- Larry A. Mefford
- Executive Assistant Director
- Federal Bureau of Investigation
- Before The Subcommittee on Cybersecurity, Science, and Research and Development, and the Subcommittee on Infrastructure and Border Security of the Select Committee on Homeland Security
- Washington DC
- September 04, 2003
The FBI, in cooperation with the Department of Energy (DOE), the Department of Homeland Security (DHS), the North American Electrical Reliability Council (NERC), and Canadian authorities aggressively investigated the 14 August 2003 power outages. To date, we have not discovered any evidence indicating that the outages were the result of activity by international or domestic terrorists or other criminal activity. The FBI Cyber Division, working with DHS, meanwhile, has found no indication to date that the blackout was the result of a malicious computer-related intrusion, or any sort of computer worm or virus attack.
The FBI has received no specific, credible threats to electronic power grids in the United States in the recent past, and the claim of the Abu Hafs al-Masri Brigade to have caused the blackout appears to be no more than wishful thinking. We have no information confirming the actual existence of this group, which has also claimed on the Internet responsibility for the 5 August bombing of the Marriott Hotel in Jakarta and the 19 July crash of an airplane in Kenya.
We remain very alert, however, to the possibility terrorists may target the electrical power grid and other infrastructure facilities. They are clearly aware of the importance of electrical power to the national economy and livelihood.
- Al-Qa'ida and other terrorist groups are known to have considered energy facilities—and other infrastructure facilities--as possible targets.
- Guerillas and extremist groups around the world have attacked power lines as standard targets.
- Domestic extremists have also targeted energy facilities. In 1986, the FBI disrupted a plan by a radical splinter element of an environmental group to attack power plants in Arizona, California, and Colorado.
Terrorists could choose a variety of means to attack the electrical power grids if they choose to do so, ranging from blowing up power wire pylons to major attacks against conventional or nuclear power plants. We defer to DHS, however, for an assessment of the vulnerabilities of the electrical power system and the necessary responses to damage to various types of power facilities.
The FBI has developed a multilayered approach to investigating potential threats to infrastructure facilities that brings together the strengths of law enforcement, the Intelligence Community, DHS, DOE, and Industry.
- CT Watch is the FBI's 24/7 "threat central" for counterterrorism threat information. CT Watch is located within the Strategic Information and Operations Center (SIOC) at FBI Headquarters, and is the primary point of notification for all potential terrorism threats. Upon notification of a potential threat, CT Watch immediately passes the threat information to the DHS Homeland Security Operations Center (HSOC) through DHS representatives detailed to CT Watch. CT Watch then notifies each FBI field office Joint Terrorism Task Force (JTTF) that may be affected by the threat. CT Watch also notifies the National Joint Terrorism Task Force (NJTTF) and the appropriate FBI counterterrorism operational sections. This interagency coordination not only ensures that relevant government agencies are notified of the threats, but also that involved JTTFs take timely action and appropriate remedial action. This is especially noteworthy given that the 84 JTTFs in existence today incorporate all major law enforcement agencies in the country.
- The NJTTF is comprised of representatives from 35 government agencies, representing the intelligence, law enforcement, diplomatic, defense, public safety and homeland security communities, co-located at SIOC. The NJTTF acts as a point of fusion for terrorism threat information and manages the FBI's national JTTF program. The NJTTF coordinates closely with CT Watch, the JTTFs, DHS representatives assigned to the CT Watch and NJTTF, and the appropriate FBI sections to ensure threat information has been received by all appropriate entities across federal, state and local levels, as well as other JTTFs. The NJTTF accomplishes this by distributing threat information vertically to the JTTFs, and horizontally to other government agencies that are members of the NJTTF.
- Working with the State Department, Homeland Security, and Watch Centers, the JTTFs across the country combine local law enforcement, Intelligence Community, and DHS representatives to fuse threat information and coordinate the local response to threats.
- Information from the JTTFs also flows up to the NJTTF, which ensures that it is received by all entities across the federal and pertinent local governments, as well as other JTTFs.
- In close coordination with DHS, the FBI works with the Information Sharing and Analysis Centers (ISACs) and members of the FBI's InfraGard program. Both the ISACs and InfraGard were established to facilitate information sharing between industry and law enforcement and to alert industry to potential threats and capitalize on private industry knowledge to assess threat information. Today, the InfraGard Program consists of over 8,000 companies located in all 50 states, and serves as an important link between the FBI and the private sector. This link is used by the FBI to exchange information to help us defend against terrorist attacks, including cyber threats from home and abroad. It is a vital part of the FBI's national strategy to prevent and disrupt terrorist activities in the US.
- The FBI Cyber Division investigates malicious computer intrusions and attacks on computers and networks, including attacks on networks that help control critical infrastructure. We are working with DHS and the electrical power ISAC to preserve and analyze computer logs from electrical companies in connection with the recent blackout.
The expansion of the FBI's Counterterrorism Division has significantly enhanced our ability to uncover threats to infrastructure facilities. In addition to CT WATCH, the FBI has established new sections to analyze terrorist communications and financial transactions for threat-related information, and we have more than quadrupled the number of analysts working on terrorism since September 11, 2001.
The increase in the FBI's resources devoted to terrorism, combined with the partnerships with other federal agencies, state and local law enforcement, and
industry, provides a defense in depth that brings together the strengths of law
enforcement and intelligence to respond efficiently and quickly to threats. Since
September 11, 2001, the FBI has investigated more than 4,000 terrorist threats to the U.S. and the number of active FBI investigations into potential terrorist activity has quadrupled since 9/11.
No threat or investigative lead goes unanswered today. At Headquarters, in our field offices, and through our offices overseas, we run every lead to ground until we either find evidence of terrorist activity, which we pursue, or determine that the information is not substantiated. While we have disrupted terrorist plots since 9/11, we remain constantly vigilant as a result of the ongoing nature of the threat.
The Patriot Act is another change enhancing our ability to disrupt terrorist plots. The provisions of the Patriot Act allowing the freer flow of information between intelligence and law enforcement are essential to uncovering and foiling terrorist plots, and have allowed the FBI to fuse our law enforcement and intelligence missions so as to enhance our preventive capabilities. These improved capabilities are conducted pursuant to constitutional standards and relevant guidelines, and, in my view, have made the country safer for all. For example, the ability to share intelligence and law enforcement information was essential to the success of the recent indictment of a suspected member of the Palestinian Islamic Jihad for conspiracy.
- Given the potential to disrupt critical infrastructure via computer intrusion, the provision of the Act that allows law enforcement, with the permission of the system owner, to monitor computer trespassers is of particular note. This provision puts cyber intruders on the same footing as physical intruders, and means that hacking victims can seek law enforcement assistance in much the same way as burglary victims can invite police officers into their homes to monitor and catch burglars.
- The Patriot Act also bolsters the ban on providing material support to terrorists by clearly making it a crime to provide terrorists with "expert advice or assistance" and clarifies that material support includes all forms of money. These provisions have made possible the arrest and prosecution of extremists across the country and have enabled the US Government to cut terrorist organizations off at the source.
In summary, we have developed a comprehensive and robust mechanism to deter and disrupt potential terrorist attacks, including attacks on the electrical power grids of the country, and we are working on a 24/7 basis with our partners in law enforcement and the Intelligence Community to improve our preventive capabilities. Understanding that the number of critical infrastructure targets is so vast and facilities spread so widely that no system can be perfect, the structure of private and government entities acting in coordination will also provide an effective response in the unfortunate event an attack occurs.