InfraGard Critical Resource for Cybersecurity, FBI Director Says

"The way a team plays as a whole determines its success. You may have the greatest bunch of individual stars in the world, but if they don't play together, the club won't be worth a dime"

by / August 16, 2005
Speaking at the InfraGard 2005 Conference for professionals involved with homeland security held last week in Washington DC, Federal Bureau of Investigation director Robert Mueller, highlighted what the bureau has done and is doing to help protect the nation's cybersecurity. As part of his remarks at the InfraGard 2005 Conference, Mueller highlighted the activities of the various divisions within the FBI were doing to combat cybercrime and promote cybersecurity, the vital role the private sector has played in that mission as part of InfraGard in partnering with the federal government and the need to do more to protect the nation's critical infrastructure from a cyberattack and protect consumers' personal information.

While Mueller touted the usefulness of the Internet in facilitating information exchange between the public and private sector internationally and how the FBI has been, he also gave several examples of where hackers had exploited vulnerabilities in the cyberdefenses of parts of the world's critical infrastructure in Russia, Australia and in Ohio.

"In Australia, a computer hacker used a laptop and a two-way radio to hack into a sewage control computer system, releasing more than 250 tons of raw sewage onto the grounds of a luxury resort hotel," Mueller said.

In another example, Mueller cited how hackers in Russia were able to gain control of a gas pipeline for 24 hours by penetrating electronic control systems.

And it isn't just other countries that have vulnerable critical infrastructure. In 2003, the Slammer worm infected the computer system at a nuclear power plant and prevented the plant's computers from communicating with each other and disrupted safety systems for over five hours, Mueller said in his presentation. Fortunately, the power plant he referred to had not been in use since 2002 and was protected by a redundant analog safety system that was unaffected by the worm, but security experts still considered the event a wake up call for power plant cybersecurity in the event that the plant was online, according to an August 2003 report in SecurityFocus.

Here at home, the private sector has been an important partner with the bureau to promote the security of the computer systems controlling the nation's critical infrastructure, Mueller said.

"Today, a command sent over a network to a power station's control computer could be just as deadly as a backpack full of explosives," Mueller said. However, "the perpetrators might be more difficult to identify and apprehend," he noted.

The FBI and the private sector have already had successes in promoting cybersecurity by working together through InfraGard, according to Mueller. One example Mueller cited in his remarks involved an InfraGard member in Colorado who alerted FBI agents to the theft of software templates used by energy providers in the United States which crackers could potentially use to penetrate a number of computer systems controlling parts of the nation's energy grid.

Mueller acknowledged that the FBI needed to do a better job of protecting the interests of private companies in conducting investigations into breaches of a company's information security. A survey of companies that had experienced intrusions into their networks found that only 20 percent reported the break-ins to the authorities in part because they feared the negative publicity that would be generated as a result. "We know that putting on raid jackets and rushing in may not be the best way to get the job done," he said. "We need to minimize the disruption to your business and protect your interests."

However, Mueller cautioned, "maintaining a code of silence will not benefit you or your company in the long run."

And at the risk of repeating a truism that is nonetheless refreshing, Mueller pointed out that the potential weapons and ways an attack can be carried out are too numerous for a single person, government official, agency, company or country to prevent cybercrime and terrorism.

"The way a team plays as a whole determines its success. You may have the greatest bunch of individual stars in the world, but if they don't play together, the club won't be worth a dime," he said, quoting Babe Ruth.