[ISN] Auditors: DHS should spur use of critical infrastructure data

From: InfoSec News (isn@private)
Date: Thu May 18 2006 - 02:02:07 PDT


By Wilson P. Dizard III
GCN Staff

The Homeland Security Department should work to increase use of
sensitive information it receives from private companies about
vulnerable assets like utilities, private IT networks, energy
production and distribution facilities, and transportation assets, the
Government Accountability Office said in a report unveiled today.

The report [1], titled "DHS Should Take Steps to Encourage More
Widespread Use of its Program to Protect and Share Critical
Infrastructure Information," describes how the department has been
carrying out the Critical Infrastructure Information Act.

That law was a response to the frequently repeated fact that more than
85 percent of the essential facilities that terrorists could target
are in private hands.

The law sought to encourage private companies to submit information
about the critical infrastructure assets to DHS by creating special
shields against the public release of the data. In particular, the law
bars release of the information under the federal Freedom of
Information Act.

Once the information is gathered and protected, the department is
responsible for sharing it with appropriate agencies so they can help
protect the assets from terrorist attacks.

GAO reported that the department has set up a program office to
establish requirements for gathering, protecting, sharing and using
the infrastructure information.

As of January 2006, the program office had received 260 submissions of
critical infrastructure information from various sectors. The office
has publicized the program to government agencies and private
companies, and trained about 750 potential users in DHS and other
federal, state and local agencies to handle the specially protected

However, according to the report, DHS must overcome challenges in
defining government needs for the information, deciding how it will be
used, protecting the information and controlling access to it as well
as convincing the private companies that they will gain by submitting
the information.

"If DHS were able to surmount these challenges, it and other
government users may begin to overcome the lack of trust that critical
infrastructure owners have in the government's ability to use and
protect their sensitive information," the report said.

The auditing agency added that DHS officials concurred with the report
findings in oral comments.

[1] http://www.gao.gov/new.items/d06383.pdf

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Thu May 18 2006 - 02:08:45 PDT