O&M

Report says federal computer flaws put energy infrastructure at risk


By the OGJ Online Staff

WASHINGTON, DC, Sept. 13, 2001 — Federal computer systems are riddled with weaknesses that continue to put critical operations and assets at risk, including energy infrastructure, according to a General Accounting Office study.

One bright spot is the relationship between federal monitors and the electric power industry, the agency said.

GAO released its findings earlier this week before the Senate Committee on Government Affairs, one of the few panels that did not postpone business this week following terrorist attacks Tuesday in New York City and Washington, DC.

GAO told the committee that dramatic increases in computer interconnectivity, especially in the use of the Internet, pose significant risks to computer systems and, more importantly, to the critical operations and infrastructures they support, GAO said.

“Telecommunications, power distribution, public health, national defense, law enforcement, government, and emergency services all depend on the security of their computer operations,” GAO told the committee. “

And in light of the terrorist attacks of this week, there is no time to waste, policy makers said. GAO said the government should establish a stronger agency-wide security management framework. The Federal Bureau of Investigation’s Infrastructure Protection Center provides analysis, warning, and response to computer-based attacks. But NIPC is not as effective as it could be in coordinating cyber-security among various agencies, GAO said.

As a result of several GAO cyber security studies, Government Affairs Committee Chairman Sen. Joseph Lieberman (D-Conn.) and ranking member Fred Thompson (R-Tenn.) introduced a bill last year to increase protections.

GAO said NIPC needs to improve information-sharing relationships with industry but one bright spot is its “two-way information sharing partnership” with the electric power industry.

According to the NIPC and industry officials, the ‘indications, analysis, and warning program, established with the North American Electric Reliability Council (NERC) on behalf the electric power industry has provided “useful information” to both the NIPC and industry and may prove a model for future efforts in other industry sectors.

The FBI and the electric power industry have a history of working together, so there was an existing relationship to build on, the GAO said. NERC encouraged industry to voluntarily supply the NIPC with information on unscheduled outages, degraded operations, and serious threats to facilities, activities, and information systems.

As a result, in December 2000, the GAO said, information gathered through the industry led to detection of a “potentially damaging computer exploit,” resulting in a warning to industry members and the public.