Critical infrastructure operators lack key information
The nation's operators of critical infrastructures-such as electrical power grids, telecommunication centers and water-filtration plants-lack key information necessary to repair their systems in case of an emergency, found a new report by the FBI's National Infrastructure Protection Center.
In June, NIPC and the Pacific Northwest Economic Region conducted a series of tests called the "Blue Cascade" project to assess the preparedness of the region's critical infrastructure systems and how an attack on one sector would impact others.
According to the study released in mid-July, exercise participants in this mock-drama possessed little information as to how their various sectors are entwined.
"We became aware that there was a big gap in how states are dealing with homeland security and vulnerabilities," said Matthew Morrison, executive director of PNWER, a public-private partnership for economic development and trade. It is composed of public officials and industry leaders from Northwestern states and Canadian provinces.
Consequently, the group launched a regional partnership with major stakeholders to bolster security by sharing best practices and coordinating response plans.
More than 150 representatives from 70 private and public sector organizations-including Bonneville Power Administration, British Columbia Gas, PG&E, the U.S. Navy, Telus, Verizon and Qwest-participated in the exercise. Members of the group formulated a scenario where terrorists physically attacked electrical power grids and the region had no electricity for extended periods of time.
NIPC reported that many participants "had difficulty envisioning a situation in which they would lose telephone and Internet communications." Consequently, some of the organizations lacked viable contingency plans to deal with the potential scenario.
Moreover, the groups had no stable plan to disseminate essential information if their systems suffered an outage so that they could quickly make use of working communications networks.
"People have contingency plans based on natural disasters, ..." but with multiple outages, "these plans are inadequate," Morrison said. "One of the biggest things was 'how do you communicate what's going on to the public,'" he added.
Morrison explained that most of the critical infrastructure operators conducted their own vulnerability assessments, but did not assess the impact of the failure of another system.
He noted that the implications of public disclosure laws, such as the Open Meetings Act and the Freedom of Information Act, present hurdles to response efforts. When government officials tried to assist, they found that those legal requirements hampered companies from disclosing information.
"That's the big gap that we identified. The private sector doesn't want to share proprietary information with the states," Morrison said. "It's exercises like this that build the awareness of why it is important to do that, otherwise the first responders really don't know about the inter-ties between the systems."
NIPC recommended that the United States and Canada increase collaborative efforts to share aid and resources, as well as develop a North American threat alert system and common terminology to respond to incidents. It also directed leaders to establish energy-source stockpiles and plans to prioritize access and distribution.