http://www.gcn.com/online/vol1_no1/40809-1.html By Wilson P. Dizard III GCN Staff 05/17/06 The Homeland Security Department should work to increase use of sensitive information it receives from private companies about vulnerable assets like utilities, private IT networks, energy production and distribution facilities, and transportation assets, the Government Accountability Office said in a report unveiled today. The report [1], titled "DHS Should Take Steps to Encourage More Widespread Use of its Program to Protect and Share Critical Infrastructure Information," describes how the department has been carrying out the Critical Infrastructure Information Act. That law was a response to the frequently repeated fact that more than 85 percent of the essential facilities that terrorists could target are in private hands. The law sought to encourage private companies to submit information about the critical infrastructure assets to DHS by creating special shields against the public release of the data. In particular, the law bars release of the information under the federal Freedom of Information Act. Once the information is gathered and protected, the department is responsible for sharing it with appropriate agencies so they can help protect the assets from terrorist attacks. GAO reported that the department has set up a program office to establish requirements for gathering, protecting, sharing and using the infrastructure information. As of January 2006, the program office had received 260 submissions of critical infrastructure information from various sectors. The office has publicized the program to government agencies and private companies, and trained about 750 potential users in DHS and other federal, state and local agencies to handle the specially protected information. However, according to the report, DHS must overcome challenges in defining government needs for the information, deciding how it will be used, protecting the information and controlling access to it as well as convincing the private companies that they will gain by submitting the information. "If DHS were able to surmount these challenges, it and other government users may begin to overcome the lack of trust that critical infrastructure owners have in the government's ability to use and protect their sensitive information," the report said. The auditing agency added that DHS officials concurred with the report findings in oral comments. [1] http://www.gao.gov/new.items/d06383.pdf _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu May 18 2006 - 02:08:45 PDT