Critical infrastructure comments under review

The Homeland Security Department is reviewing the 30 comments it received on its interim rule for collecting confidential critical infrastructure information. The comments will help the agency adjust the rule.

One issue yet to be decided is what information would qualify for protection under the Protected Critical Infrastructure Information Program, according to Frederick Herr, the project's program manager.

The program went into effect on Feb. 20 to enable private industry to voluntarily submit proprietary information about their critical infrastructures, such as Internet and telecom networks, electricity grids, water works and transportation systems, to the government to help identify areas vulnerable to terrorist attacks.

It is in the first of three operating phases, running now as a limited program. Within six months, the program will expand within the Homeland Security Department, and within another six months it will reach its full operating capability, Herr said.

More than 85 percent of the nation's critical infrastructure is privately owned and operated, with the government owning the remainder.

Under the program, information from private industry will be electronically recorded, stored and shared with other agencies within DHS, state and local governments and federal contractors. It will be used to analyze and secure critical infrastructures and protected systems, assess risks and vulnerabilities and assist with recoveries when appropriate.

"By providing information to the Homeland Security Department, [the department] will be in a better position to provide alerts, warnings and bulletins back to the sector," Herr said. "By helping us, they are helping themselves in the long run."

So far, only six companies have submitted critical infrastructure information to the program, which Herr is using to test and adjust the program's systems, he said.

The program was created by the Critical Infrastructure Information Act of 2002, which Congress passed to allow private companies to give proprietary information to the government while protecting it from public disclosure.

Speaking about the program at a briefing at Washington's National Press Club hosted by Equity International Inc., Herr said that submitted information cannot be disclosed under the Freedom of Information Act or under state and local sunshine laws and cannot be used in civil legal actions against the companies.

The program's manager or designee is the sole authority to validate and disseminate information, he said.