[ISN] HSD seeks to secure data it gets from the private sector

From: InfoSec News (isnat_private)
Date: Fri Apr 18 2003 - 04:37:20 PDT

  • Next message: InfoSec News: "[ISN] Linux File Permission Confusion"

    http://www.gcn.com/vol1_no1/daily-updates/21773-1.html
    
    By Wilson P. Dizard III 
    GCN Staff
    04/17/03 
    
    The Homeland Security Department has proposed rules under which it 
    would protect systems information it receives from the private sector. 
    
    The proposed rule explicitly applies to hardware and software that 
    makes up critical-infrastructure systems. The government relies on 
    many such systems, such as private voice and data networks, for its 
    daily operations. 
    
    Companies have been wary of submitting information to the department 
    for several reasons, including the possibility that their competitors 
    could access commercially important data. Some members of Congress and 
    privacy advocates criticized the enacted version of the Homeland 
    Security Act of 2002 as including excessively broad exemptions from 
    the Freedom of Information Act for such information. 
    
    The proposed rule-making notice, issued Tuesday, is aimed at 
    implementing the Critical Infrastructure Information Act of 2002, 
    which appears in Subtitle B of Title II of the Homeland Security Act. 
    
    That law calls for HSD to shield from the public the information that 
    the private sector submits. 
    
    The proposed rule would apply to all federal agencies that receive 
    such information, according to the notice published in the Federal 
    Register. Under the rule-making proposal, the procedures also would 
    apply to state, local and foreign governments as well as government 
    contractors. 
    
    The proposal calls for Homeland Security to safeguard the information 
    in secure systems or locations and to impose that requirement on any 
    other agencies or contractors to which it discloses the information. 
    
    Under the proposal, private-sector organizations could specify 
    information to be exempted from FOIA requests. The department could 
    deny organizations’ designation of information as 
    critical-infrastructure and return it. 
    
    The proposed rule calls for a program manager of critical- 
    infrastructure information. Among other duties, the official would 
    report any losses of critical-infrastructure data to the department’s 
    inspector general, its Information Analysis and Infrastructure 
    Protection Directorate and the organization that submitted the 
    information. 
    
    Comments on the proposal are due June 16. The department will accept 
    comments at cii.regcommentat_private 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Apr 18 2003 - 07:59:26 PDT