DHS rule might get industry to open up

Industry has fought DHS on information sharing

The Homeland Security Department issued a final rule earlier this month that should help shake loose information that DHS needs to protect the country’s critical infrastructure, although how fast that information will come is not yet clear.

DHS has confronted fears, particularly from industry groups, that sensitive and proprietary information companies provide might find its way into the hands of other organizations that could use it to embarrass or potentially harm them.

However, industry representatives said last week the final rule seems to answer their major complaints.

“I think companies will be pretty content,” said Jennifer Kerber, director for homeland security at the Information Technology Association of America’s Enterprise Solutions Division. “The presumption was that if information was properly submitted, that it would be protected, and I think the DHS has clarified that it will.”

DHS considers the information, which the private sector and state, local and tribal governments can submit voluntarily, vital to its ability to protect the country’s critical infrastructure, such as banking and financial institutions, telecommunications networks, and energy production and transmission facilities. Almost 85 percent of those are in private-sector hands.

The Critical Infrastructure Information Act of 2002, which was part of the legislation that established DHS, requires the department to set up procedures for safely receiving, storing and handling such information. DHS published an interim rule in February 2004.

All information that qualifies for DHS’ Protected Critical Infrastructure Information (PCII) program, which the department set up to fulfill the law, would be protected except in special circumstances and would not be available for other uses.

Earlier this year, the Government Accountability Office issued a report criticizing DHS’ efforts to assuage industry and government fears. The department had not defined its specific needs or determined how it would use information, according to the report.

That lack of specificity has made potential submitters reluctant to provide sensitive information, GAO found.

In addition, DHS had not yet used the information that companies had already submitted to issue any advisories, alerts or warnings, according to the report.

GAO cites other challenges, including DHS’ need to assure the private sector that it would protect the information and that only authorized users could access it. DHS would also have to demonstrate the benefits of sharing information.

The final rule contains at least one contentious subject that is still likely to rankle critics. Information admitted as part of the PCII program is exempt from Freedom of Information Act actions and from any state or local law requiring disclosure of records or information.

That provision has remained largely intact since the Homeland Security Act was introduced in 2002.

Sen. Patrick Leahy (D-Vt.), in comments on the 2004 interim rule, said this “creates an opportunity for big polluters or other offenders to hide mistakes from public view just by stamping the data ‘critical infrastructure information’ and submitting it” to DHS.

In particular, he said, the absence of any time limit on the verification of such information “effectively establishes the free pass for industry that so many of us feared would result from the Homeland Security Act.”

The rule also provides for substantial penalties for any government employee — including those in state and local government — who releases protected information.

It is still unclear whether the final rule will be sufficient to increase the flow of critical infrastructure information to the government. Industry has been cautious about the process, Kerber said, and this final rule may not set minds completely at ease.

“It’s an interesting question, and we’ll have to wait and see what happens as more people become aware” of the final rule, Kerber said. “I certainly don’t expect the floodgates to open tomorrow.”

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group