A key element of the InfraGard initiative is the confidentiality of reporting by members. The reporting entities edit out the identifying information about themselves on the notices that are sent to other members of the InfraGard network. This process is called sanitization and it protects the information provided by the victim of a cyber attack. Much of the information provided by the private sector is proprietary and is treated as such. InfraGard provides its membership the capability to write an encrypted sanitized report for dissemination to other members. This measure helps to build a trusted relationship with the private sector and at the same time encourages other private sector companies to report cyber attacks to law enforcement.
Key Asset Initiative
Since 1998, the NIPC has been developing the FBI's Key Asset Initiative, identifying over 5,700 entities vital to our national security, including our economic well-being. The information is maintained in a database to support the broader effort to protect the critical infrastructures against both physical and cyber threats. This initiative benefits national security planning efforts by providing a better understanding of the location, importance, contact information and crisis management for critical infrastructure assets across the country. We have worked with the DoD, EPA, and the Critical Infrastructure Assurance Office (CIAO) in this regard. Following the September 11, 2001, events and at the request of the National Security Council, the NIPC has leveraged the Key Asset Initiative to undertake an all-agency effort to prepare a comprehensive, centralized database of critical infrastructure assets in the United States.
Information Sharing and Analysis Centers
Our multi-agency team works with current and soon to be established Information ISAC's, which represent the critical infrastructures identified in PDD-63, including those that represent the water, financial services, electric power, telecommunications, and information technology sectors. Since September 11th, we have provided threat assessments on an ongoing basis for ISAC representatives from those sectors. We are also connected with the18,000 police departments and Sheriff's offices that bravely serve our nation daily and in times of crisis. This past March, the NIPC and the Emergency Law Enforcement Services Sector Forum completed the nation's Emergency Law Enforcement Sector Plan together with a "Guide for State and Local Law Enforcement Agencies." This significant achievement represents the nation's first and only completed sector plan and is being used as a model by the other critical infrastructure sectors. Taken together, the Plan and the Guide provide our emergency law enforcement first responders with procedures that are immediately useful to enhance the security of their data and communications systems.
Strategic Analysis
We have established four strategic directions for our capability growth through 2005: prediction, prevention, detection, and mitigation. None of these are new concepts, but NIPC has renewed its focus on each of them in order to strengthen our strategic analysis capabilities. NIPC has worked to further strengthen its longstanding efforts in the early detection and mitigation of cyber attacks. These strategic directions will be significantly advanced by our intensified cooperation with federal agencies and the private sector. Our most ambitious strategic directions, prediction and prevention, are intended to forestall attacks before they occur. We are seeking ways to forecast or predict hostile capabilities in much the same way that the military forecasts weapons threats. The goal here is to forecast these threats with sufficient warning to prevent them. A key to success in these areas will be strengthened cooperation with intelligence collectors and the application of sophisticated new analytic tools to better learn from day-to-day trends. The strategy of prevention is reminiscent of traditional community policing programs but with our infrastructure partners and key system vendors.
As we work on these strategic directions, we will have many opportunities to stretch our capabilities. With respect to all of these, the NIPC is committed to continuous improvement through a sustained process of documenting "lessons learned" from significant events. The NIPC also remains committed to achieving all of its objectives while upholding the fundamental Constitutional rights of our citizens.
The NIPC is also enhancing its strategic analysis capability through the "data warehousing and data mining" project. This will allow the NIPC to retrieve incident data originating from multiple sources. Data warehousing includes the ability to conduct real-time all-source analysis and report generation.
Improving Information Sharing
The NIPC actively exchanges information with private sector companies, the ISACs, members of the InfraGard Initiative, and the public as part of the NIPC's outreach and information sharing activities. Through NIPC's aggressive outreach efforts, we receive incident reports from the private sector. The NIPC has proven that it can properly safeguard their information and disseminate warning messages and useful information in return. Private sector reporting of infrastructure incidents is partially responsible for the issuance of more warnings each year.
Over the past two years the NIPC and the North American Electric Reliability Council (NERC)—the ISAC for the electric power sector—have established an indications, analysis and warning program (IAW) program, which makes possible the timely exchange of information valued by both the NIPC and the electric power sector. This relationship is possible because of a commitment both on the part of NERC and the NIPC to build cooperative relations. Since the September 11 attacks, NIPC and NERC have held daily conference calls. The close NERC-NIPC relationship is no accident, but the result of two interrelated sets of actions. First, as Eugene Gorzelnik, Director of Communications for the NERC, stated in his prepared statement at the May 22, 2001 hearing before the Senate Judiciary Committee's Subcommittee on Technology and Terrorism:
The NERC Board of Trustees in the late 1980s resolved that each electric utility should develop a close working relationship with its local Federal Bureau of Investigation (FBI) office, if it did not already have such a relationship. The Board also said the NERC staff should establish and maintain a working relationship with the FBI at the national level.Second, the NIPC and NERC worked for over two years on building the successful partnership that now exists. It took dedicated individuals in both organizations to make it happen. The same type of relationship is now building with the Water Resources Sector and the Association of Metropolitan Water Agencies (AMWA). It is this success and dedication to achieving results that the NIPC is working to emulate with the other ISACs.
The NIPC also continues to meet regularly with current and prospective ISACs from other sectors, particularly the financial services (FS-ISAC), information technology, water supply, and telecommunications (NCC-ISAC) sectors, to develop and implement more formal information sharing arrangements, drawing largely on the model developed with the electric power sector. In the past, information exchanges with these ISACs have consisted of a one-way flow of NIPC warning messages and products being provided to the ISACs. However, in recent months the NIPC has received greater participation from sector companies as they become increasingly aware that reporting to the NIPC enhances the value and timeliness of NIPC warning products disseminated to their sector. Productive discussions held more recently with the FS-ISAC and IT-ISAC, in particular, should significantly advance a two-way information exchange with the financial services industry. The NIPC is currently working with the FS-ISAC, NCC-ISAC and prospective ISACs to develop and test secure communication mechanisms, which will facilitate the sharing of high-threshold, near real-time incident information. In March 2001, we were commended by the FS-ISAC for our advisory on e-commerce vulnerabilities (NIPC Advisory 01-003). According to the FS-ISAC, that advisory, coupled with the NIPC press conference on March 8, 2001, stopped over 1600 attempted exploitations by hackers the day immediately following the press conference.
Training
Over the past three years, NIPC has provided training for more than 2,500 participants from federal, state, local and foreign law enforcement and security agencies. The NIPC's training program complements training offered by the FBI's Training Division as well as training offered by the DoD and the National Cyber Crime Training Partnership. Trained investigators are essential to our successfully combating computer intrusions.
Conclusion
The FBI and NIPC provide a national focal point for gathering information on threats to the infrastructures, and the principal means of facilitating and coordinating the Federal Government's response to an incident. The FBI and NIPC have been staffed with personnel from across a broad spectrum of federal agencies, and undertaken several initiatives to include the private sector as a principal partner in infrastructure protection. The Water Supply Infrastructure is used by all Americans every day, and we will continue our efforts to improve trust and increase cooperation with the water sector and all our public and private partners. We will continually improve in the coming years in order to master the perpetually evolving challenges involved with infrastructure protection and information assurance. Thank you for inviting me here today, and I welcome any questions you have.
END
102 Minutes That
Changed America DVD