DHS: Our Reports To Congress Are Successful Bullshit
from the yeah,-we-already-kinda-figured dept
But Tim K writes in about a rather stunning admission by DHS officials of a bogus DHS report on a water pumping facility. It essentially amounts to: "sure the report is a complete lie, but it was a successful lie." Don't believe me?
Officials behind the false claims told Senate investigators that such reports weren’t meant to be “finished intelligence” and that despite their report’s inaccuracies and sloppy wording they considered it to be a “success.”Now, let's do some quick background on this report, less because it informs you and more because it's hysterical. About a year ago, a water pump failed in an Illinois water facility. In response, almost immediately, an Illinois fusion center (part DHS, part Illinois State Police) circulated a report blaming a hacking attack from Russia. Not soon after that report was circulated, the greater DHS office rebuffed the fusion center's hacking allegation as absolute nonsense. It pointed out, as does the linked article, that the allegation was pure conjecture based on the fusion center's inability to do even the most basic investigation.
“[It did] exactly what it’s supposed to do – generate interest,” DHS officials told Senate investigators.
Someone did access the water district’s SCADA system from Russia, but it was a water district contractor who was asked to access the system by water district employees, as Wired first reported. They had called him to seek his opinion on something while he was on vacation in Russia, and he had logged into the system remotely to check on some data for them.It's worth noting that the water pump busted 5 months after this Russian IP logged in. In other words, none of this makes a lick of sense, except if it's the case of someone looking for a convenient scapegoat. "Hackers! Russians!" is apparently what these people went with, for reasons unknown to this author.
When the pump broke five months later and someone examined the network logs to determine the cause, they found an IP address from Russia listed in the logs next to the username and password of the contractor. No one ever bothered to call the contractor to see if he had logged in from Russia; they just assumed someone in Russia had stolen his credentials.
But the DHS report circulated to Congress, which DHS says is a success even though it's bullshit, was written up after they called out their own fusion center for making stuff up. I think most reasonable people would suspect that such successful excriment is part of the fear mongering around so-called cyberwars and the trumped up need for Congress to pass some kind of cybersecurity bill. But even the least cynical person would at least expect the DHS to correct their report and alert Congress to the pure made-up-iness of it. DHS has thus far declined to do so, because, paraphrasing DHS itself, the lie is more effective than the truth. Yay, government!