[ISN] Chertoff Wants 'Insider' Threats Studied

From: InfoSec News (alerts@private)
Date: Tue Jan 16 2007 - 22:33:25 PST


AP Business Writer
2007 The Associated Press
Jan. 16, 2007

WASHINGTON -- Homeland Security Secretary Michael Chertoff on Tuesday 
asked business leaders to assess the potential conflict between national 
security demands and employee privacy laws regarding risks to the 
nation's critical infrastructure, such as water, energy and other 

"It's something businesses must reflect upon and strike the right 
balance between security with respect to their work force and the 
privacy workers expect," Chertoff told The Associated Press following 
remarks to the National Infrastructure Advisory Council. The council is 
a group of private sector executives and state and local government 
leaders who meet four times a year to advise the White House on keeping 
crucial facilities secure.

The private sector controls about 85 percent of the nation's water, 
energy, transportation and other critical infrastructure.

Chertoff said the council should explore the insider threat to critical 
infrastructure systems to identify "sleepers who could be the source of 
the threats."

Internal threats are a risk at all 17 critical infrastructure sectors 
and represented the next logical step for the council to explore 
following threat assessments at the entrances and perimeters of 
facilities, says Robert Stephan, Assistant Secretary of Homeland 
Security for Infrastructure Protection.

In addition to water, energy and transportation, the 14 other critical 
infrastructure sectors are: communications, chemical and hazardous 
materials, commercial facilities, dams, defense industrial base, 
emergency services, financial services, food and agriculture, government 
facilities, information technology, national monuments and icons, 
nuclear power plants, postal and shipping, and public health and health 

Erle A. Nye, chairman emeritus of Texas' biggest electricity producer 
TXU Corp., leads the council, whose members include executives from 
Intel Corp., Akamai Technologies Inc., IBM Corp., ConAgra Foods Inc., 
Symantec Corp. and others.

The council will establish a subcommittee to explore the insider threat 
issue and that group is expected to present status reports in April and 
July, with formal recommendations possible by October, said Bill Muston 
of TXU who supports Nye in his duties as council chair.

Representatives from the National Employment Lawyers Association intend 
to monitor the council's progress and said that since many employee 
privacy laws are established at the state level, it would take a new 
federal law to override them.

Kathleen Bogas, president of NELA's executive board and a private 
attorney in Bloomfield Hills, Mich., questioned how the council would 
explore the insider threat.

"This could be a huge issue," Bogas said, since any approach that 
focused on physical appearance or national origin of employees could 
present legal problems.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Tue Jan 16 2007 - 22:50:56 PST