The FBI, in cooperation with
the Department of Energy (DOE), the Department of Homeland Security
(DHS), the North American Electrical Reliability Council (NERC),
and Canadian authorities aggressively investigated the 14 August
2003 power outages. To date, we have not discovered any evidence
indicating that the outages were the result of activity by international
or domestic terrorists or other criminal activity. The FBI Cyber
Division, working with DHS, meanwhile, has found no indication
to date that the blackout was the result of a malicious computer-related
intrusion, or any sort of computer worm or virus attack.
The FBI has received no specific,
credible threats to electronic power grids in the United States
in the recent past, and the claim of the Abu Hafs al-Masri Brigade
to have caused the blackout appears to be no more than wishful
thinking. We have no information confirming the actual existence
of this group, which has also claimed on the Internet responsibility
for the 5 August bombing of the Marriott Hotel in Jakarta and
the 19 July crash of an airplane in Kenya.
We remain very alert, however,
to the possibility terrorists may target the electrical power
grid and other infrastructure facilities. They are clearly aware
of the importance of electrical power to the national economy
and livelihood.
- Al-Qa'ida and other terrorist
groups are known to have considered energy facilitiesand
other infrastructure facilities--as possible targets.
- Guerillas and extremist groups
around the world have attacked power lines as standard targets.
- Domestic extremists have also
targeted energy facilities. In 1986, the FBI disrupted a plan
by a radical splinter element of an environmental group to attack
power plants in Arizona, California, and Colorado.
Terrorists could choose a variety
of means to attack the electrical power grids if they choose
to do so, ranging from blowing up power wire pylons to major
attacks against conventional or nuclear power plants. We defer
to DHS, however, for an assessment of the vulnerabilities of
the electrical power system and the necessary responses to damage
to various types of power facilities.
The FBI has developed a multilayered
approach to investigating potential threats to infrastructure
facilities that brings together the strengths of law enforcement,
the Intelligence Community, DHS, DOE, and Industry.
- CT Watch is the FBI's 24/7 "threat
central" for counterterrorism threat information. CT Watch
is located within the Strategic Information and Operations Center
(SIOC) at FBI Headquarters, and is the primary point of notification
for all potential terrorism threats. Upon notification of a
potential threat, CT Watch immediately passes the threat information
to the DHS Homeland Security Operations Center (HSOC) through
DHS representatives detailed to CT Watch. CT Watch then notifies
each FBI field office Joint Terrorism Task Force (JTTF) that
may be affected by the threat. CT Watch also notifies the National
Joint Terrorism Task Force (NJTTF) and the appropriate FBI counterterrorism
operational sections. This interagency coordination not only
ensures that relevant government agencies are notified of the
threats, but also that involved JTTFs take timely action and
appropriate remedial action. This is especially noteworthy given
that the 84 JTTFs in existence today incorporate all major law
enforcement agencies in the country.
- The NJTTF is comprised of representatives
from 35 government agencies, representing the intelligence, law
enforcement, diplomatic, defense, public safety and homeland
security communities, co-located at SIOC. The NJTTF acts as
a point of fusion for terrorism threat information and manages
the FBI's national JTTF program. The NJTTF coordinates closely
with CT Watch, the JTTFs, DHS representatives assigned to the
CT Watch and NJTTF, and the appropriate FBI sections to ensure
threat information has been received by all appropriate entities
across federal, state and local levels, as well as other JTTFs.
The NJTTF accomplishes this by distributing threat information
vertically to the JTTFs, and horizontally to other government
agencies that are members of the NJTTF.
- Working with the State Department,
Homeland Security, and Watch Centers, the JTTFs across the country
combine local law enforcement, Intelligence Community, and DHS
representatives to fuse threat information and coordinate the
local response to threats.
- Information from the JTTFs also
flows up to the NJTTF, which ensures that it is received by all
entities across the federal and pertinent local governments,
as well as other JTTFs.
- In close coordination with DHS,
the FBI works with the Information Sharing and Analysis Centers
(ISACs) and members of the FBI's InfraGard program. Both the
ISACs and InfraGard were established to facilitate information
sharing between industry and law enforcement and to alert industry
to potential threats and capitalize on private industry knowledge
to assess threat information. Today, the InfraGard Program consists
of over 8,000 companies located in all 50 states, and serves
as an important link between the FBI and the private sector.
This link is used by the FBI to exchange information to help
us defend against terrorist attacks, including cyber threats
from home and abroad. It is a vital part of the FBI's national
strategy to prevent and disrupt terrorist activities in the US.
- The FBI Cyber Division investigates
malicious computer intrusions and attacks on computers and networks,
including attacks on networks that help control critical infrastructure.
We are working with DHS and the electrical power ISAC to preserve
and analyze computer logs from electrical companies in connection
with the recent blackout.
The expansion of the FBI's Counterterrorism
Division has significantly enhanced our ability to uncover threats
to infrastructure facilities. In addition to CT WATCH, the FBI
has established new sections to analyze terrorist communications
and financial transactions for threat-related information, and
we have more than quadrupled the number of analysts working on
terrorism since September 11, 2001.
The increase in the FBI's resources
devoted to terrorism, combined with the partnerships with other
federal agencies, state and local law enforcement, and
industry, provides a defense in depth that brings together the
strengths of law
enforcement and intelligence to respond efficiently and quickly
to threats. Since
September 11, 2001, the FBI has investigated more than 4,000
terrorist threats to the U.S. and the number of active FBI investigations
into potential terrorist activity has quadrupled since 9/11.
No threat or investigative lead
goes unanswered today. At Headquarters, in our field offices,
and through our offices overseas, we run every lead to ground
until we either find evidence of terrorist activity, which we
pursue, or determine that the information is not substantiated.
While we have disrupted terrorist plots since 9/11, we remain
constantly vigilant as a result of the ongoing nature of the
threat.
The Patriot Act is another change
enhancing our ability to disrupt terrorist plots. The provisions
of the Patriot Act allowing the freer flow of information between
intelligence and law enforcement are essential to uncovering
and foiling terrorist plots, and have allowed the FBI to fuse
our law enforcement and intelligence missions so as to enhance
our preventive capabilities. These improved capabilities are
conducted pursuant to constitutional standards and relevant guidelines,
and, in my view, have made the country safer for all. For example,
the ability to share intelligence and law enforcement information
was essential to the success of the recent indictment of a suspected
member of the Palestinian Islamic Jihad for conspiracy.
- Given the potential to disrupt
critical infrastructure via computer intrusion, the provision
of the Act that allows law enforcement, with the permission of
the system owner, to monitor computer trespassers is of particular
note. This provision puts cyber intruders on the same footing
as physical intruders, and means that hacking victims can seek
law enforcement assistance in much the same way as burglary victims
can invite police officers into their homes to monitor and catch
burglars.
- The Patriot Act also bolsters
the ban on providing material support to terrorists by clearly
making it a crime to provide terrorists with "expert advice
or assistance" and clarifies that material support includes
all forms of money. These provisions have made possible the
arrest and prosecution of extremists across the country and have
enabled the US Government to cut terrorist organizations off
at the source.
In summary, we have developed
a comprehensive and robust mechanism to deter and disrupt potential
terrorist attacks, including attacks on the electrical power
grids of the country, and we are working on a 24/7 basis with
our partners in law enforcement and the Intelligence Community
to improve our preventive capabilities. Understanding that the
number of critical infrastructure targets is so vast and facilities
spread so widely that no system can be perfect, the structure
of private and government entities acting in coordination will
also provide an effective response in the unfortunate event an
attack occurs.