DHS: Our Reports To Congress Are Successful Bullshit

Overhype

from the yeah,-we-already-kinda-figured dept

Okay, it's official. I no longer believe that our Department of Homeland Security is an actual government agency with important work to do. No, I now believe that it is a series of highly subtle performance art pieces designed to make us laugh at the sheer audacity of dumb government. We already know about the agency's boss, who is in charge of cybersecurity, not bothering to use the internet. And then there is the DHS's highly touted fusion centers being both a waste of money and a detriment to the very freedoms they're supposedly protecting.

But Tim K writes in about a rather stunning admission by DHS officials of a bogus DHS report on a water pumping facility. It essentially amounts to: “sure the report is a complete lie, but it was a successful lie.” Don't believe me?

Officials behind the false claims told Senate investigators that such reports weren’t meant to be “finished intelligence” and that despite their report’s inaccuracies and sloppy wording they considered it to be a “success.”

“[It did] exactly what it’s supposed to do – generate interest,” DHS officials told Senate investigators.

Now, let's do some quick background on this report, less because it informs you and more because it's hysterical. About a year ago, a water pump failed in an Illinois water facility. In response, almost immediately, an Illinois fusion center (part DHS, part Illinois State Police) circulated a report blaming a hacking attack from Russia. Not soon after that report was circulated, the greater DHS office rebuffed the fusion center's hacking allegation as absolute nonsense. It pointed out, as does the linked article, that the allegation was pure conjecture based on the fusion center's inability to do even the most basic investigation.

Someone did access the water district’s SCADA system from Russia, but it was a water district contractor who was asked to access the system by water district employees, as Wired first reported. They had called him to seek his opinion on something while he was on vacation in Russia, and he had logged into the system remotely to check on some data for them.

When the pump broke five months later and someone examined the network logs to determine the cause, they found an IP address from Russia listed in the logs next to the username and password of the contractor. No one ever bothered to call the contractor to see if he had logged in from Russia; they just assumed someone in Russia had stolen his credentials.

It's worth noting that the water pump busted 5 months after this Russian IP logged in. In other words, none of this makes a lick of sense, except if it's the case of someone looking for a convenient scapegoat. “Hackers! Russians!” is apparently what these people went with, for reasons unknown to this author.

But the DHS report circulated to Congress, which DHS says is a success even though it's bullshit, was written up after they called out their own fusion center for making stuff up. I think most reasonable people would suspect that such successful excriment is part of the fear mongering around so-called cyberwars and the trumped up need for Congress to pass some kind of cybersecurity bill. But even the least cynical person would at least expect the DHS to correct their report and alert Congress to the pure made-up-iness of it. DHS has thus far declined to do so, because, paraphrasing DHS itself, the lie is more effective than the truth. Yay, government!

Filed Under: congress, cybersecurity, dhs, fear mongering, fud, homeland security