Testimony of Ronald L. Dick, Director, National Infrastructure
Protection Center, FBI
Before
the House Committee on Governmental Reform, Government Efficiency,
Financial Management and Intergovernmental Relations Subcommittee
July 24, 2002
"Cyber Terrorism and Critical Infrastructure Protection"
Mr. Chairman
and members of the Subcommittee, thank you for inviting me
here today to testify on the topic, "Cyber Terrorism
and Critical Infrastructure Protection." Holding this
hearing demonstrates your individual commitment to improving
the security of our Nation's critical infrastructures and
this Committee's leadership on this issue in Congress. Our
work here is vitally important because the stakes involved
are enormous. We have seen how a terrorist attack can have
immediate simultaneous impact on several interdependent infrastructures.
The terrorist attacks in New York directly and seriously affected
banking and finance, telecommunications, emergency services,
air and rail transportation, energy and water supply. My testimony
today will address the improvement of infrastructure protection
through two-way information sharing and the challenges we
face in the future.
Since
our last testimony before this Subcommittee on September 26,
2001, the National Infrastructure Protection Center has seen
increases in personnel, funding, and interagency participation,
allowing us to make great progress in accomplishing our mission.
As set forth in Presidential Decision Directive 63 (PDD-63),
the mission of the NIPC is to provide "a national focal
point for gathering information on threats to the infrastructures"
and to provide "the principal means of facilitating and
coordinating the Federal Government's response to an incident,
mitigating attacks, investigating threats and monitoring reconstitution
efforts." The Directive defines critical infrastructures
to include "those physical and cyber-based systems essential
to the minimum operations of the economy and government,"
to include, without limitation, "telecommunications,
energy, banking and finance, transportation, water systems
and emergency services, both governmental and private."
Our combined mission supports information and physical security,
law enforcement, national security, and the military.
To accomplish
this mission, we have had to build a coalition of trust amongst
all government agencies, between the government and the private
sector, amongst the different business interests within the
private sector itself, and in concert with the greater international
community. We have begun to earn that trust, and two-way information
sharing has increased considerably since our last testimony
here.
OUTREACH
EFFORTS
To better
share information, the NIPC has spearheaded an aggressive
outreach effort.
NIPC officials have met with business, government, and community
leaders across the United States and around the world to build
the trust required for information sharing. Protection of
business information and privacy interests are both stressed
in NIPC internal deliberations and with business, government
and community leaders. Most have been receptive to information
sharing and value the information received from the NIPC.
Others have expressed reservations due to a lack of understanding
or perhaps confidence in the strength of the disclosure exceptions
found in the Freedom of Information Act, concerns about whether
the Justice Department would pursue prosecutions at the expense
of private sector business interests, and simple reluctance
to disclose proprietary information to any entity beyond their
own control or beyond the direct control of the NIPC.
CRITICAL
NEED FOR OUTREACH
The annual
Computer Security Institute/FBI Computer Crime and Security
Survey, released in April, indicated that 90% of the respondents
detected computer security breaches in the last 12 months.
Only 34% reported the intrusions to law enforcement. On the
positive side, that 34% is more than double the 16% who reported
intrusions in 1996. The two primary reasons for not making
a report were negative publicity and the recognition that
competitors would use the information against them. Many respondents
were not aware that they could report intrusions to law enforcement.
We have moved aggressively to address these concerns and go
out of our way to reassure businesses that their voluntarily
provided information will remain secure, and that we are always
sensitive to protecting the interests of victims who report
crime.
Infragard:
The Most Extensive Network of Federal and Private Sector Partners
in the World for Protecting the Infrastructure
The InfraGard
program is a nationwide initiative that grew out of a pilot
program started at the Cleveland FBI field office in 1996.
Today, all 56 FBI field offices have active InfraGard chapters.
Nationally, InfraGard has over 5000 members. It is the most
extensive government-private sector partnership for infrastructure
protection in the world, and is a service the FBI provides
to InfraGard members free of charge. It particularly benefits
small businesses which have nowhere else to turn for assistance.
InfraGard expands direct contacts with the private sector
infrastructure owners and operators and shares information
about cyber intrusions and vulnerabilities through the formation
of local InfraGard chapters within the jurisdiction of each
of the 56 FBI Field Offices. The InfraGard program received
the 2001 World Safe Internet Safety Award from the Safe America
Foundation for its efforts.
InfraGard
is an information sharing and analysis effort serving the
interests and combining the knowledge base of a wide range
of members. At its most basic level, InfraGard is a cooperative
undertaking between the U.S. Government (led by the FBI and
the NIPC) and an association of businesses, academic institutions,
state and local law enforcement agencies, and other participants
dedicated to increasing the security of United States critical
infrastructures. InfraGard provides a mechanism for the public
and private sectors to exchange information pertaining to
cyber intrusion matters, computer network vulnerabilities
and physical threats on infrastructures. All InfraGard participants
are committed to the proposition that the exchange of information
about threats on these critical infrastructures is an important
element for successful infrastructure protection efforts.
The goal of InfraGard is to enable information flow so that
the owners and operators of infrastructure assets can better
protect themselves and so that the United States government
can better discharge its law enforcement and national security
responsibilities.
Private
sector members and an FBI field representative form local
area chapters. These chapters set up their own boards to govern
and share information within the membership. The chapter members
include representatives from the FBI, State and local law
enforcement agencies, other government entities, private industry
and academia. The National Infrastructure Protection Center
and the Federal Bureau of Investigation play the part of facilitator
by gathering information and distributing it to members, educating
the public and members on infrastructure protection, and disseminating
information through the InfraGard network.
InfraGard
is responsible for providing four basic services to its members:
secure and public web sites, an alert and incident reporting
network, local chapter activities, and a help desk. Under
this program the FBI provides a secure electronic communications
capability to all InfraGard members so that the NIPC can provide
threat information to private industry owners and operators,
and encourage private industry coordination with law enforcement,
and each other, on cyber and related physical incidents. This
will be accomplished by expanding the established separate
website and electronic mail system. The program anticipates
approximately 4,000 new members expected in calendar year
2002. A number of the larger field divisions have initiated
additional chapters in larger cities located in their respective
geographic area of responsibility. The warnings that are provided
to our InfraGard members improve the relationship between
private industry and the local FBI offices due to the increased
level of trust that is often established. It should be noted
that the InfraGard program is not responsible for producing
NIPC's alerts and warnings. These alerts and warnings are
produced and disseminated by NIPC's Analysis and Warning Section.
Information
Sharing and Analysis Centers (ISACs)
The NIPC
has recently initiated the establishment of an Information
Sharing and Analysis Center (ISAC) Support and Development
Unit, whose mission is to enhance private sector cooperation
and trust, resulting in two-way sharing of information and
increased security for the nation's critical infrastructures.
The ISAC Development and Support Unit has assigned personnel
to each ISAC to serve as NIPC's liaison to that sector. When
an ISAC receives information from a member, they forward the
information to their NIPC liaison, who then works with NIPC's
Analysis and Information Sharing Unit and Watch and Warning
Unit to coordinate an appropriate response. The NIPC now has
information sharing agreements with nine ISACs, including
those representing energy, telecommunications, information
technology, banking and finance, emergency law enforcement,
emergency fire services, water supply, food, and chemical
sectors. Several more agreements are in the final stages,
including one to be signed on July 25th with the National
Association of State Chief Information Officers. Just as important,
the NIPC is receiving reports from member companies of the
ISACs. The NIPC has proven to these companies that it can
properly safeguard their information and can provide them
with useful information. It is because of such reporting that
NIPC's products are improving.
Three
examples bear discussion. The North American Electric Reliability
Council (NERC) serves as the electric power ISAC. The NIPC
has developed a program with the NERC for an Indications and
Warning System for physical and cyber attacks. Under the program,
electric utility companies and other power entities transmit
incident reports to the NIPC. These reports are analyzed and
assessed to determine whether an NIPC alert, advisory, or
assessment is warranted to the electric utility community.
Electric power participants in the program have stated that
the information and analysis provided by the NIPC back to
the power companies make this program especially worthwhile.
NERC has recently decided to expand this initiative nationwide.
This initiative will serve as a good example of government
and industry working together to share information and the
Electrical Power Indications and Warning System will provide
a model for the other critical infrastructures. Additionally,
some information available to the NIPC may be classified or
law enforcement sensitive and, thus, unavailable to many in
the industry. A group of NERC officials have been granted
security clearances in order to access classified material
on a need-to-know basis. Once the NIPC has determined that
a warning should be issued, cleared electric power experts
will be available as needed to assist the NIPC in sanitizing
and finalizing warning notices so as to provide members of
the industry with unclassified, nonproprietary, timely and
actionable information to the maximum extent possible.
One of
our most recent agreements was with the ISAC for Emergency
Services - Fire, the US Fire Administration, an organization
which has been a model for the mutual benefits of two-way
information sharing. Since that agreement, we have shared
intelligence on diver threats to waterfront facilities, suspicious
attempts to purchase an ambulance in New York, and the theft
of a truck with 10 tons of cyanide in Mexico. In turn, they
have told us of suspicious foreign nationals visiting fire
stations to gather information and of foreign nationals calling
fire and EMS departments and visiting their web sites to gather
information on capabilities, watch schedules and manning levels.
Such two-way information sharing provides significant safety
and infrastructure protection benefits to the public we serve.
The telecommunications
ISAC provides a good example of positive, two-way information
sharing. In his July 9, 2002 testimony before the House Committee
on Energy and Commerce, Subcommittee on Oversight and Investigations,
Bill Smith, Chief Technology Officer, BellSouth Corporation,
stated: "With respect to FOIA (Freedom of Information
Act), many companies are hesitant to voluntarily share sensitive
information with the government because of the possible release
of this information to the public." He further noted
that BellSouth does share information with the Telecommunications
ISAC, but it is "done on a limited basis, within trusted
circles, and strictly within a fashion that will eliminate
any liability or harm from FOIA requests for BellSouth information."
He adds that BellSouth has benefited from advance warnings
of worms and viruses. The telecommunications ISAC provided
BellSouth with their first notification of the NIMDA worm,
resulting in the successful defense of their networks. BellSouth,
in turn, was the first to notify the ISAC of problems associated
with the simple network management protocol. Although this
is an example of two-way information sharing, it is also an
example of reluctant sharing resulting from legal, economic
and trust barriers. Smith goes on to list BellSouth's concerns
about information sharing, including: "liability under
the Freedom of Information Act, third-party liability (e.g.,
sharing suspected problems about a piece of equipment before
thoroughly tested and verified), the lack of a defined antitrust
exemption for appropriate information sharing concerning infrastructure
vulnerabilities, possible disclosure of information under
state sunshine laws, disclosure of sensitive corporate information
to competitors, declassification of threat/intelligence information
to a level that can be acted upon by company personnel, and
the natural inclination of law enforcement, DoD, and intelligence
agencies to dissuade the sharing of information related to
criminal investigations."
The NIPC
routinely shares information with the public and private sectors
to help them better protect themselves. That does not mean
that information is broadcast across the news media in every
instance. While public statements are the best alternative
in some cases, in other cases the NIPC has approached victim
companies as to a specific investigation, and Information
Sharing and Analysis Centers (ISACs) or government agencies
privately to help evaluate uncorroborated information in order
then to provide public comment. In many cases, a tiered approach
is taken so that information with the appropriate level of
detail is pushed to the right audiences. If the NIPC finds
that despite issuing an advisory, a widespread problem persists
or grows, then we will raise the volume, and a more public
advisory will be issued to reach a wider audience.
NIPC
INFORMATION SHARING PRODUCTS
The NIPC
has a variety of information products to inform the private
sector and other domestic and foreign government agencies
of the threat, including: assessments, advisories and alerts;
a Daily Report; biweekly CyberNotes; monthly Highlights; and
topical electronic reports. These products are designed for
tiered distribution to both government and private sector
entities consistent with applicable law and the need to protect
intelligence sources and methods, and law enforcement investigations.
For example, Highlights is a monthly publication for sharing
analysis and information on critical infrastructure issues.
It provides analytical insights into major trends and events
affecting the nation's critical infrastructures. It is usually
published in an unclassified format and reaches national security
and civilian government agency officials as well as infrastructure
owners. CyberNotes is another NIPC publication designed to
provide security and information system professionals with
timely information on cyber vulnerabilities, hacker exploit
scripts, hacker trends, virus information, and other critical
infrastructure-related best practices. It is published twice
a month on the NIPC website (www.nipc.gov) and disseminated
via e-mail to government and private sector recipients. Although
the NIPC can and does issue limited distribution products
that are classified or law enforcement sensitive (for example,
because they reflect non-public sources and methods), it attempts
to issue most reports at the unclassified level and to the
widest audience possible.
WATCH
AND WARNING
The NIPC
Watch maintains a round-the-clock presence in the FBI's Strategic
Information and Operations Center (SIOC). The Watch serves
as the main portal into and out of the NIPC. Our recent advisory
regarding the Klez.h worm was issued after the Watch received
a voluntary report from a major telecommunications company.
Following an analysis and consultations with our security
partners, the NIPC issued Alert 02-2002: "W32/Klez.h
@ mm Worm and Variants." Through the Watch, the Center
produces and disseminates three levels of infrastructure warnings
which are developed and distributed consistent with the FBI's
National Threat Warning System. Collectively, these warning
products will be based on material that is significant, credible,
timely, and that address cyber and/or infrastructure dimensions
with possibly significant impact. If a particular warning
is based on classified or proprietary material that includes
dissemination restrictions and contains information deemed
valuable and essential for critical infrastructure protection,
the NIPC will then seek, as required by law, to develop a
sensitive "tear-line" version for distribution,
including to critical sector coordinators, ISACs, InfraGard
members, and law enforcement agencies. The three specific
categories of NIPC warning products are as follows:
(1) "Assessments"
address broad, general incident or issue awareness information
and analysis that is both significant and current but does
not necessarily suggest immediate action.
(2) "Advisories"
address significant threat or incident information that suggests
a change in readiness posture, protective options and/or response.
(3) "Alerts"
address major threat or incident information addressing imminent
or in-progress attacks targeting specific national networks
or critical infrastructures.
The main
"audiences" that NIPC products can reach include:
DOD, Federal civil agencies, the Intelligence Community, the
Law Enforcement Community (including the state and local levels),
FBI field offices and international Legal Attache offices,
computer incident response centers, domestic and foreign cyber
watch centers, private sector Information Sharing and Analysis
Centers (ISACs), InfraGard members, and the general public.
Since
its inception, the NIPC has issued over 120 warning products.
A number of warning products have preceded incidents or prevented
them entirely by alerting the user community to a new vulnerability
or hacker exploit before acts are committed or exploits are
used on a widespread basis. The Center has had particular
success in alerting the user community to the presence of
Denial of Service tools on the network and has in some cases
provided a means to discover the presence of tools on a network.
The NIPC
is integrated into national level warning systems both through
structures established by the National Security Council and
by other agencies. Of particular note is the fact that the
NIPC has been fully engaged in the planning and implementation
of the interagency Cyber Warning Information Network (CWIN)
a network through which the watch centers from FedCIRC, NSA,
JTF-CNO, National Communications System (NCS) and NIPC exchange
information daily.
INTRA-GOVERNMENT
INFORMATION SHARING
PDD-63
mandates that government agencies will share information with
the NIPC. The NIPC has established effective information sharing
relationships across the US Government. These arrangements
are not always codified in formal interagency agreements or
Memoranda of Understanding, but the important point is that
they are working.
The NIPC
has formed an Interagency Coordination Cell (IACC) at the
Center which holds monthly meetings regarding ongoing investigations.
To date, the IACC's growing membership has risen to approximately
35 government agencies that meet on a monthly basis, and as
needed, to address specific threats and vulnerabilities. The
IACC include representation from NASA , US Postal Service,
Air Force Office of Special Investigations (AFOSI), US Secret
Service, US Customs, Departments of Energy, State and Education,
and the Central Intelligence Agency, to name a few.
The IACC's
accomplishments to date include the formation of several joint
investigative task forces with member agencies participating,
and over 30 separate instances of joint investigations of
member agencies being initiated as a direct result of IACC
meetings, information sharing and participation. In one case,
an IACC member agency provided timely sensitive source information
to the appropriate authorities which prevented the planned
intrusion and compromise of another government agency's computer
system and the preservation of critical log data used for
the ensuing investigation.
The IACC's
members are currently working on the establishment and development
of a database which would serve as a source of computer intrusion
information compiled from member agency investigations to
facilitate other investigations. It is also working on the
establishment and administration of a dedicated virtual private
secure network for member agencies to communicate vital infrastructure
protection and computer intrusion information for immediate
emergency response situations, in addition to dissemination
of routine but sensitive information.
The Department
of Defense has the second largest (after FBI) interagency
contingent in the NIPC. The Deputy Director of the NIPC is
a two-star Navy Rear Admiral; the Executive Director is detailed
from the Air Force Office of Special Investigations; the head
of the NIPC Watch is a Naval Reserve officer; and the head
of the Analysis and Information Sharing Unit is a National
Security Agency detailee. There are also liaison representatives
from the National Imagery and Mapping Agency and the Joint
Programs Office. A contingent of DOD reservists serves in
the Center to provide additional critical infrastructure expertise
and emergency surge capabilities. NIPC works particularly
closely with the DOD through liaison with the Joint Task Force-Computer
Network Operations (JTF-CNO). NIPC members stay in close contact
with their JTF-CNO counterparts, providing mutual assistance
on intrusion cases into DOD systems, as well as on other matters.
NIPC alerts, advisories, and assessments are routinely coordinated
with the JTF-CNO prior to release to solicit JTF input. On
several occasions, the NIPC and JTF-CNO have coordinated and
issued joint cyber warnings on the same matter. There is also
significant interaction with the military services, the Joint
Staff, the Office of the Secretary, and other major DOD agencies.
Interagency
managerial participation is by no means limited to DOD For
example, the Section Chief for Analysis and Warning is detailed
from the Central Intelligence Agency, and the Assistant Section
Chief for Computer Investigations and Operations is detailed
from the US Secret Service.
The NIPC
also has an excellent cooperative relationship with the Federal
Computer Incident Response Center (FedCIRC). The NIPC's Director
and principal legal advisor sit on FedCIRC's Senior Advisory
Council, and a FedCIRC representative participates in NIPC's
Senior Interagency Partners Group. FedCIRC is operated by
the General Services Administration as the central coordinating
point on security vulnerabilities and lower level security
incident data. In addition, the NIPC sends draft alerts, advisories,
and assessments on a regular basis to FedCIRC for input and
commentary prior to their release. NIPC and FedCIRC information
exchange assists both centers with their analytic products.
The NIPC and FedCIRC are currently discussing ways to improve
the flow of information between the two organizations and
encourage federal agency reporting of incident information.
On several occasions, the two organizations have coordinated
and issued joint cyber warnings.
More
recently, in October of 2001, President Bush issued Executive
Order 13231, which establishes the President's Critical Infrastructure
Protection Board to "recommend policies and coordinate
programs for protecting information systems for critical infrastructure,
including emergency preparedness communications, and the physical
assets that support such systems." EO 13231 expressed
the current Administration's continued support of the NIPC's
mission under PDD 63 and distinguishes the interagency entity
from any particular Department by separately designating the
Director of the NIPC to serve as a member of the newly created
President's Board. The President also designated the Director
of the NIPC to serve on the Board's Coordination Committee,
and recognized the NIPC's significant roles in, among other
things, outreach to the private sector and state and local
governments, as well as in the area of information sharing.
Since
1998, the NIPC has been developing the FBI's Key Asset Initiative,
to identify those entities that are vital to our national
security, including our economic well-being. The information
is maintained to support the broader effort to protect the
critical infrastructures against both physical and cyber threats.
This initiative benefits national security planning efforts
by providing a better understanding of the location, importance,
contact information and crisis management for critical infrastructure
assets across the country. We have worked with the DOD and
the Critical Infrastructure Assurance Office (CIAO) in this
regard.
FEDERAL,
STATE AND LOCAL INFORMATION SHARING
Emergency
Law Enforcement Services Sector
The NIPC
has been designated by the Department of Justice/FBI to fulfill
their responsibilities as the Sector Lead Agency with regard
to Emergency Law Enforcement Services (ELES). The NIPC's efforts
in this regard have served as a model for all other Sector
Lead Agencies. More than 18,000 federal, state and local agencies
comprise the ELES Sector. The NIPC serves as program manager
for this function at the request of the FBI. Last year the
NIPC completed the Emergency Law Enforcement Services Sector
Plan; this was the first completed sector report under PDD-63
and was delivered to the White House in March 2001. Working
with law enforcement agencies across the United States, the
NIPC conducted a sector survey and used the results of this
survey to draft a sector report. Responses from more than
1500 of these agencies to a sector-commissioned information
systems vulnerability survey revealed that these organizations
have become increasingly reliant on information and communications
systems to perform their critical missions. The NIPC has also
sponsored the formation of the Emergency Law Enforcement Services
Sector forum, which meets quarterly to discuss issues relevant
to sector security planning.
State
Infrastructure Protection Center (SIPC) efforts
The NIPC,
with its extensive experience in the areas of multi-agency
and multi-disciplinary support to infrastructure protection
efforts, is actively engaged in supporting similar models
being created at the state and local level. The States of
Texas and Florida are leaders in this area, and the NIPC,
together with significant Department of Defense involvement,
is actively facilitating their efforts. Over time, the NIPC
expects to meet the challenge of serving as the US hub for
infrastructure protection efforts not only in terms of full
Federal government support, but also in terms of bringing
together State and Local governments for a fully coordinated
national response.
FEDERAL
GOVERNMENT AND THE PRIVATE SECTOR
CERT/CC
(a federally funded research and development corporation)
The NIPC
and the Computer Emergency Response Team/Coordination Center
(CERT/CC) at Carnegie Mellon University have formed a mutually
beneficial contractual relationship. The NIPC receives information
from the CERT (including advance Special Communications about
impending CERT advisories, which CERT seeks NIPC input on,
and weekly intrusion activity information) that it incorporates
into strategic and tactical analyses and utilizes as part
of its warning function. The NIPC's Watch and Analysis units
are routinely in telephonic contact with CERT/CC and the anti-virus
community for purposes of sharing vulnerability and threat
information on a real-time basis. CERT/CC input is often sought
when an NIPC warning is in production. The NIPC also provides
information to the CERT that it obtains through investigations
and other sources, using CERT as one method for distributing
information to security professionals in industry and to the
public. The Watch also provides the NIPC Daily Report to the
CERT/CC via Internet e-mail. On more than one occasion, the
NIPC provided CERT with the first information regarding a
new threat, and the two organizations have often collaborated
in disseminating information about incidents and threats.
INTERAGENCY
COORDINATION: FEDERAL GOVERNMENT AND INTERNATIONAL PARTNERS
The ability
of the United States to assure homeland security clearly relies
on the full participation and support of its international
partners. It is with this in mind that the NIPC has promoted
a wide array of international initiatives.
On the
information infrastructure side of the equation, a typical
cyber investigation can involve victim sites in multiple states
and often many countries, and can require tracing an evidentiary
trail that crosses numerous state and international boundaries.
Even intrusions into US systems by a perpetrator operating
within the US often require international investigative activity
because the attack is routed through Internet Service Providers
and computer networks located outside the United States. When
evidence is located within the United States, the NIPC coordinates
law enforcement efforts which might include: subpoenaing records
by FBI agents, conduct of electronic surveillance, execution
of search warrants, seizing and examining of evidence. We
can not do those things ourselves to solve a US criminal case
overseas. Instead, we must depend on the local authorities
to assist us. This means that effective international cooperation
is essential to our ability to investigate cyber crime. The
FBI's Legal Attaches (LEGATs) provide the means to accomplish
our law enforcement coordination abroad, and are often the
first officials contacted by foreign law enforcement should
an incident occur overseas that requires U. S. assistance.
NIPC personnel are in almost daily contact with LEGATs around
the world to assist in coordinating requests for information.
International
investigations pose special problems. First, while the situation
has improved markedly in recent years, many countries lack
substantive laws that specifically criminalize computer crimes.
This means that those countries often lack the authority not
only to investigate or prosecute computer crimes that occur
within their borders, but also to assist us when evidence
might be located in those countries. Moreover, the quickly
evolving technological aspects of these investigations can
exceed the capabilities of local police forces in some countries.
Finally, even when countries have the requisite laws and have
developed the technical expertise necessary to conduct cyber
investigations, successful investigation in this arena requires
a more expeditious response than has traditionally been the
case in international matters, because electronic evidence
is fleeting and, if not secured quickly, can be lost forever.
The NIPC
is working with its international partners on several fronts.
The first area consists of outreach activities designed to
raise awareness about the cyber threat, encourage countries
to address the threat through substantive legislation, and
provide advice on how to organize to deal with the threat
most effectively. The Center often hosts foreign delegations
to discuss topics ranging from current cases to the establishment
of NIPC-like entities in other nations. Since the NIPC was
founded, Australia, Japan, Israel, the United Kingdom, Canada,
Germany, South Korea and Sweden have all formed interagency
entities like the NIPC. The Center has established watch connectivity
with similar centers in Australia, Canada, the United Kingdom,
Sweden, and New Zealand; additionally, the Canada and the
United Kingdom have each detailed a person full-time to the
NIPC, and Australia detailed a person for 6 months in 2001.
Currently, the Center is working jointly with the Department
of State to develop and implement an international strategy
for information sharing in the critical infrastructure protection
arena. Finally, over the past year, the NIPC has briefed visitors
from the United Kingdom, Australia, Canada, Germany, France,
Georgia, Norway, New Zealand, Singapore, Bulgaria, Estonia,
Latvia, Japan, Denmark, Sweden, South Korea, Israel, Italy,
India, and other nations regarding critical infrastructure
protection issues. These nations have all looked to the NIPC
in order to create Critical Infrastructure Protection Centers
of their own and to promote liaison on a bilateral basis between
themselves and the United States, as well as with one another.
DEPARTMENT
OF HOMELAND SECURITY
Homeland
Security legislation currently being considered calls for
certain NIPC functions relating to watch and warning, and
private sector outreach to be transferred consistent with
the new department's overall mission. The operational remainder
of NIPC, including the field investigative functions, will
remain at the FBI, under the new Cyber Division.
CONCLUSION
At the
NIPC we continue to seek partnerships which promote two-way
information sharing. As Director Mueller stated in a speech
on July 16th, "Prevention of terrorist attacks is by
far and away our most urgent priority." We can only prevent
attacks on our critical infrastructures by building an intelligence
base, analyzing that information, and providing timely, actionable
threat-related products to our public and private sector partners.
We welcome the efforts of your Committee in improving information
sharing, and I look forward to addressing any questions you
might have.
|