locations of key facilities, and the results of studies," he says. "From now on, maps will be more generic and reports will be about issues, not specific problems that can cause reliability problems," he says. As a result, part of the challenge the industry faces is to say enough to the public to gain its support for greater security implementation, but not to say enough to tempt terrorists. "The public doesn't appreciate the latent threat to the power system," opines Amin.
Building a Nationally Coordinated Security Response
While a national response to the protection of electricity assets has been intensified since 9/11, "There is no centralized industry security coordination and assurance capability" yet, Amin points out.
But for the past few years, organizations like the FBI have been working with the industry to assist with security needs and to come up with a list of electrical infrastructure that can be classified as national security priorities.
In the past, utilities have not always shown a willingness to share their security problems with government entities. Since the NRC has had oversight of the nuclear utilities, more of a quietly defensive posture may have been assumed by the utilities it regulates. "Initially a lot of utilities didn't want to talk to the government, but now there is a lot more cooperation," says Herbst. "You can't expect the government to fix everything by itself, because the industry knows itself better than the government. But there has to be a partnership to protect the assets," he says.
For the past three years, the FBI has coordinated the National Infrastructure Protection Center (NIPC), now under the direction of Ronald Dick, to help prepare a comprehensive plan for defending the nation's electrical system. The NIPC was formed with a directive that "defines critical infrastructures to include those physical and cyber-based systems essential to the minimum operations of the economy and government, to include, without limitation, telecommunications, energy, banking and finance, transportation, water systems and emergency services, both governmental and private," Dick told Congress in an October 2001 hearing. "The NIPC also provides timely information on cyber vulnerabilities, hacker exploit scripts, hacker trends, virus information, and other critical infrastructure best practices," he says.
"Since 1998, the NIPC has been developing the FBI's Key Asset Initiative, identifying over 5,700 entities vital to our national security, including our economic well-being," Dick says. "Following the Sept. 11 events, and at the request of the National Security Council, the NIPC has leveraged the Key Asset Initiative to undertake an all-agency effort to prepare a comprehensive, centralized database of critical infrastructure assets in the United States," he says. One industry official estimated that electric utility assets represent between 20 percent and 40 percent of the facilities identified under the Key Asset Initiative. "The Key Assets Initiative is pretty far along, since the electricity industry had already identified key assets as part of our operating and reliability criteria," notes Whitely.
"The NIPC gathers together under one roof representatives from, among others, the law enforcement, intelligence, and defense communities, who collectively provide a unique analytical perspective to