1. Home

Aurora and DHS - a misleading response to a significant mistake

Dec. 19, 2014

With all of the focus on cyber security one could expect that DHS is doing a credible job in helping to protect our country. In July 2014, DHS made an error by declassifying much of the Idaho National Lab (INL) Aurora documentation from FOUO to Unclassified.  DHS stated the documents were thoroughly reviewed for sensitive or classified information prior to their release to ensure that critical infrastructure security would not be compromised. However, several of the pages that were declassified provide a specific hit list of US critical infrastructure and even how to attack them.

 

With all of the focus on cyber security one could expect that DHS is doing a credible job in helping to protect our country. Unfortunately, that may not be the case.

In July 2014, DHS made an error by declassifying much of the Idaho National Lab (INL) Aurora documentation from FOUO (For Official Use Only) to Unclassified.  The mistake occurred because DHS named two different events with the same name- Aurora. One was “Google Aurora” which was the Chinese hack of Adobe, Northrup Grumman, etc. The second was the INL generator test also named Aurora. As previously mentioned in my early July blog, in May a Freedom of Information Act (FOIA) request was made to DHS for Google Aurora information but what DHS declassified was INL Aurora information. To be fair to DHS, the vast majority of the declassified documents were not of much interest – but unfortunately not all.  Several of the pages that were declassified provide a specific hit list of US critical infrastructure and even how to attack them. This information can easily be extrapolated to other critical infrastructures and locations.

However, below is DHS’s response to the declassification: “Operation Aurora, the Department of Homeland Security (DHS) National Programs and Protection Directorate provided several previously released documents to the requestor. It appears that those documents may not have been specifically what the requestor was seeking; however, the documents were thoroughly reviewed for sensitive or classified information prior to their release to ensure that critical infrastructure security would not be compromised. The Department will always work directly with requestors if they believe there has been a mistake in processing their request or that information has been withheld improperly. As in all cases, DHS works diligently to process FOIA requests in a timely manner, ensuring the full disclosure of records and information unless it is exempted under clearly delineated statutory language.”

Since DHS did release sensitive information, why doesn’t DHS own up to the mistake and simply apologize for it? 

Joe Weiss

Continue Reading

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...

Latest from Home

shutterstock_2366137569
shutterstock_1830740018
shutterstock_2523786043

Most Read

Sponsored