|< Day Day Up >|| |
State and local governments and private-sector officials have indicated that the threat information they receive from the federal government is often vague, duplicative, and in some cases conflicting. They argue that in the past they have seldom received indications and warnings that are specific, accurate, and timely enough to support resource-allocation decisions. Conversely, when relevant timely information is shared, they point out that it often fails to reach the appropriate parties because of security-clearance requirements. The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets states that adequate protection of critical infrastructures and key assets requires the following:
Improved collection of threat information
Comprehensive and relevant threat assessment and analysis
Robust indications and warning processes and systems
Improved coordination of information-sharing activities
The Homeland Security Act of 2002 provides that critical-infrastructure information voluntarily submitted to DHS, when accompanied by an express statement of the expectation that it will be protected, will be exempt from disclosure under the Freedom of Information Act and state Sunshine laws. Further, if such information is submitted in good faith, it may not be directly used in civil litigation without the consent of the person submitting it.
The act also provides for the establishment of government procedures for receiving, handling, and storing voluntarily submitted critical-infrastructure information and for protecting the confidentiality of such information. It also provides for the development of mechanisms that, while preserving confidentiality, also permit the sharing of such information within the federal government and with state and local governments.
The act authorizes the federal government to provide advisories, alerts, and warnings to relevant businesses, targeted sectors, other government actors, and the general public regarding potential threats to critical infrastructure. The act also stipulates that the federal government must protect the source of any voluntarily submitted information forming the basis of a warning, as well as any proprietary or other information that is not properly in the public domain.
The act enables private-sector individuals to enter into voluntary agreements to promote critical-infrastructure security, including appropriate forms of information sharing, without incurring the risk of antitrust liability. Under this new legal regime, DHS will be able to give proper assurances to private-sector owners and operators of critical infrastructure that the sensitive or proprietary information that they furnish will be protected. These assurances are designed to encourage the private sector to share that vital information with the government. Specific initiatives include efforts to:
Define protection-related information-sharing requirements and establish effective, efficient information-sharing processes.
Implement the statutory authorities and powers of the Homeland Security Act of 2002 to protect security and proprietary information regarded as sensitive by the private sector.
Promote the development and operation of critical sector Information-Sharing Analysis Centers.
Improve processes for domestic-threat data collection, analysis, and dissemination to state and local government and private industry.
Support the development of interoperable secure communications systems for state and local governments and designated private-sector entities.
Complete implementation of the Homeland Security Advisory System (covered in Chapter 1).
Establish the Cyber Warning and Information Network (CWIN).
|< Day Day Up >|| |