Testimony of Larry A. Mefford, Executive Assistant Director,
FBI
Before
the Subcommittee on Cybersecurity, Science, and Research
and Development,
and the Subcommittee on Infrastructure and Border Security
of the Select Committee on Homeland Security
September 4, 2003
"FBI Infrastructure Awareness"
The FBI,
in cooperation with the Department of Energy (DOE), the Department
of Homeland Security (DHS), the North American Electrical
Reliability Council (NERC), and Canadian authorities aggressively
investigated the 14 August 2003 power outages. To date, we
have not discovered any evidence indicating that the outages
were the result of activity by international or domestic terrorists
or other criminal activity. The FBI Cyber Division, working
with DHS, meanwhile, has found no indication to date that
the blackout was the result of a malicious computer-related
intrusion, or any sort of computer worm or virus attack.
The FBI
has received no specific, credible threats to electronic power
grids in the United States in the recent past, and the claim
of the Abu Hafs al-Masri Brigade to have caused the blackout
appears to be no more than wishful thinking. We have no information
confirming the actual existence of this group, which has also
claimed on the Internet responsibility for the 5 August bombing
of the Marriott Hotel in Jakarta and the 19 July crash of
an airplane in Kenya.
We remain
very alert, however, to the possibility terrorists may target
the electrical power grid and other infrastructure facilities.
They are clearly aware of the importance of electrical power
to the national economy and livelihood.
- Al-Qa'ida
and other terrorist groups are known to have considered
energy facilitiesand other infrastructure facilities--as
possible targets.
- Guerillas
and extremist groups around the world have attacked power
lines as standard targets.
- Domestic
extremists have also targeted energy facilities. In 1986,
the FBI disrupted a plan by a radical splinter element of
an environmental group to attack power plants in Arizona,
California, and Colorado.
Terrorists
could choose a variety of means to attack the electrical power
grids if they choose to do so, ranging from blowing up power
wire pylons to major attacks against conventional or nuclear
power plants. We defer to DHS, however, for an assessment
of the vulnerabilities of the electrical power system and
the necessary responses to damage to various types of power
facilities.
The FBI
has developed a multilayered approach to investigating potential
threats to infrastructure facilities that brings together
the strengths of law enforcement, the Intelligence Community,
DHS, DOE, and Industry.
- CT
Watch is the FBI's 24/7 "threat central" for counterterrorism
threat information. CT Watch is located within the Strategic
Information and Operations Center (SIOC) at FBI Headquarters,
and is the primary point of notification for all potential
terrorism threats. Upon notification of a potential threat,
CT Watch immediately passes the threat information to the
DHS Homeland Security Operations Center (HSOC) through DHS
representatives detailed to CT Watch. CT Watch then notifies
each FBI field office Joint Terrorism Task Force (JTTF)
that may be affected by the threat. CT Watch also notifies
the National Joint Terrorism Task Force (NJTTF) and the
appropriate FBI counterterrorism operational sections. This
interagency coordination not only ensures that relevant
government agencies are notified of the threats, but also
that involved JTTFs take timely action and appropriate remedial
action. This is especially noteworthy given that the 84
JTTFs in existence today incorporate all major law enforcement
agencies in the country.
- The
NJTTF is comprised of representatives from 35 government
agencies, representing the intelligence, law enforcement,
diplomatic, defense, public safety and homeland security
communities, co-located at SIOC. The NJTTF acts as a point
of fusion for terrorism threat information and manages the
FBI's national JTTF program. The NJTTF coordinates closely
with CT Watch, the JTTFs, DHS representatives assigned to
the CT Watch and NJTTF, and the appropriate FBI sections
to ensure threat information has been received by all appropriate
entities across federal, state and local levels, as well
as other JTTFs. The NJTTF accomplishes this by distributing
threat information vertically to the JTTFs, and horizontally
to other government agencies that are members of the NJTTF.
- Working
with the State Department, Homeland Security, and Watch
Centers, the JTTFs across the country combine local law
enforcement, Intelligence Community, and DHS representatives
to fuse threat information and coordinate the local response
to threats.
- Information
from the JTTFs also flows up to the NJTTF, which ensures
that it is received by all entities across the federal and
pertinent local governments, as well as other JTTFs.
- In
close coordination with DHS, the FBI works with the Information
Sharing and Analysis Centers (ISACs) and members of the
FBI's InfraGard program. Both the ISACs and InfraGard were
established to facilitate information sharing between industry
and law enforcement and to alert industry to potential threats
and capitalize on private industry knowledge to assess threat
information. Today, the InfraGard Program consists of over
8,000 companies located in all 50 states, and serves as
an important link between the FBI and the private sector.
This link is used by the FBI to exchange information to
help us defend against terrorist attacks, including cyber
threats from home and abroad. It is a vital part of the
FBI's national strategy to prevent and disrupt terrorist
activities in the US.
- The
FBI Cyber Division investigates malicious computer intrusions
and attacks on computers and networks, including attacks
on networks that help control critical infrastructure. We
are working with DHS and the electrical power ISAC to preserve
and analyze computer logs from electrical companies in connection
with the recent blackout.
The expansion
of the FBI's Counterterrorism Division has significantly enhanced
our ability to uncover threats to infrastructure facilities.
In addition to CT WATCH, the FBI has established new sections
to analyze terrorist communications and financial transactions
for threat-related information, and we have more than quadrupled
the number of analysts working on terrorism since September
11, 2001.
The increase
in the FBI's resources devoted to terrorism, combined with
the partnerships with other federal agencies, state and local
law enforcement, and
industry, provides a defense in depth that brings together
the strengths of law
enforcement and intelligence to respond efficiently and quickly
to threats. Since
September 11, 2001, the FBI has investigated more than 4,000
terrorist threats to the U.S. and the number of active FBI
investigations into potential terrorist activity has quadrupled
since 9/11.
No threat
or investigative lead goes unanswered today. At Headquarters,
in our field offices, and through our offices overseas, we
run every lead to ground until we either find evidence of
terrorist activity, which we pursue, or determine that the
information is not substantiated. While we have disrupted
terrorist plots since 9/11, we remain constantly vigilant
as a result of the ongoing nature of the threat.
The Patriot
Act is another change enhancing our ability to disrupt terrorist
plots. The provisions of the Patriot Act allowing the freer
flow of information between intelligence and law enforcement
are essential to uncovering and foiling terrorist plots, and
have allowed the FBI to fuse our law enforcement and intelligence
missions so as to enhance our preventive capabilities. These
improved capabilities are conducted pursuant to constitutional
standards and relevant guidelines, and, in my view, have made
the country safer for all. For example, the ability to share
intelligence and law enforcement information was essential
to the success of the recent indictment of a suspected member
of the Palestinian Islamic Jihad for conspiracy.
- Given
the potential to disrupt critical infrastructure via computer
intrusion, the provision of the Act that allows law enforcement,
with the permission of the system owner, to monitor computer
trespassers is of particular note. This provision puts cyber
intruders on the same footing as physical intruders, and
means that hacking victims can seek law enforcement assistance
in much the same way as burglary victims can invite police
officers into their homes to monitor and catch burglars.
- The
Patriot Act also bolsters the ban on providing material
support to terrorists by clearly making it a crime to provide
terrorists with "expert advice or assistance"
and clarifies that material support includes all forms of
money. These provisions have made possible the arrest and
prosecution of extremists across the country and have enabled
the US Government to cut terrorist organizations off at
the source.
In summary,
we have developed a comprehensive and robust mechanism to
deter and disrupt potential terrorist attacks, including attacks
on the electrical power grids of the country, and we are working
on a 24/7 basis with our partners in law enforcement and the
Intelligence Community to improve our preventive capabilities.
Understanding that the number of critical infrastructure targets
is so vast and facilities spread so widely that no system
can be perfect, the structure of private and government entities
acting in coordination will also provide an effective response
in the unfortunate event an attack occurs.
|