DHS issues final critical-infrastructure rule

The Homeland Security Department issued a final rule today about how it will handle information on U.S. critical infrastructure that it receives from the private sector and state, local and tribal governments, following a rulemaking process that’s already more than three years long.

The information is deemed crucial to DHS’ ability to effectively analyze vulnerabilities in critical infrastructure, such as banking and financial institutions, telecommunications networks, and energy production and transmission facilities. About 85 percent of those are in private-sector hands.

But many organizations balked at providing information until DHS specified which information it would request and how it would share and protect that information.

The Critical Infrastructure Information Act of 2002, which was a part of the legislation that established DHS in 2002, requires the department to set up procedures for receipt, safe storage and handling of such information. An interim rule was published in February 2004.

In a report to Congress in April, the Government Accountability Office listed four main challenges it said DHS must address to overcome the private sector’s wariness over providing information. Those challenges are:

  • Defining specific government needs for critical infrastructure information.
  • Determining how the information will be used.
  • Assuring the private sector that the information will be protected and defining who will be authorized to have access to it.
  • Demonstrating to critical infrastructure owners the benefits of sharing the information.
However, GAO also pointed out that DHS had already received about 290 submissions of information as of January.

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.


  • Workforce
    Avril Haines testifies SSCI Jan. 19, 2021

    Haines looks to restore IC workforce morale

    If confirmed, Avril Haines says that one of her top priorities as the Director of National Intelligence will be "institutional" issues, like renewing public trust in the intelligence community and improving workforce morale.

  • Defense
    laptop cloud concept (Andrey Suslov/Shutterstock.com)

    Telework, BYOD and DEOS

    Telework made the idea of bringing your own device a top priority as the Defense Information Systems Agency begins transitioning to a permanent version of the commercial virtual remote environment.

Stay Connected