Steve Aftergood: Chimpanzees at DHS Classify and Block National Academy of Science Report on Electrical Grid Vulnerabilities for Five Years

Uncategorized
Steven Aftergood

ACADEMY REPORT ON ELECTRIC GRID WITHHELD FOR FIVE YEARS

Over the objections of its authors, the Department of Homeland Security classified a 2007 report from the National Academy of Sciences on the potential vulnerability of the U.S. electric power system until most of it was finally released yesterday.

The report generally concluded, as other reports have, that the electric grid is lacking in resilience and is susceptible to disruption not only from natural disasters but also from deliberate attack.

But even though the report was written for public release, the entire document was classified by DHS and could not be made available for public deliberation.  Amazingly, it took five years for the classification decision to be reviewed and reversed.  As Academy leaders explained in the Foreword to the report:

“DHS concluded that the report would be classified in its entirety under the original classification authority vested in the DHS undersecretary for science and technology. Because the committee believed that the report as submitted contained no restricted information, the NRC [National Research Council] requested the formal classification guidance constituting the basis for the classification decision. That guidance was not provided, and so in August 2010, the NRC submitted a formal request for an updated security classification review. Finally, in August 2012, the current full report was approved for public release, reversing the original classification decision, except that several pages of information deemed classified are available to readers who have the necessary security clearance.”

“We regret the long delay in approving this report for public release,” wrote Ralph J. Cicerone, president of the National Academy of Sciences, and Charles M. Vest, president of the National Academy of Engineering in the Foreword.

“We understand the need to safeguard security information that may need to remain classified,” they wrote. “But openness is also required to accelerate the progress with current technology and implementation of research and development of new technology to better protect the nation from terrorism and other threats.”

They said that a workshop was planned to address changes that have occurred since the report was completed in 2007.

See “Terrorism and the Electric Power Delivery System,” National Research Council, released November 14, 2012.  (More from Foreign Policy, NYT)

Classification policy at the Department of Homeland Security has become somewhat more streamlined lately as a result of the Obama Administration’s Fundamental Classification Guidance Review.

Of the Department’s 74 security classification guides, 45 were revised and 16 were cancelled.  Overall, 157 subtopics that had been classified — and that could be used to justify classification of DHS records — “were determined to no longer require classification,” according to the DHS final report on the Fundamental Classification Guidance Review of July 16, 2012.

Robert David STEELE Vivas
Click Here to See Personal Page

ROBERT STEELE:  Over the past twenty years I have become hardened to the day to day idiocy that characterizes the US Government bureaucracy and the inability of the lowest common denominator to get a grip on reality.  Good people tapped in a bad system with terrible management.  When I was one of the three originating sponsors of the Information Warfare Conference in the early 1990’s, we were proud to publish three Air War College papers on financial, electrical, and telecommunications vulnerabilities, and were accused at the time of aiding the enemy.  Idiots are the enemy, not terrorists.  Classifying vulnerabilities does two things: it avoids public pressure on corrupt politicians who respond to money from the corporations that created the vulnerabilities as part of short-changing their customer base; and it avoids attracting good ideas from outside the corrupt corporate box containing the vulnerabilities.  By coincidence, I have just received the following message this morning from the US Army after trying to send a helpful email to an Army flag officer I have known for a decade:

– – – – – – – –

From: Mail Delivery System <[email protected]>
Date: Thu, Nov 15, 2012 at 10:57 AM
Subject: PLAIN TEXT: anything I can do to support you, let me know.
To: [email protected]mail.com

The message that you sent to an @us.army.mil user with subject “PLAIN TEXT: anything I can do to support you, let me know.” was not accepted for delivery since it contained URLs that Army Cyber Command has disallowed.

– – – – – – – – –

The above rote message is unprofessional at multiple levels.  At a minimum the flag officer in charge of this second tribe of chimpanzees should be requiring that the message extract and include whatever URL is being disallowed, AND provide a redress email where an omsbudsman can take corrective action.  We all know full well the idiocy of the Air Force, threatening spouses and children if they access WikiLeaks on their personal computers, the Army is slightly less stupid, but clearly there is a problem here.  The other problem is that this mindless and largely unsupervised process is preventing Army personnel from exchanging information both within and around the Army.  Centralized blocking is ignorant, unaffordable, and does not scale.  It is a real shame that US Army Cyber-Command cannot get its act together on this one point.

See Also:

2011 Cyber-Command or IO 21 + IO Roots

Robert Garigue & Robert Steele: From Old IO to New IO