Rule proposed to protect critical infrastructure info
The Homeland Security Department will develop and use an electronic database to track and protect the information companies and other organizations voluntarily submit about the nation's critical infrastructure. Protecting the information is required under the Homeland Security Act of 2002.
The Homeland Security Department will develop and use an electronic database to track and protect the information companies and other organizations voluntarily submit about the nation's critical infrastructure.
Protecting the information is required under the Homeland Security Act of 2002. The agency's Critical Infrastructure Information program manager will be responsible for tracking receipt, validation, storage, destruction and disclosure of the information, according to a proposed federal rule.
Most of the nation's critical infrastructure, such as power plants and financial information systems, is owned by the private sector. The Homeland Security Act allows private firms to submit to the department information about the security and vulnerabilities to terrorism of those physical and computer-based systems, without fear that those vulnerabilities will be publicly disclosed.
The proposed rule, published April 15 in the Federal Register, outlines procedures for the receipt, care and storage of such information. The information will be used by the government to improve homeland security.
Comments on the proposed rule must be submitted to the department by June 16 at cii.regcomments@DHS.gov.
To qualify for protection from public disclosure, submitters will send the information to the department's Information Analysis Infrastructure Protection Directorate, or another federal agency, with instructions to forward the information to the directorate.
Submitters will mark the information with this statement: "This information is voluntarily submitted to the federal government in expectation of protection from disclosure as provided by the provisions of the Critical Infrastructure Information Act of 2002." The act was incorporated into the bill establishing the Department of Homeland Security.
All information submitted will be presumed protected unless the program manager determines otherwise. If the program manager decides the information is not protected, he or she will advise the submitter and ask for more detail about why the information should be protected.
According to the proposed rule, the information may be provided to employees of the federal, state or local governments in order to secure critical infrastructure, or for analysis, warning or other purposes related to homeland security. The information may be disclosed to a federal contractor performing services in support of the department.
The directorate may disclose the information to the public as advisories, alerts and warnings. The directorate will not disclose the source of the information or any proprietary information.
The information will be exempt from the Freedom of Information Act, and will not be used in any civil action under federal or state law if it was submitted in good faith for homeland security purposes, according to the proposed rule.