Avoiding 'digital Exxon Valdez'
- By Dan Verton
- Aug 03, 2000
The National Plan for Critical Infrastructure Protection
A presidential advisory committee has established a task force to facilitate
the sharing of information between the private sector and the government
about critical infrastructure protection.
Officials have identified information sharing between industry and government
as one of the most pressing security challenges. The private sector owns
the vast majority of the nation's critical infrastructure.
The National Security Telecommunications Advisory Committee — a presidential
advisory committee made up of 30 corporate leaders representing major sectors
of the telecommunications industry — issued a report in May concluding that
there are three main barriers to information sharing and critical infrastructure
* Lack of a clear and present danger to spur immediate action.
* Operational impediments resulting from the lack of a single coordinating
body for information sharing.
* Legal impediments, primarily from the debate over exemptions from the
Freedom of Information Act.
"There is a big question about whether industry will take the lead" in security,
said John Tritak, director of the Critical Infrastructure Assurance Office,
during a recent cybersecurity summit at Carnegie Mellon University in Pittsburgh.
"Version 2 of the National Plan [for Information Systems Protection] will
be written by industry," Tritak said.
However, if the private sector doesn't come to the table, they run the risk
of allowing a "digital Exxon Valdez" disaster to occur, he said. "There
are many people on the Hill who are rightly concerned about whether national
security can be handled by economic, market-driven needs."
Jeffrey Hunker, senior director for critical infrastructure at the National
Security Council, said by not taking the lead, industry runs the risk of
allowing Congress to act inappropriately. "This is not an academic subject.
Bad law or bad regulation will fill the gap," he said.