The Homeland Security Department has identified 1,700 facilities across the country that pose a risk to the nation’s critical infrastructure but lacks the authority to mandate companies and state and local government correct vulnerabilities, a DHS official told lawmakers yesterday. “Since most process control systems reside in the private sector, our ability to always effect change are sometimes affected by business factors that we cannot control,” said James F. McDonnell, director of DHS’ Protective Security Division. He testified before the Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. A chief source of the weaknesses are supervisory control and data acquisition systems, added Robert F. Dacey, the General Accounting Office’s director of information security issues. SCADA systems, which form the nexus of IT and physical infrastructure, pose a growing threat because of increasingly standardized software, network and remote connectivity and the availability of detailed data about the systems, he said. Full Story