The U.S. Department of Defense (DOD) did not assign anyone to provide counterintelligence (CI) support to protect against threats to America’s defense critical infrastructure such as “chemical facilities and nuclear power systems,” the Pentagon’s office of the inspector general (OIG) recently reported.
OIG officials determined in an audit published April 5 that “as a result, DoD CI support … may not consistently identify CI threats to essential DoD services and infrastructure.”
The inspector general’s (IG) findings came days before ARS Technica reported on Wednesday that America’s adversaries are using a “mysterious safety-tampering malware” to try to sabotage critical infrastructures across the United States such as power plants and gas refineries.
In the recent audit, Pentagon investigators primarily assessed if the Pentagon had “assigned responsibilities for counterintelligence (CI) support … to protect defense critical infrastructure.”
The IG explained:
The Department of Homeland Security defines critical infrastructure as “essential services that underpin American society,” such as energy systems, banking, and finance systems, chemical facilities … and nuclear power systems. Critical infrastructure is defined as assets so vital that their exploitation, incapacitation, or destruction would have a debilitating effect on national security, the U.S. economy, public health or safety, or any combination thereof.
Pentagon OIG officials noted that the 2003 Homeland Security Presidential Directive (HSPD)-7 mandated that federal departments and agencies “identify, prioritize, and coordinate the protection of critical infrastructure and key resources in order to prevent, deter, and mitigate the effects of deliberate efforts to destroy, incapacitate, or exploit them.”
The directive came a couple of years after al-Qaeda jihadis, with the help of the Afghan Taliban, carried out the September 11 attacks on the American homeland, including the Pentagon building.
DOD officials are required to meet the directive’s requirements. However, the IG found that the Pentagon “did not assign responsibilities for CI [counterintelligence] coverage of critical assets and facilities.”
The IG found that defense infrastructure sector lead agents (DISLAs) had been responsible for providing counterintelligence support for protecting critical infrastructure. However, a 2016 DOD directive eliminated the DISLA positions and the Pentagon “has not yet updated DoD’ instructions ‘to assign CI responsibilities that were previously aligned to support DISLAs and their corresponding sectors.’”
“We recommend that the Director for Defense Intelligence (Intelligence and Security), Office of the Under Secretary of Defense for Intelligence, revise all applicable DoD policies to ensure the protection of essential DoD services and infrastructure,” the IG declared.
In a response to the audit, Pentagon officials “agreed with the recommendation,” adding that the department will make the appropriate changes by April 2020 “to ensure that counterintelligence responsibilities are aligned to critical asset owners.”
On Wednesday, ARS Technica noted:
Sixteen months ago, researchers reported an unsettling escalation in hacks targeting power plants, gas refineries, and other types of critical infrastructure. Attackers who may have been working on behalf of a nation caused an operational outage at a critical-infrastructure site after deliberately targeting a system that prevented health- and life-threatening accidents.
There had been compromises of critical infrastructure sites before. What was unprecedented in this attack—and of considerable concern to some researchers and critical infrastructure operators—was the use of an advanced piece of malware that targeted the unidentified site’s safety processes.
In its latest Worldwide Threat Assessment, the U.S. intelligence community warned that American rivals like China, Russia, Iran, and North Korea are intent on using cyber operations “to disrupt critical infrastructure.”
“China has the ability to launch cyber attacks that cause localized, temporary disruptive effects on critical infrastructure—such as disruption of a natural gas pipeline for days to weeks—in the United States,” it added.
Transnational organized criminals like Mexican drug cartels are also “threatening critical infrastructure,” the report also said.
While China and Russia continue to pose the top intelligence threats to American interests, Iran and Cuba also represent a “persistent” menace, the assessment determined, adding, “Geopolitical, societal, and technological changes will increase opportunities for foreign intelligence services and other entities—such as terrorists, criminals, and cyber actors—to collect on US activities and information to the detriment of US interests.”