Thompson: Private sector may need to protect technology assets

To improve the nation's critical infrastructure protection, the Homeland Security Department and private companies may need to ensure secure operation of major IT systems, such as Internet and network functioning, according to the chairman of the House Homeland Security Committee.

Currently, only hard assets ? bridges, buildings, roads and facilities ? are part of the National Asset Database that forms the baseline for infrastructure protection efforts. That poses problems for the IT and communications industries because many of their assets are virtual, Rep. Bennie Thompson, D-Miss., said this week at a seminar at the Center for Strategic and International Studies.

"While assets are considered for the Database, functions are not," Thompson said. "That is something that's very important to the IT and communications sectors, and we need to think about where the 'function' approach can be considered."

Thompson said he will make those considerations as he and other House and Senate members begin negotiations on the final version of the 9/11 Commission implementation legislation.

Industry councils for the 17 infrastructure sectors ? including energy, food, water, transportation and IT ? submitted their sector protection plans in December 2006 and those plans are currently under review by the Bush Administration. Thompson said those public-private partnerships may be strained if those reviews are not completed in a timely fashion.

"When you work extensively with the administration to complete things like sector-specific plans and they are held up in government bureaucracy, it is hard to not question the partnership," Thompson said.

In drafting HR 1, which is the 9/11 Commission bill, Thompson said he aimed for flexibility and information sharing among the private industry owners and government officials involved in infrastructure protection. The bulk of the infrastructure is owned by private industry.

"You should know that the committee understands that you cannot adopt a one-size-fits-all approach," Thompson. "It is all too-clear that 'risk' varies from sector to sector. We have to look at the dollar impact, resiliency and the possible domino effect that may be triggered by an attack on our infrastructure."