Homeland Security Watch

News and analysis of critical issues in homeland security

May 22, 2006

New GAO report on info-sharing and critical infrastructure

Filed under: Infrastructure Protection,Intelligence and Info-Sharing — by Christian Beckner on May 22, 2006

The Government Accountability Office released a report last week entitled “Information Sharing: DHS Should Take Steps to Encourage More Widespread Use of Its Program to Protect and Share Critical Infrastructure Information.” The report provides an interesting overview of the Program Office that is responsible for implementing the Critical Infrastructure Information Act, and the challenges facing DHS in its efforts to engage the private sector on critical infrastructure protection. From the report:

DHS faces a number of challenges that impede the private sector’s willingness to share sensitive information. These challenges include defining specific government needs for CII, determining how the information will be used, assuring the private sector that the information will be protected and who will be authorized to have access to it, and demonstrating to critical infrastructure owners the benefits of sharing the information. For example, DHS has not defined its specific needs nor has it determined how it will use information submitted under the program. In addition, DHS has not yet used the information to issue any advisories, alerts, or warnings. This lack of specificity and use has impeded the willingness of potential submitters to provide their sensitive information to DHS. If DHS were able to surmount these challenges, it and other government users may begin to overcome the lack of trust that critical infrastructure owners have in the government’s ability to use and protect their sensitive information.

To encourage more individuals, private sector entities, and state and local governments that own the critical infrastructure to submit information under the program so that more entities will have access to the information they may need to protect these assets, we are recommending that the Secretary of Homeland Security take a number of actions, including better defining the CII needs of the department and other federal agencies with critical infrastructure responsibilities, defining how DHS and the other agencies will use the information received from the private sector, and expanding efforts to use incentives to encourage more users.

The recent decision to create the Critical Infrastructure Partnership Advisory Council is one response to the concerns addressed in this report, but it’s only a first step. For example, DHS needs to develop and publish a clearly-articulated framework about how it receives, uses, protects, and ultimately deletes externally-acquired information, so that private sector entities have a clearer sense of what happens to sensitive corporate information after it is transmitted to the Department.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn


Comment by William R. Cumming

May 23, 2006 @ 1:45 am

Protection of Trade Secrets that might be accidentally or intentionally revealed after release of CII to the Federal government seems to be subject to strong sanctions. The so-callled Trade Secrets Act is actually the text of a statute codified at 18 U.S.C. Section 1905 that provides:

Comment by William R. Cumming

May 23, 2006 @ 2:06 am

Section 1905. Disclosure of confidential information generally ” Whoever, being an officer or employee of the United States or of any department or agency thereof, . . .publishes, diviluges, discloses, or makes know in any manner or to any extent not authorized by law any information coming to him in the course of his employment or official duties or by reason of any examination or investigation made by, or return, report or record made to or files with, such department or agency or officer or employee thereof, which information concerns or relates to the trade secrets, processess, operations, style of work, or apparatus, or to the identit, confidential statistical data, amount or source of income, profits, losses, or expenditures of any person, firm partnership, corporation, or association; or permits any income return or copy thereof or any book containing any abstract or particulars thereof to be seen or examined by any person except as provided by law, shall be fined not more than $1000, or imprisoned not more than one year, or both; and shall be removed from office or employment.” But a recent statutory enactment called the Economic Espionage Act of 1996, increases the fine to $500,000, and imprisonment to 15 years where the trade secret may benefit a foreign government or organization. A broad definition of trade secret is introduced by this statute, that provides: 18 U.S.C. Section 1839 (3) the term ‘trade secret’ means all forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs,or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing if –(A) the owner thereof has taken reasonable measures to keep such information secret; and (B) the information derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means, by the public; . . . (4) the term ‘owner’ with respect to a trade secret, menas the person or entity in whom or in which rightful legal or equitable title to, or license in , the trade secret is resposed.” Title 5, U.S. C. Section 552 known as the Freedom of Information Act, exempts certain information from agency disclosure to the public, including Section 552(b)(4) trade secrets and commercial or financial information obtained from a person and privileged and confidential; . . .

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>