Testimony of Ronald L. Dick, Director, National Infrastructure
Protection Center, FBI
Before the House
Committee on Government Reform
Subcommittee on Government Efficiency, Financial Management,
and Intergovernmental Relations
September 26, 2001
"Information Technology"
Good morning Chairman Horn and
other members of the subcommittee. Thank you for this opportunity
to discuss our government's important and continuing challenges
with respect to information technology.
In the face of the tragic events
of two weeks ago, I come before you today to relay a strong
sense of optimism. We, the men and women of the National Infrastructure
Protection Center, and our thousands of partners throughout
the country and the world, including my colleagues on this
panel, have heard the call and we have stepped forward. While
the terrorists were building their networks, so too were we.
For the past three years, while
others were thinking of ways to defeat us, the NIPC was working
tirelessly to build the broad partnerships we have today,
to mobilize great talent, to break down the old ways of doing
business, and to forge ahead with a united sense of government
and private sector purpose. There is more work to be done,
there always will be, but there should be no doubt about our
progress, about our persistence, and about our pledge to the
American people. Acting as one -- the federal, state and local
governments, the private sector, and our international partners
eagerly accept what President Bush referred to as "the
challenge of our time." And, accepting this responsibility,
we vow to make good on our part of the President's promise
that "We will not tire, we will not falter, and we will
not fail."
Only one month ago, on August
29th, the head of the NIPC's Training, Outreach, and Strategy
Section, Leslie Wiser, spoke before this subcommittee. He
provided an overview of the NIPC, its mission, and its response
to Internet viruses and worms such as the Leaves and Code
Red worms. Today, my focus will be somewhat different, but
I wish to emphasize that the cooperation Mr. Wiser spoke of
then has not only served us well to meet our present challenges,
it has grown even stronger.
While developing our infrastructure
protection capabilities, the NIPC has held firm to two basic
tenets that grew from years of study by the President's Commission
on Critical Infrastructure Protection. First, that the government
can only respond effectively to information technology threats
by focusing on protecting systems against attack while simultaneously
identifying and responding to those who nonetheless would
attempt or succeed in launching those attacks. And second,
that the government can only help protect this nation's most
critical infrastructures by building and promoting a coalition
of trust, one . . . amongst all government agencies, two .
. . between the government and the private sector, three .
. . amongst the different business interests within the private
sector itself, and four . . . in concert with the greater
international community. Therefore, the NIPC has focused on
developing its capacity to warn, to investigate, and to build
partnerships, all at the same time. As our techniques continue
to mature and our trusted partnerships gel, provided that
the resource issues identified in the GAO's April 2001 Report
are resolved we will continue to witness ever-better results.
Over the past three years, we
cultivated a number of initiatives that have developed into
increased capabilities, all of which are being actively used
to mitigate the terrorist threat and to prepare our response
to the events of September 11th. The NIPC has developed InfraGard
into the largest government/private sector joint partnership
for infrastructure protection in the world. We have taken
it from its humble roots of a few dozen members in just two
states to its current membership of over 2,000 partners throughout
every state of the union. The NIPC also reaches out to the
entire public with its website at nipc.gov, which to date
has provided systems administrators and home users alike with
significant warnings about cyber threats and vulnerabilities.
As recently as last week, we provided information systems
security advice through our website, through InfraGard, and
through our other partnerships, to better protect the public
from the Nimda worm. In fact, based on our prior responsiveness
to the Code Red worm and our joint efforts with the private
sector in publicizing preventive measures that business and
home users could put in place, we believe the impact of the
Nimda worm, which took advantage of similar software vulnerabilities
as Code Red, was significantly reduced.
Our website also provides the
public with the ability to report computer attacks and intrusions
online, simply by filling out and submitting an Incident Reporting
Form. The NIPC also provides timely information on cyber vulnerabilities,
hacker exploit scripts, hacker trends, virus information,
and other critical infrastructure best practices through its
bi-weekly publication Cybernotes. The NIPC provides policy
and decision-makers information about current events, incidents,
developments and trends related to critical infrastructure
protection through its monthly publication called Highlights
and, more significantly, by bringing groups together to meet
on important issues and by increasing the number of times
in a day that the NIPC picks up the phone and gets the word
out. We have established these and other mechanisms to promote
meaningful two-way communication with the public, and they
are seeing active use.
The NIPC's Watch Center operates
around the clock without exception and communicates daily
with the Department of Defense and its Joint Task Force for
Computer Network Operations. U.S. Army Major General Dave
Bryan, Commander of the JTF-CNO, recently remarked that, "The
NIPC and JTF-CNO have established an outstanding working relationship.
We have become interdependent, with each realizing that neither
can totally achieve its mission without the other." I
couldn't agree more. The NIPC's ability to fulfill the expectations
and needs of its Department of Defense component is achieved
by the inter-agency structure of the Center, which includes
the NIPC's Deputy Director James Plehal, a Two Star Navy Rear
Admiral, and the NIPC's Executive Director, Steven Kaplan,
a Senior Special Agent from the Air Force Office of Special
Investigations. This example of the Center's staffing demonstrates
our desire for broad, high-level, multi-agency ownership of
the NIPC and our collective commitment to achieve meaningful
and effective coordination across the law enforcement, intelligence,
military, and other critical government operations communities.
We are strong partners with
the General Services Administration's Federal Computer Incident
Response Center, FedCIRC, in order to further secure our government
technology systems and services. We team up regularly with
the CIA to work on matters of common concern; in fact, the
head of our Analysis and Warning Section is a senior CIA officer.
Within the Center, the NIPC has full-time representatives
from a dozen federal government agencies, led in number by
the FBI and the Department of Defense, as well as from three
foreign partners: the United Kingdom, Canada, and Australia.
The NIPC has established information sharing connectivity
with a number of foreign cyber watch centers, including in
the UK, Canada, Australia, New Zealand, and Sweden. And, we
continue to take advantage of the FBI's global presence through
its Legal Attache offices in 44 nations.
Our multi-agency team works
with Information Sharing and Analysis Centers throughout the
country, including those that represent the Financial Services
Sector, the Electric Power Sector, the Telecommunications
Sector, the Information Technology industry, and the computer
software anti-virus industry. In addition to these private
sector partners, we have provided threat briefings to the
Water Sector, the Oil and Gas Sector, and the Aviation and
Railroad Sectors. Under current threat conditions, the NIPC
is providing sector briefings almost every day. We are also
connected with the 18,000 police departments and Sheriff's
offices which bravely serve our nation daily and in times
of crisis. This past March the NIPC and the Emergency Law
Enforcement Services Sector Forum completed the nation's Emergency
Law Enforcement Sector Plan together with a "Guide for
State and Local Law Enforcement Agencies." This significant
achievement represents the nation's first completed sector
plan and it is being used as a model by the other critical
infrastructure sectors. Taken together, the Plan and the Guide
provide our emergency law enforcement first responders with
procedures that are immediately useful to enhance their security.
Equally significant, the NIPC
manages all computer intrusion investigations nationwide for
the FBI, both on the criminal and national security side,
to include terrorist cyber activities. Our integration with
the FBI continues to provide the NIPC with access to law enforcement,
intelligence, counter-intelligence, and open source information
that -- for privacy and civil rights reasons -- is unavailable
in its aggregate to any other federal agency.
The NIPC's Special Technologies
and Applications Unit has been providing crucial technical
assistance to the PENTTBOM investigation, in aid of what is
certain to be a joint and long-term law enforcement, intelligence,
and military response. Also in support of the PENTTBOM investigation,
the NIPC has established a Cyber-Crisis Action Team to exploit
all collected cyber information. During the past two weeks,
the NIPC has provided detailed information used to brief the
National Command Authority about how the terrorist cells of
September 11 used technology to further their murderous activities.
The NIPC developed an Interagency
Coordination Cell that meets on a scheduled basis and on an
as-needed basis in order to deconflict investigations and
provide relevant information to those agencies that have not
been able to provide full-time support to the Center. At the
moment, the Interagency Coordination Cell has taken a leadership
role in our ongoing PENTTBOM efforts and has stood-up on a
full-time basis within the Center. Currently it is staffed
with 43 individuals representing 15 agencies. Every entity
that needs information to conduct its part of this most critical
mission gets it. In short, the NIPC is coordinating its incident
deterrence, prevention, warning, and response mission with
strong multi-agency support.
That in brief is a look at the
NIPC. Our responsibilities, as you can see, are broad, and
we are rising to that challenge. We are over one dozen federal
agencies strong, and getting stronger all the time. We are
united to make a difference, to make sure that the benefits
of technology flourish while the risks are reduced. We are
ready to take on the important work that surely lies ahead
and, on behalf of the Center, I would like to thank you for
your continuing efforts on these significant matters.
|