On Wednesday last week I wrote about a CQ story that previewed the creation of a new Federal Advisory Committee for DHS, the Critical Infrastructure Partnership Advisory Council (CIPAC). On Friday, DHS published a notice about the new committee in the Federal Register, which lays out the Department’s rationale for exempting the new committee from the open meeting requirements of the Federal Advisory Committee Act (FACA), and describes the role and membership of CIPAC.
After reading the notice, it seems like this new committee is intended to be much more than a talk shop. The notice lists 28 private sector entities and 42 public sector entities who will be members of the CIPAC at inception; given this size and scope, I imagine that the committee is not going to be driven by blather-filled quarterly meetings. Rather, my sense is that DHS intends to use the CIPAC as a “secure channel” for a continuous conversation with industry about critical infrastructure vulnerabilities and needs. The challenge that they will face is balancing the legitimate need to protect sensitive information about vulnerabilities with two equally important needs: (1) keeping the owners of critical infrastructure publicly accountable for their actions (or lack thereof); and (2) informing the broad set of stakeholders about relevant intelligence (which often becomes more difficult when transparency decreases).