IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Google Ads

Statement of Robert Liscouski before the Subcommittee on Cybersecurity, Science, Research & Development and the Subcommittee on Infrastructure and Border Security of the Select Committee on Homeland Security September 17, 2003

Thank you Chairman Thornberry, Chairman Camp and Members of the Committee. It is a pleasure to appear before you today to discuss the implications of Power Blackouts for the Nation’s Cybersecurity and Critical Infrastructure Protection.

The Information Analysis and Infrastructure Protection Directorate (IAIP), and specifically my office, Infrastructure Protection, has been actively involved in the analysis of the cause of the blackout and the implications of the blackout on security of the electric grid as a whole. Let me provide you with a summary of our efforts.

Following the regional power outage in the Northeast on August 14, 2003, the Department of Homeland Security (DHS) set up a Crisis Action Team (CAT) to monitor the situation and to conduct real-time analysis of other potential events. The blackout was the first major event of its type that the IAIP team handled and I am pleased to report that our team simultaneously tackled the issue from multiple angles. The Infrastructure Coordination Division focused on the outage itself and the operational impact on the infrastructures, the National Cyber Security Division looked into the possibility that the blackout might have been caused by a cyber attack, and our Protective Security Division assessed emerging vulnerabilities caused by the blackout to assess the “what’s next” picture. Concurrently, Information Analysis (IA) entities analyzed previous and current intelligence traffic and coordinated with Intelligence Community and Law Enforcement partners to ascertain if the cause of the blackout was attributed to a bad actor. Additionally, the Homeland Security Operations Center was involved in the response effort, coordinating communications between state and local first responders, the administration, and other federal agencies. Situational awareness of the affected area, and the entire nation, was maintained throughout the event.

DHS coordinated with the sectors affected by the outage, both updating them on information related to the cause and responding to requests for information. While no actionable threat information emerged during the event, it is important to note that the ability to communicate with the infrastructure sectors was in place to facilitate the sharing of information.

Our coordination and monitoring activities were not limited to the energy sector, and included telecommunications, banking/finance, health services, and transportation.

While the national focus was primarily on the blackout and its cause, our teams were hard at work assessing the cascading effects into other sectors. Interdependencies among the sectors were again demonstrated by this event: seven major petroleum refineries suspended operations; many chemical manufacturing plants were shut down; grocery stores lost perishable inventories; hospital emergency rooms treated an above average number of cases of suspected food poisoning; air traffic ceased at several major airports; and emergency services capacity was tested. Websites were shut down, ATMs did not work in affected areas and the American Stock Exchange did not operate for a period of time. The effect of the blackout illuminated what we already knew at the Department: If one infrastructure is affected, many other infrastructures will likely be impacted. Indeed, all of the critical infrastructure sectors were affected by this event.

Understanding vulnerabilities and the interdependencies associated with cascading events is an area of great importance to the Department, and we have people focused on the issue to insure that we can anticipate effects and prioritize our efforts based on the bigger picture, not just reacting to what is easily and immediately observed.

Preventing a physical or cyber attack on key nodes of the nation’s power grid is fundamental to protecting our Homeland. Accordingly, DHS is working closely with the Department of Energy and other federal agencies as we identify the factors that caused and contributed to the blackout, and look for protective measures to prevent such an outage in the future.

As has been widely reported, the portion of the power grid affected by the August 14th blackout is made up of a very complex interconnected network of scores of separate companies that includes hundreds of power-generation facilities. In addition to physical connections among the facilities involving the transmission of power, there are numerous cyber connections among their IT infrastructures and those of companies that were unaffected. There is a wide range in age and sophistication of the technologies upon which these systems depend. In recent years, the process control systems that facilitate decision making in critical situations have often been made easier by the use of computer technology. The industry is in the process of moving forward with efforts to reduce possible vulnerabilities and improve cyber security. This information provides a backdrop for why we are investigating the possibility of a cyber connection to the blackout. There is presently no evidence that the blackout was caused by any criminal or terrorist cyber attack, although we continue to coordinate and share information with law enforcement to support our investigation.

On August 28, I was appointed Co-Chair to the Security Working Group (SWG) of the U.S. – Canada Power System Outage Task Force. The SWG, which consists of Federal and State government representatives from the United States, as well as Canadian representatives, is focused on determining if a cyber event directly caused or significantly contributed to the events of August 14. The data collection and analysis is ongoing and much work remains to be done before we have a definitive answer.

IAIP was tasked with ensuring that the Secretary and the President had the complete picture of what was happening, looking for areas that might be more vulnerable as a result, and coordinating the information flow throughout the sectors and with other federal agencies. We learned some valuable lessons that have already driven some internal changes, such as institutionalizing joint operations within IAIP, and the absolute requirement of maintaining a forward-looking “what’s next” posture, not becoming focused exclusively on current events.

I am proud of the way the IAIP team responded to this event and I am confident that we are developing a solid team that America can count on in difficult times, whether they be times of heightened threats, attempted attacks, or blackouts.

While it will be some time before the Task Force determines the exact causes of the blackout, we know the system is vulnerable and we maintain a daily watch over what parts of the grid might be more vulnerable to attack because of system operations. We have conducted vulnerability assessments at electric power facilities, we have a protection strategy for key components, and we are working with industry and federal partners to determine the best way to implement that strategy.

Progress has been made, but the work is ongoing. I look forward to providing this committee and Congress with further updates.

This concludes my prepared statement and I would be glad to answer any questions you may have at this time.

IWS Mailing Lists

Mailing Lists Overview