The publication of a secret “critical infrastructure” list by the website WikiLeaks amounts to a terrorist hit list that leaves those dams, plants, water systems, pipelines and other facilities vulnerable to attack, U.S. officials say.
"It's a menu for terrorists that is probably one of the most overtly destructive things WikiLeaks has done," Center for Strategic and International Studies national security analyst Anthony Cordesman told the Christian Science Monitor.
"This has given a global map—a menu, if not a recipe book—to every extremist group in the world. To me, it would be amazing to see how WikiLeaks could rationalize this."
Vulnerability and Significance
Although some of the information—for example, the location of a dam or plant—was previously known, the inclusion of that site on the “Critical Infrastructure / Key Resource” (CI/KR) list reveals an importance and/or vulnerability that was not generally known, officials say.
In other cases, specific segments of oilfields or communications systems are revealed to be more vulnerable or significant than others in the system. And the location of a third group of facilities—mines and defense manufacturing systems, for example—are not publicly available at all.
The whistleblower website published the secret files on Sunday (Dec. 5). The list includes CI/KR locations outside the U.S. that provide food, energy, health care and emergency services.
Founder Arrested, Leaks Continue
WikiLeaks founder Julian Assange was arrested and jailed Tuesday (Dec. 7) in London in a Swedish sex-crimes investigation, but U.S. officials are weighing their own charges against him.
The U.S. is investigating whether Assange can be prosecuted for espionage or other offenses in connection with the leaked cables. Federal officials say some foreign officials have suddenly grown reluctant to trust the U.S. because of the secrets spilled by WikiLeaks.
"We have already seen some indications of meetings that used to involve several diplomats and now involve fewer diplomats," said Crowley. "We're conscious of at least one meeting where it was requested that notebooks be left outside the room."
Pentagon spokesman Col. Dave Lapan said the military had seen foreign contacts "pulling back."
"Believing that the U.S. is not good at keeping secrets and having secrets out there certainly changed things," Lapan said.
Even after Assange’s arrest, WikiLeaks released a new batch of cables, and hundreds of “mirror” sites have sprung up to copy WikiLeaks’ content in case the site is shut down.
Secret Clinton Cable
The infrastructure list stems from a 2009 diplomatic cable, classified as “secret,” by Secretary of State Hillary Clinton. The cable asks U.S. diplomatic posts to help update a list of sites around the world "which, if destroyed, disrupted or exploited, would likely have an immediate and deleterious effect on the United States."
The list, part of the National Infrastructure Protection Plan (NIPP), was considered so confidential that the contributors were advised to come up with their own information and not “consult with host governments in respect to this request."
The NIPP identifies 18 CI/KR sectors, the cable noted. These include defense industrial bases; energy; national monuments and icons; drinking water and water treatment systems; chemical; commercial facilities; dams; commercial nuclear reactors, materials, and waste; transportation; government facilities; and critical manufacturing.
Attached to the cable was a rundown of sites included in the 2008 "Critical Foreign Dependencies Initiative" list.
‘Damaging’ and ‘Irresponsible’
A Pentagon spokesman called the disclosure “damaging” and said it provided important information to adversaries. State Department spokesman P.J. Crowley called the release “irresponsible” and said it amounted “to giving a targeting list to groups like al-Qaeda.”
“There are strong and valid reasons information is classified, including critical infrastructure and key resources that are vital to the national and economic security of any country,” Crowley said.
The U.S. considers the infrastructure leak the most sensitive of the tens of thousands of secret U.S. diplomatic cables and other documents that WikiLeaks has published in the last six months. The Pentagon has been fighting the disclosures at every turn.
Infrastructure Security Report
Concern over the potential damage of the leaked infrastructure list has been fueled by the recent publication of an ESG Research Report, "Assessing Cyber Supply Chain Vulnerabilities in the U.S. Critical Infrastructure."
In the report, one in five critical infrastructure organizations surveyed described their security policies, processes and technology safeguards as "fair" or "poor."
More than half (56%) called their capabilities “good, capable of addressing most current threats”; 22% called their protections “excellent, capable of addressing almost all current threats.”