Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] seit Freitag in den USA: "Protected Critical Infrastructure Information" program



Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------

"The partnership's important to us because the government can't afford
to buy the expertise that we need to understand those vulnerabilities
(...)"


http://www.fcw.com/fcw/articles/2004/0216/web-dhs-02-18-04.asp

Critical infrastructure data sought

By Dibya Sarkar 
Feb. 18, 2004 

The private sector can voluntarily submit critical infrastructure
information to the Homeland Security Department with a new program
designed to protect such information.

Starting Feb. 20, the Protected Critical Infrastructure Information
(PCII) program will collect sensitive data about physical and cyber
infrastructure according to regulations that will be posted online
Feb. 19 and published in the Federal Register the following day.  
Public comment on the regulations could last up to 90 days.

Robert Liscouski, DHS' assistant secretary for infrastructure
protection, said by partnering with the private sector and making the
program voluntary, the federal government can find vulnerabilities and
nuances that the private sector knows best.

"The partnership's important to us because the government can't afford
to buy the expertise that we need to understand those vulnerabilities
at the nuance level if they have access to it," he said.

Fred Herr, PCII's program manager, said the private sector isn't
required to submit anything to the federal government under the
program. But DHS officials cited the public good as a reason why
companies and nongovernment organizations might share such information
voluntarily. The information will be kept confidential, because any
data that passes all program requirements will be exempt from the
Freedom of Information Act and cannot be accessed by third parties or
state and local governments for civil litigation, officials said.

However, if companies provided false statements or submitted
information they knew to be wrong, they would be subject to federal
felony statutes.

Information submitted will be available initially to DHS' Information
Analysis and Infrastructure Protection Directorate, where the PCII
program office resides. DHS officials plan to eventually share that
data with other authorized personnel in federal, state and local
agencies. Officials did not describe how or when other agencies and
governments could access the data, although it probably would be
accessed through existing secure networks, officials said.

Officials said that data given to DHS must meet a number of
requirements:

* The submitting entity must ask for protection.

* The submitter must certify that the material is voluntarily
  provided.

* The submitter must certify that it's not submitted in lieu of
  meeting a federal requirement or regulation.

* The submitter must certify that it meets the definition of critical
  infrastructure information specified under the Critical
  Infrastructure Information Act of 2002.

"If it meets all those requirements we then will label it protected
infrastructure information, PCII," Herr said. "If it doesn't meet
those requirements, we'll go back to the submitting entity and ask
them for additional justification - whatever is lacking."

Neither information gathered previously under the National
Infrastructure Protection Center nor information already available to
the public would be covered by the act's protections, officials said.  
But data collected through established Information Security Analysis
Centers could be submitted to the PCII program office for protection.

It shouldn't take long to vet information after it has been submitted,
Herr said. His office has about 12 staff members and 20 or so
contractors with a budget of about $3.9 million.

However, officials said issues that will probably come up include:

* How the private sector would pay to protect vulnerabilities if one
  is detected through the program.

* How to get information to state and local governments if an
  immediate danger is detected.

* If some information will hide existing health and safety problems.

Officials and experts have estimated that 85 percent of the nation's
critical infrastructure is owned by the private sector. The voluntary
program doesn't preclude the federal government from conducting
assessments on its own, Liscouski said.

---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.