Magazine article Security Management

Doubts Greet New Info Sharing Rule

Magazine article Security Management

Doubts Greet New Info Sharing Rule

Article excerpt

Perhaps the biggest obstacle to information sharing between business and the U.S. government has been the private sector's fear that any security data it supplies could be subject to public disclosure under the Freedom of Information Act (FOIA) or used as the basis for regulation.

[ILLUSTRATION OMITTED]

The Department of Homeland Security (DHS) has tried to remove those concerns for critical infrastructures with the recent creation of a Protected Critical Infrastructure Information Program and the issuance of an interim rule that safeguards critical information submitted to the government from the reach of FOIA and regulators. But critics who have seen the interim rule have warned that the final rule--assuming that it stays substantially the same--may be ineffectual or counterproductive.

One of the most evident problems is that data submission is voluntary. "The rule doesn't mandate that I have to give anything to the government," says John Bumgarner, CEO of Cyber Watch Inc. of Charlotte, North Carolina, who has been heavily involved in public-private information-sharing efforts.

In addition, he says, the DHS doesn't clarify what type of data it is seeking. For example, among the types of information qualifying as "critical infrastructure information" is "Any planned or past operational problem or solution regarding critical infrastructure or protected systems."

The universe of information potentially covered by this definition is boundless, Bumgarner notes. However, in its response to comments filed about the interim rule, the DHS declined to be more specific.

Administrative hassles are likely to arise as well, says Scott Hodes, a Maryland attorney specializing in FOIA matters. Hodes, who spent 12 years working on FOIA issues with the Justice Department, notes that DHS will be taking on a huge administrative burden in having to make determinations on the "criticality" of information up front. "It's creating more work for the government than might ever be needed," he says.

In addition, there's no time limit for making a determination on whether information is critical, he points out. In fact, in its response to comments on the interim rule, DHS refused to commit to a time limit "given the constraints of the program resources and the nature of the submissions received. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.