Fusion Center fail, says Senate Report

UK and European authorities may need to rethink their plans on security threat information sharing following a damning report on the US Fusion Centers by the Senate Permanent Committee on Investigations. European privacy campaigners fear that ‘information sharing’ is Newspeak for ‘information gathering’ – primarily from innocent citizens. The new Senate report, titled Federal Support for and Involvement in State and Local Fusion Centers – published today – suggests just that. “The Subcommittee investigation,” it says, “found that DHS-assigned detailees to the fusion centers forwarded “intelligence” of uneven quality – oftentimes shoddy, rarely timely, sometimes endangering citizens’ civil liberties and Privacy Act protections, occasionally taken from already-published public sources, and more often than not unrelated to terrorism.”

“The lengthy, bipartisan report,” says a Yahoo News report, “is a scathing evaluation of what the Department of Homeland Security has held up as a crown jewel of its security efforts.” Fusion Centers were introduced following 9/11 to help fight terrorism. But despite funding estimated at more than $1.5 billion, the report states that “the Subcommittee investigation could identify no reporting which uncovered a terrorist threat, nor could it identify a contribution such fusion center reporting made to disrupt an active terrorist plot.”

It does, however, highlight the ‘Russian attack on the Illinois pumping station’ – a false report that originated from a fusion center. “An information technology services and computer repair company,” stated the fusion center, “determined the system had been remotely hacked into from an Internet Provider (IP) address located in Russia. It is believed the hackers had acquired unauthorized access to the software company’s database and retrieved the usernames and passwords of various [control] systems, including the water district’s system.”

This false report was then included in a daily intelligence report from DHS to Congress, now stating that “The perpetrator used an authorized user account of an employee from an identified US business that developed and installed the SCADA system. System controls were manipulated resulting in a pump burnout.”

Wired points out that fusion centers are perfect examples of the mission creep that worries civil libertarians, becoming “hives of incompetence, bureaucracy, mission creep and possible civil-liberties abuses.” Fusion centers, says Wired, “are only supposed to analyze and spread information, not collect it.” But, it continues, “Five centers the Senate studied spent their federal terrorism grant money on “hidden ‘shirt button’ cameras,” cell-phone tracking systems and other surveillance tools. They also spent their cash on things like “dozens of flat-screen TVs” and SUVs...”

Overall, this is a damning report – but perhaps like some banks, fusion centers have become too big to fold. Instead, the committee merely recommends stricter oversight and better clarification of purpose.

What’s Hot on Infosecurity Magazine?